[arch-general] php-pear compromised
Any of you seen the news about php-pear? There's an AUR package that downloads from pear.php.net so if that was within the last 6 months it could have been the compromised one? https://thehackernews.com/2019/01/php-pear-hacked.html
Am 23.01.19 um 22:08 schrieb Andy Pieters:
Any of you seen the news about php-pear?
There's an AUR package that downloads from pear.php.net so if that was within the last 6 months it could have been the compromised one?
Please read the note in the aur comments. https://aur.archlinux.org/packages/php-pear/ Pierre commented on 2019-01-20 08:55
Warning: The change in checksum was due to a security breach > at PEAR. The PEAR installer was tainted: https://mobile.twitter.com/pear/status/1086634503731404800
You were affected if you installed php-pear 1:1.10.7-2
On Wed, Jan 23, 2019 at 10:16 PM ProgAndy <admin@progandy.de> wrote:
Please read the note in the aur comments.
https://aur.archlinux.org/packages/php-pear/ Pierre commented on 2019-01-20 08:55
Warning: The change in checksum was due to a security breach > at PEAR. The PEAR installer was tainted: https://mobile.twitter.com/pear/status/1086634503731404800
You were affected if you installed php-pear 1:1.10.7-2
I admit the wording of my post can do with improving. My intention was trying to convey to the arch-general community that php-pear was compromised and unless people keep up with the tech news, they will not be going to the AUR website to check on their packages so they would not know what happened.
On 24/01/19 2:46 am, ProgAndy wrote:
Am 23.01.19 um 22:08 schrieb Andy Pieters:
Any of you seen the news about php-pear?
There's an AUR package that downloads from pear.php.net so if that was within the last 6 months it could have been the compromised one?
Please read the note in the aur comments.
https://aur.archlinux.org/packages/php-pear/ Pierre commented on 2019-01-20 08:55
Warning: The change in checksum was due to a security breach > at PEAR. The PEAR installer was tainted: https://mobile.twitter.com/pear/status/1086634503731404800
You were affected if you installed php-pear 1:1.10.7-2
php-pear AUR package used install-pear-nozlib.phar. As per this twitter link "nozlib" file was not "harmed" https://mobile.twitter.com/co3k/status/1087178191070875648 So "hopefully" installing that package did not do anything malicious. Regards, Amish.
On 24/01/19 9:54 am, Amish wrote:
On 24/01/19 2:46 am, ProgAndy wrote:
Am 23.01.19 um 22:08 schrieb Andy Pieters:
Any of you seen the news about php-pear?
There's an AUR package that downloads from pear.php.net so if that was within the last 6 months it could have been the compromised one?
Please read the note in the aur comments.
https://aur.archlinux.org/packages/php-pear/ Pierre commented on 2019-01-20 08:55
Warning: The change in checksum was due to a security breach > at PEAR. The PEAR installer was tainted: https://mobile.twitter.com/pear/status/1086634503731404800
You were affected if you installed php-pear 1:1.10.7-2
php-pear AUR package used install-pear-nozlib.phar.
As per this twitter link "nozlib" file was not "harmed" https://mobile.twitter.com/co3k/status/1087178191070875648
So "hopefully" installing that package did not do anything malicious.
Regards,
Amish.
One more confirmation from PEAR. https://mobile.twitter.com/pear/status/1088195072158547968 [quote] 3/4: If you installed PEAR via a PHP installation, you should be fine since that method uses the install-pear-nozlib.phar file. [/quote] Regards, Amish.
participants (3)
-
Amish
-
Andy Pieters
-
ProgAndy