|Main Archive Page > Month Archives > oss-security archives|
The lack of symlink checks in the PEAR installer 1.9.1 <= while doing
installation and upgrades, which initiate various system write
operations, can cause privileged users unknowingly to overwrite
critical system files.
Further information can be found in this temporary advisory
http://pear.php.net/advisory-20110228.txt and the
Fixes can be found at http://news.php.net/php.pear.cvs/61264