Thursday, January 24, 2019

Security vulnerability in the PEAR download manager

The PEAR maintainers found a security breach in their server and published a security announcement about it. In this case, the PHP PEAR package manager (go-pear.phar) included malicious code and  the PEAR maintainers still in the process of analyzing it.

We would like to inform you that the "go-pear.phar" tool is not included in Bitnami solutions. All our solutions use PEAR from PHP source code that is not affected.

If you downloaded the go-pear.phar file after December 20th, 2018, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes. If the file hashes are different then you may have the infected file.

If you have additional questions about this security issue, post them in our community forum, and we will be happy to help you.