XXX FILL ME IN: Summary for regular (non-admin) users XXX
XXX LOCAL TEMPLATES XXX
PEAR could be made to run programs if it processed a specially crafted
file.
Software Description:
- php-pear: PHP Extension and Application Repository
Details:
Fariskhi Vidyan discovered that PEAR Archive_Tar incorrectly handled
certain archive paths. A remote attacker could possibly use this issue to
execute arbitrary code.
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: php-pear 1:1.10.5+submodules+notgz-1ubuntu1.18.10.1 Ubuntu 18.04 LTS: php-pear 1:1.10.5+submodules+notgz-1ubuntu1.18.04.1 Ubuntu 16.04 LTS: php-pear 1:1.10.1+submodules+notgz-6ubuntu0.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-3857-1
CVE-2018-1000888
Get the latest Linux and open source security news straight to your inbox.