Alerts This Week
Warning Icon 1 401
Alerts This Week
Warning Icon 1 401

Debian: DSA-4573-1 Moderate: Symfony Timing Attack and Code Exec

debian
Calendar Grey November 18, 2019
Debian Logo
Critical security flaws in the Symfony PHP framework addressed in Debian DSA-4573-1. Updating is advised to enhance system security.
Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserializatio...

Summary

Multiple vulnerabilities have been found in the Symfony PHP framework
which could lead to a timing attack/information leak, argument injection
and code execution via unserialization.

For the oldstable distribution (stretch), these problems have been fixed
in version 2.8.7+dfsg-1.3+deb9u3.

For the stable distribution (buster), these problems have been fixed in
version 3.4.22+dfsg-2+deb10u1.

We recommend that you upgrade your symfony packages.

For the detailed security status of symfony please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/symfony

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Package: symfony
CVE ID: CVE-2019-18887 CVE-2019-18888 CVE-2019-18889

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here