PEAR Archive_Tar: Directory traversal

PEAR Archive_Tar: Directory traversal Multiple vulnerabilities have been found in PEAR Archive_Tar, the worst of which could result in the arbitrary execution of code. PEAR-Archive_Tar 2021-01-26 2021-01-26 755653 766036 remote 1.4.12 1.4.12

This class provides handling of tar files in PHP.

Multiple vulnerabilities have been discovered in PEAR Archive_Tar. Please review the CVE identifiers referenced below for details.

Please review the referenced CVE identifiers for details.

There is no known workaround at this time.

All PEAR-Archive_Tar users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Archive_Tar-1.4.12"

CVE-2020-28948 CVE-2020-28949 CVE-2020-36193 sam_c sam_c