====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN039
_____________________________________________________________________

DATE                : 21/01/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running pear/Archive_Tar versions prior to
                              1.4.12.

=====================================================================
https://pear.php.net/package/Archive_Tar/download/
https://nvd.nist.gov/vuln/detail/CVE-2020-36193
_____________________________________________________________________

1.4.12 	


Easy Install
Not sure? Get more info.
pear install Archive_Tar-1.4.12


Pyrus Install

Try PEAR2's installer, Pyrus.

php pyrus.phar install pear/Archive_Tar-1.4.12


Release date: 2021-01-18 14:34 UTC
Release state: stable
Release uploaded by: mrook

Changelog:

* Fix Bug #27008: Symlink out-of-path write vulnerability
(CVE-2020-36193) [mrook]

Dependencies:

    PHP Version: PHP 5.2.0 or newer
    PEAR Package: PEAR Installer 1.9.0 or newer



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================