ALAS-2021-1481


Amazon Linux AMI Security Advisory: ALAS-2021-1481
Advisory Release Date: 2021-02-16 00:13 Pacific
Advisory Updated Date: 2021-02-16 22:44 Pacific
Severity: Medium
References: CVE-2020-36193 

Issue Overview:

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links. (cve-2020-36193)


Affected Packages:

php7-pear


Issue Correction:
Run yum update php7-pear to update your system.

New Packages:
noarch:
    php7-pear-1.10.12-5.32.amzn1.noarch

src:
    php7-pear-1.10.12-5.32.amzn1.src