Amazon Linux AMI Security Advisory: ALAS-2021-1481
Advisory Release Date: 2021-02-16 00:13 Pacific
Advisory Updated Date: 2021-02-16 22:44 Pacific
Severity:
Medium
References:
CVE-2020-36193
Issue Overview:
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links. (<a href="https://nvd.nist.gov/vuln/detail/CVE%2D2020%2D36193">cve-2020-36193</a>)
Affected Packages:
php7-pear
Issue Correction:
Run yum update php7-pear to update your system.
New Packages:
noarch:
php7-pear-1.10.12-5.32.amzn1.noarch
src:
php7-pear-1.10.12-5.32.amzn1.src