Mandriva Linux Security Advisory 2010-025 – Multiple vulnerabilities were discovered and corrected in php-pear. Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 f for PEAR allows remote attackers to read and write arbitrary files via a crafted parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/85620/MDVSA-2010-025.txt
Source: https://packetstormsecurity.com/files/85620/Mandriva-Linux-Security-Advisory-2010-025.html