[arch-general] php-pear compromised

Amish anon.amish at gmail.com
Thu Jan 24 04:32:31 UTC 2019



On 24/01/19 9:54 am, Amish wrote:
>
>
> On 24/01/19 2:46 am, ProgAndy wrote:
>> Am 23.01.19 um 22:08 schrieb Andy Pieters:
>>> Any of you seen the news about php-pear?
>>>
>>> There's an AUR package that downloads from pear.php.net so if that was
>>> within the last 6 months it could have been the compromised one?
>>>
>>> https://thehackernews.com/2019/01/php-pear-hacked.html
>>>
>>
>> Please read the note in the aur comments.
>>
>> https://aur.archlinux.org/packages/php-pear/
>> Pierre commented on 2019-01-20 08:55
>>
>>> Warning: The change in checksum was due to a security breach > at
>> PEAR. The PEAR installer was tainted:
>>> https://mobile.twitter.com/pear/status/1086634503731404800
>>>
>>> You were affected if you installed php-pear 1:1.10.7-2
>
> php-pear AUR package used install-pear-nozlib.phar.
>
> As per this twitter link "nozlib" file was not "harmed"
> https://mobile.twitter.com/co3k/status/1087178191070875648
>
> So "hopefully" installing that package did not do anything malicious.
>
> Regards,
>
> Amish.

One more confirmation from PEAR.
https://mobile.twitter.com/pear/status/1088195072158547968

[quote]
3/4: If you installed PEAR via a PHP installation, you should be fine 
since that method uses the install-pear-nozlib.phar file.
[/quote]

Regards,

Amish.


More information about the arch-general mailing list