Published: 04th November 2005
A vulnerability in the PEAR installer has been found which allows arbitrary code execution. All versions of the installer up to and including release 1.4.2 are affected by this.
An new release of the installer is available which fixes this issue. One is strongly encouraged to upgrade to it by using pear upgrade PEAR.
Details about the vulnerability can be found in a separate document.Back