MGASA-2021-0060

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0060.html

Import Source

https://advisories.mageia.org/MGASA-2021-0060.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0060

Related

CVE-2020-36193

Published

2021-01-31T21:34:26Z

Modified

2021-01-31T20:53:20Z

Summary

Updated php-pear packages fix a security vulnerability

Details

The updated php-pear packages fix a security vulnerability in component Archivetar, a symlink out-of-path write vulnerability. Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links. (CVE-2020-36193).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / php-pear

Package

Name: php-pear
Purl: pkg:rpm/mageia/php-pear?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.9-1.2.mga7

Ecosystem specific

{
    "section": "core"
}