Authenticating your go-pear.phar file

On Jan 19, 2019, pear.php.net released statement that their web server had been compromised and that a tainted go-pear.phar file was discovered. You can view the current status here:

What does this mean?

If you downloaded the go-pear.phar file from php.net from July 2018 to Jan 2019, there's a possibility you downloaded an infected file. You should check to confirm the authenticity of this file.

Why would I have downloaded this file?

There are several PHP installations that require PEAR. For example:

How do I check the go-pear.phar file's authenticity?

The following steps walk you through how to check your current go-pear.phar file.

  1. Use SSH to log into your site where you are currently using PEAR.
  2. Navigate to the directory you previously downloaded the go-pear.phar file to. This is most likely your user's home directory.
    [server]$ cd ~
  3. Check the md5sum value.
    [server]$ md5sum go-pear.phar
  4. When you run this command, a long string of numbers and letters is returned. The infected file has the following hash value.
    1e26d9dd3110af79a9595f1a77a82de7
  5. If you see this value returned, you should proceed to disable the previous PEAR installation files and folders.
    [server]$ mv go-pear.phar go-pear.phar_COMPROMISED
    [server]$ mv .pearrc .pearrc_COMPROMISED
    [server]$ mv pear pear_COMPROMISED
  6. Next, download a fresh copy of the go-pear.phar file here:
    [server]$ wget https://objects-us-east-1.dream.io/kbfiles/pear/go-pear.phar --no-check-certificate
  7. You can then use the newly downloaded file to re-install PEAR using this article:

Did this article answer your questions?

Article last updated PST.