MDVSA-2011:187 -- Mandriva php-pearID: oval:org.secpod.oval:def:301069 | Date: (C)2012-01-07 (M)2023-12-07 |
Class: PATCH | Family: unix |
A vulnerability has been discovered and corrected in php-pear: The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the download_dir, cache_dir, tmp_dir, and pear-build-download directories, a different vulnerability than CVE-2007-2519 . This advisory provides PEAR 1.9.4 which is not vulnerable to this issue. Additionally for Mandriva Enterprise Server 5 many new or updated PEAR packages is being provided with the latest versions of respective packages as well as mitigating various dependency issues.
Platform: |
Mandriva Linux 2010.1 |