Red Hat Security Advisory 2011-1741-03 - The php-pear package contains the PHP Extension and Application Repository, a framework and distribution system for reusable PHP components. It was found that the "pear" command created temporary files in an insecure way when installing packages. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the "pear install" command.
dbfac6f4435ff85bfd6210a7625899b4a31e607ba5721367e2bb450b57f0e40e