Download
| Alert*
oval:org.secpod.oval:def:704444
php-pear is installed oval:org.secpod.oval:def:501230 php-pear is installed oval:org.secpod.oval:def:2000860 PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite. oval:org.secpod.oval:def:70372 php-pear: PHP Extension and Application Repository PEAR could be made to overwrite files as the administrator. oval:org.secpod.oval:def:70291 php-pear: PHP Extension and Application Repository PEAR could be made to run programs as an administrator. oval:org.secpod.oval:def:507251 The php-pear package contains the PHP Extension and Application Repository , a framework and distribution system for reusable PHP components. Security Fix: * Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked * Archive_Tar: improper filename sanitization ... oval:org.secpod.oval:def:115694 PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components. oval:org.secpod.oval:def:115700 PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components. oval:org.secpod.oval:def:120507 PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components. oval:org.secpod.oval:def:120503 PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components. oval:org.secpod.oval:def:500048 The php-pear package contains the PHP Extension and Application Repository , a framework and distribution system for reusable PHP components. It was found that the "pear" command created temporary files in an insecure way when installing packages. A malicious, local user could use this fla ... oval:org.secpod.oval:def:51193 php-pear: PHP Extension and Application Repository XXX FILL ME IN: Summary for regular users XXX XXX LOCAL TEMPLATES XXX PEAR could be made to run programs if it processed a specially crafted file. oval:org.secpod.oval:def:603617 Fariskhi Vidyan discovered that the PEAR Archive_Tar package for handling tar files in PHP is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code. oval:org.secpod.oval:def:1700136 PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header[#039;filename#039;]` as parameter . When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar ... oval:org.secpod.oval:def:53500 Fariskhi Vidyan discovered that the PEAR Archive_Tar package for handling tar files in PHP is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code. oval:org.secpod.oval:def:704439 php-pear: PHP Extension and Application Repository XXX FILL ME IN: Summary for regular users XXX XXX LOCAL TEMPLATES XXX PEAR could be made to run programs if it processed a specially crafted file. oval:org.secpod.oval:def:69837 Two vulnerabilities were discovered in the PEAR Archive_Tar package for handling tar files in PHP, potentially allowing a remote attacker to execute arbitrary code or overwrite files. oval:org.secpod.oval:def:605496 It was discovered that the PEAR Archive_Tar package for handling tar files in PHP is prone to a directory traversal flaw due to inadequate checking of symbolic links. oval:org.secpod.oval:def:1505671 libzip [1.6.1-1] - update to 1.6.1 - enable lzma support php-pear [1:1.10.12-1] - update PEAR to 1.10.12 - update Archive_Tar to 1.4.9 - update Console_Getopt to 1.4.3 - update XML_Util to 1.4.5 php-pecl-apcu [5.1.18-1] - update to 5.1.18 php-pecl-rrd php-pecl-xdebug [2.9.5-1] - update to 2.9.5 php- ... oval:org.secpod.oval:def:2500031 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. oval:org.secpod.oval:def:1503030 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:66572 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php . Security Fix: * php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers * php: Buffer over-read in exif_read_data ... oval:org.secpod.oval:def:2500033 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. oval:org.secpod.oval:def:2500792 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. |