Paketname
php-pear
Datum
2007-06-04
Advisory ID
MDKSA-2007:110
Betroffene Versionen
CS4.0 x86_64 , 2007.0 x86_64 , 2007.1 i586 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2007.1 x86_64

Problembeschreibung

A security hole was discovered in all versions of the PEAR Installer
(http://pear.php.net/PEAR). The security hole is the most serious
hole found to date in the PEAR Installer, and would allow a malicious
package to install files anywhere in the filesystem.

The vulnerability only affects users who are installing an
intentionally created package with a malicious intent. Because the
package is easily traced to its source, this is most likely to happen
if a hacker were to compromise a PEAR channel server and alter a
package to install a backdoor. In other words, it must be combined
with other exploits to be a problem.

Updated packages have been patched to prevent this issue.

Aktualisierte Pakete

CS4.0 x86_64

 efba2ee2dc33696c001dab09cfe6dd34  corporate/4.0/x86_64/php-pear-5.1.4-3.1.20060mlcs4.noarch.rpm 
 4a88c5020d4986d32fbd0fda00c6176c  corporate/4.0/SRPMS/php-pear-5.1.4-3.1.20060mlcs4.src.rpm

2007.0 x86_64

 e9cd136d7adb4cd156e8609bee74142c  2007.0/x86_64/php-pear-5.1.6-1.1mdv2007.0.noarch.rpm 
 ad180de3fabf01f13300b60d27e69b8a  2007.0/SRPMS/php-pear-5.1.6-1.1mdv2007.0.src.rpm

2007.1 i586

 dc3c4b6fde1e247c7b7889720b9a1545  2007.1/i586/php-pear-5.2.1-2.1mdv2007.1.noarch.rpm 
 c6314a0505a7acc4638bc6d001de3dce  2007.1/SRPMS/php-pear-5.2.1-2.1mdv2007.1.src.rpm

2007.0 i586

 64c39ee86584450d0107064891db66a4  2007.0/i586/php-pear-5.1.6-1.1mdv2007.0.noarch.rpm 
 ad180de3fabf01f13300b60d27e69b8a  2007.0/SRPMS/php-pear-5.1.6-1.1mdv2007.0.src.rpm

CS3.0 x86_64

 d32d35a205af81a080cf9081f1d09853  corporate/3.0/x86_64/php-pear-4.3.4-3.3.C30mdk.noarch.rpm 
 2af0291e0a641824b71b209f177ee498  corporate/3.0/SRPMS/php-pear-4.3.4-3.3.C30mdk.src.rpm

CS4.0 i586

 7adcd35487d7069c97dd103a46328348  corporate/4.0/i586/php-pear-5.1.4-3.1.20060mlcs4.noarch.rpm 
 4a88c5020d4986d32fbd0fda00c6176c  corporate/4.0/SRPMS/php-pear-5.1.4-3.1.20060mlcs4.src.rpm

CS3.0 i586

 9d53ac39e37aeefb528ae3fd0992bdc3  corporate/3.0/i586/php-pear-4.3.4-3.3.C30mdk.noarch.rpm 
 2af0291e0a641824b71b209f177ee498  corporate/3.0/SRPMS/php-pear-4.3.4-3.3.C30mdk.src.rpm

2007.1 x86_64

 d54d49680305ebe3e66074cb9ef9d837  2007.1/x86_64/php-pear-5.2.1-2.1mdv2007.1.noarch.rpm 
 c6314a0505a7acc4638bc6d001de3dce  2007.1/SRPMS/php-pear-5.2.1-2.1mdv2007.1.src.rpm

Referenzen