MDKSA-2007:110
- Nom du paquet
- php-pear
- Date
- 2007-06-04
- Advisory ID
- MDKSA-2007:110
- Affected versions
- CS4.0 x86_64 , 2007.0 x86_64 , 2007.1 i586 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2007.1 x86_64
Problem description
A security hole was discovered in all versions of the PEAR Installer
(http://pear.php.net/PEAR). The security hole is the most serious
hole found to date in the PEAR Installer, and would allow a malicious
package to install files anywhere in the filesystem.
The vulnerability only affects users who are installing an
intentionally created package with a malicious intent. Because the
package is easily traced to its source, this is most likely to happen
if a hacker were to compromise a PEAR channel server and alter a
package to install a backdoor. In other words, it must be combined
with other exploits to be a problem.
Updated packages have been patched to prevent this issue.
Updated packages
CS4.0 x86_64
efba2ee2dc33696c001dab09cfe6dd34 corporate/4.0/x86_64/php-pear-5.1.4-3.1.20060mlcs4.noarch.rpm 4a88c5020d4986d32fbd0fda00c6176c corporate/4.0/SRPMS/php-pear-5.1.4-3.1.20060mlcs4.src.rpm
2007.0 x86_64
e9cd136d7adb4cd156e8609bee74142c 2007.0/x86_64/php-pear-5.1.6-1.1mdv2007.0.noarch.rpm ad180de3fabf01f13300b60d27e69b8a 2007.0/SRPMS/php-pear-5.1.6-1.1mdv2007.0.src.rpm
2007.1 i586
dc3c4b6fde1e247c7b7889720b9a1545 2007.1/i586/php-pear-5.2.1-2.1mdv2007.1.noarch.rpm c6314a0505a7acc4638bc6d001de3dce 2007.1/SRPMS/php-pear-5.2.1-2.1mdv2007.1.src.rpm
2007.0 i586
64c39ee86584450d0107064891db66a4 2007.0/i586/php-pear-5.1.6-1.1mdv2007.0.noarch.rpm ad180de3fabf01f13300b60d27e69b8a 2007.0/SRPMS/php-pear-5.1.6-1.1mdv2007.0.src.rpm
CS3.0 x86_64
d32d35a205af81a080cf9081f1d09853 corporate/3.0/x86_64/php-pear-4.3.4-3.3.C30mdk.noarch.rpm 2af0291e0a641824b71b209f177ee498 corporate/3.0/SRPMS/php-pear-4.3.4-3.3.C30mdk.src.rpm
CS4.0 i586
7adcd35487d7069c97dd103a46328348 corporate/4.0/i586/php-pear-5.1.4-3.1.20060mlcs4.noarch.rpm 4a88c5020d4986d32fbd0fda00c6176c corporate/4.0/SRPMS/php-pear-5.1.4-3.1.20060mlcs4.src.rpm
CS3.0 i586
9d53ac39e37aeefb528ae3fd0992bdc3 corporate/3.0/i586/php-pear-4.3.4-3.3.C30mdk.noarch.rpm 2af0291e0a641824b71b209f177ee498 corporate/3.0/SRPMS/php-pear-4.3.4-3.3.C30mdk.src.rpm
2007.1 x86_64
d54d49680305ebe3e66074cb9ef9d837 2007.1/x86_64/php-pear-5.2.1-2.1mdv2007.1.noarch.rpm c6314a0505a7acc4638bc6d001de3dce 2007.1/SRPMS/php-pear-5.2.1-2.1mdv2007.1.src.rpm