« PHPUnit Pocket Guide, a must have pocket reference | Main | Is PEAR installer the only great feature in PEAR project ? »

Serious vulnerability in the PEAR installer

A vulnerability in the PEAR installer has been found which allows arbitrary code execution. All versions of the installer up to and including release 1.4.2 are affected by this.

A poorly-implemented feature allows a package installed by the PEAR installer to execute arbitrary code any time the "pear" command is executed or the Web/Gtk frontend is loaded.

An new release of the installer is available which fixes this issue. One is strongly encouraged to upgrade to it by using pear upgrade PEAR. The PEAR Team strongly recommend to upgrade to the new version PEAR 1.4.3

pear upgrade PEAR-1.4.3

Posted by Hatem on November 23, 2005 2:36 AM to Pear | Security | | View blog reactions

Bookmark this article at these sites
Post a comment





(Email will remain hidden)





Please enter the security code you see here




Related entries
Email to a friend
Email this article to:


Your email address:


Message (optional):