Mandriva Linux Security Advisory 2010-025 - Multiple vulnerabilities were discovered and corrected in php-pear. Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 f for PEAR allows remote attackers to read and write arbitrary files via a crafted parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
5f25e471637759cc8181b0216c625c69d6faeab30fa48e8d0988c3ea8ca5be0a