Synopsis: Moderate: php-pear security update Advisory ID: SLSA-2022:7340-1 Issue Date: 2022-11-03 CVE Numbers: CVE-2020-28948 CVE-2020-28949 CVE-2020-36193 -- Security Fix(es): * Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked (CVE-2020-28948) * Archive_Tar: improper filename sanitization leads to file overwrites (CVE-2020-28949) * Archive_Tar: directory traversal due to inadequate checking of symbolic links (CVE-2020-36193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE -- SL7 noarch php-pear-1.9.4-23.el7_9.noarch.rpm - Scientific Linux Development Team