Welcome to WebmasterWorld Guest from 34.236.145.124

Forum Moderators: coopster & jatar k

PHP PEAR package manager compromised

     
9:37 pm on Jan 25, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member brotherhood_of_lan is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 30, 2002
posts:4982
votes: 42


If you have downloaded PHP PEAR package manager from its official website in past 6 months, we are sorry to say that your server might have been compromised.


[thehackernews.com...]
9:59 pm on Jan 25, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:2066
votes: 355


Yikes. To clarify:
"Also note that this does *not* affect the PEAR installer package itself... it affects the go-pear.phar executable that you would use to initially install the PEAR installer. Using the 'pear' command to install various PEAR package is *not* affected."
10:06 pm on Jan 26, 2019 (gmt 0)

Full Member

Top Contributors Of The Month

joined:Apr 11, 2015
posts: 323
votes: 24


A possible respite...

UPDATE The PEAR team has published more details about the recent security incident, explaining the tainted "go-pear.phar" found on its server appeared to be planted after the last official file release on 20 December 2018.