virus logo FortiClient Vulnerability

Security Vulnerabilities fixed in php-pear RHSA-2022:7340

description-logoDescription

The php-pear package contains the PHP Extension and Application Repository (PEAR), a framework and distribution system for reusable PHP components. Security Fix(es): Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked (CVE-2020-28948) Archive_Tar: improper filename sanitization leads to file overwrites (CVE-2020-28949) Archive_Tar: directory traversal due to inadequate checking of symbolic links (CVE-2020-36193) Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked (CVE-2020-28948) Archive_Tar: improper filename sanitization leads to file overwrites (CVE-2020-28949) Archive_Tar: directory traversal due to inadequate checking of symbolic links (CVE-2020-36193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. SolutionFor details on how to apply this update, which includes the changes described in this advisory, refer to:https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

affected-products-logoAffected Applications

php-pear

CVE References

CVE-2020-36193 CVE-2020-28949 CVE-2020-28948

Other References

https://access.redhat.com/errata/RHSA-2022:7340
ID 73686
Created Nov 05, 2022
Description
Updated		 Dec 20, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor RedHat
Patch auto
Application php-pear