RHSA-2022:7340-01 -- Redhat php-pearID: oval:org.secpod.oval:def:507251 | Date: (C)2022-11-21 (M)2022-11-21 |
Class: PATCH | Family: unix |
The php-pear package contains the PHP Extension and Application Repository , a framework and distribution system for reusable PHP components. Security Fix: * Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked * Archive_Tar: improper filename sanitization leads to file overwrites * Archive_Tar: directory traversal due to inadequate checking of symbolic links For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Platform: |
Red Hat Enterprise Linux 7 |