Debian Security Advisory 4378-1

Debian Security Advisory 4378-1: Posted Jan 30, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4378-1 - Fariskhi Vidyan discovered that the PEAR Archive_Tar package for handling tar files in PHP is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code.; tags | advisory, remote, arbitrary, php; systems | linux, debian; advisories | CVE-2018-1000888; SHA-256 | 7e4ef23ca8470300ddac7bad2d8bad6f040e2ce16dd0123ba1e84084b83ec707; Download | Favorite | View

Debian Security Advisory 4378-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4378-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
January 30, 2019                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php-pear
CVE ID         : CVE-2018-1000888
Debian Bug     : 919147

Fariskhi Vidyan discovered that the PEAR Archive_Tar package for
handling tar files in PHP is prone to a PHP object injection
vulnerability, potentially allowing a remote attacker to execute
arbitrary code.

For the stable distribution (stretch), this problem has been fixed in
version 1:1.10.1+submodules+notgz-9+deb9u1.

We recommend that you upgrade your php-pear packages.

For the detailed security status of php-pear please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/php-pear

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlxRxlRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SLYQ//c4cCTBaPrJpEqyQxbR6F860XakSy4wIV+rcarH8e50wPTGfR9xU6x8jI
PxvjkEP+HsaHNhMHnfnK6Y48P1In5M9UaLMVLKAqmIZAYnBrlxmwgaA3oQMscSe2
R1hJzuZ6arnYJP6fSAu+fBs4zY6MmLsoStcKx4pTM+dYwcFSanzmQlN8EhPFE9fP
YtvzSaBeKEJU7JZ7psMSK3/Zxi7WNyAjhwJPh+y3C0JNY5hyCBtr9UhJjXt2utSu
txG0wfXyhdArwOcSRHGtyA0cKLZBYs/tp588tYQ1bhA9WZqrkON2MqrPlxYLOsRj
lu3DWW4AMijXfvjDd8VUd0mfwJrgsANf1WktTx3Iycmhad2TrwDfyab2zuutBL1b
U96qpklflYuXiGVHsZE9eH+HilkKPTnEseePKpxePM6XBMhQjCaAEjXZTwxEKfOU
aXMZq3woLVs4dIcu+IwIqHQDtyxIefkUVpsJ7VLc/KPO8V3PsnWQaX76raoQ/EpM
tdxCLoDyHkdIHznKdMSn2sGBDpD6KxNIXWf/K2GRr9V3wN76cqjcBa6zIxBte9k+
4MYaxfCq+u/BIecGSMPAVrHMVvsqO+b/f6Jrr8Dp4a8fr5uGAujDn9dPnXJ0aO1+
yKPr77CtBdpV8iMM7L4dr83E+Ci+KS+4gU9ctT8JpZo/u1qmqlk=
=sDXt
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 275 files
indoushka 177 files
Jay Turla 150 files
Ubuntu 77 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Gentoo 25 files
Karn Ganeshen 23 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,125)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,592)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,327)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,893)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,867)
UNIX (9,458)
UnixWare (188)
Windows (6,772)
Other

Debian Security Advisory 4378-1

Debian Security Advisory 4378-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4378-1

Share This

Debian Security Advisory 4378-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems