php-pear (SL7)

Synopsis: Moderate: php-pear security update
Advisory ID: SLSA-2022:7340-1
Issue Date: 2022-11-03
CVE Numbers: CVE-2020-28948
CVE-2020-28949
CVE-2020-36193

Security Fix(es):

* Archive_Tar: allows an unserialization attack because phar: is blocked
but PHAR: is not blocked (CVE-2020-28948)

* Archive_Tar: improper filename sanitization leads to file overwrites
(CVE-2020-28949)

* Archive_Tar: directory traversal due to inadequate checking of symbolic
links (CVE-2020-36193)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE

SL7
noarch
php-pear-1.9.4-23.el7_9.noarch.rpm

– Scientific Linux Development Team