You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php pear

Sigurnosni nedostaci programskog paketa php pear

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LDE

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4817-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
December 19, 2020 https://www.debian.org/security/faq
– ————————————————————————-

Package : php-pear
CVE ID : CVE-2020-28948 CVE-2020-28949
Debian Bug : 976108

Two vulnerabilities were discovered in the PEAR Archive_Tar package for
handling tar files in PHP, potentially allowing a remote attacker to
execute arbitrary code or overwrite files.

For the stable distribution (buster), these problems have been fixed in
version 1:1.10.6+submodules+notgz-1.1+deb10u1.

We recommend that you upgrade your php-pear packages.

For the detailed security status of php-pear please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/php-pear

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl/dzudfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TWeg/+KqzmeZZqlpzXqTgBCuHXAqass34G7oCV8SNKmKD+NVawTblm46rgxlLp
tlKNSVQjNC7J5KInsCIGlHwuhxQPaPh/e5S5wiUvaaSHJeUtt3+AklotHsgd8mKa
/Z38FLaia+7FQcpYlHNgIXYEjXufhH4wmIdAiuUM35BQTGJwAfCjnCgUbOHb7xUA
O/Fjx4yWapX4vJWXjZ/IbBLF0omRf5Py9ogcVoQEjIkGyK3Nd5x/jR9Kstkn5O8U
aQbd+dnvDk452DnhJtbRey58ewfyk2Hr4zA+Ew0jw1MoYUUmZhbqzcEU/Q2Y0bvA
/vEsz7VZidO+YM32K94brHPnwCN3gZ7kT2bNAyK08VExruve8ii6NH5USm5jkqWY
u9UOzyMxZ+crsFz2Zf6wGqZU58Muw54Nl/TJuKl2YlUUJkcXPTDiDWoBknzW7hXN
zPrpdeZ3RSPiFLPwqmLBNfrO7ay9IZI+sGR8IlT3CJmVp7v724hzkuQbIRqwDTDG
mkbb5JGaPFunjv2AvAdfLWjSTT89Ik8V2guxiAvk675dihzjm45RFKnDYblnoeKp
zcxwFZ9Yn5Eq5RiKwHqfaOGrrrqcxYTJ5VpWDgCXZ3kmmSrzsH+Jo5MFei3mi/9T
4mfEOsnvLTDe9urMbdM3WljjMlbrqtZbzFi6xh/uq5t+cyFfbOM=
=HoVx
—–END PGP SIGNATURE—–

AutorDona Šeruga
Cert idNCERT-REF-2020-12-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke mingw jasper

Otkriven je sigurnosni nedostatak programske biblioteke mingw jasper za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje narušavanje povjerljivosti, cjelovitosti...

Close