1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4378-1] php-pear security update

    From Salvatore Bonaccorso@1:229/2 to All on Wed Jan 30 16:50:01 2019
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4378-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 30, 2019 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : php-pear
    CVE ID : CVE-2018-1000888
    Debian Bug : 919147

    Fariskhi Vidyan discovered that the PEAR Archive_Tar package for
    handling tar files in PHP is prone to a PHP object injection
    vulnerability, potentially allowing a remote attacker to execute
    arbitrary code.

    For the stable distribution (stretch), this problem has been fixed in
    version 1:1.10.1+submodules+notgz-9+deb9u1.

    We recommend that you upgrade your php-pear packages.

    For the detailed security status of php-pear please refer to its
    security tracker page at:
    https://security-tracker.debian.org/tracker/php-pear

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlxRxlRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SLYQ//c4cCTBaPrJpEqyQxbR6F860XakSy4wIV+rcarH8e50wPTGfR9xU6x8jI PxvjkEP+HsaHNhMHnfnK6Y48P1In5M9UaLMVLKAqmIZAYnBrlxmwgaA3oQMscSe2 R1hJzuZ6arnYJP6fSAu+fBs4zY6MmLsoStcKx4pTM+dYwcFSanzmQlN8EhPFE9fP YtvzSaBeKEJU7JZ7psMSK3/Zxi7WNyAjhwJPh+y3C0JNY5hyCBtr9UhJjXt2utSu txG0wfXyhdArwOcSRHGtyA0cKLZBYs/tp588tYQ1bhA9WZqrkON2MqrPlxYLOsRj lu3DWW4AMijXfvjDd8VUd0mfwJrgsANf1WktTx3Iycmhad2TrwDfyab2zuutBL1b U96qpklflYuXiGVHsZE9eH+HilkKPTnEseePKpxePM6XBMhQjCaAEjXZTwxEKfOU aXMZq3woLVs4dIcu+IwIqHQDtyxIefkUVpsJ7VLc/KPO8V3PsnWQaX76raoQ/EpM tdxCLoDyHkdIHznKdMSn2sGBDpD6KxNIXWf/K2GRr9V3wN76cqjcBa6zIxBte9k+ 4MYaxfCq+u/BIecGSMPAVrHMVvsqO+b/f6Jrr8Dp4a8fr5uGAujDn9dPnXJ0aO1+ yKPr77CtBdpV8iMM7L4dr83E+Ci+KS+4gU9ctT8JpZo/u1qmqlk=
    =sDXt
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)