Submit a story to LinuxSecurity!

Thanks very much for your interest in sharing your story with us. Our site is driven by users like you.

Post anonymously

Please also feel free to using our GPG key (found on our About page) or email us at This email address is being protected from spambots. You need JavaScript enabled to view it.

 

    Back

    Debian LTS: DLA-1999-1: symfony security update

    Date18 Nov 2019
    CategoryDebian LTS
    209
    Posted ByLinuxSecurity Advisories
    Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization. 
    Package        : symfony
Version        : 2.3.21+dfsg-4+deb8u6
CVE ID         : CVE-2019-18886 CVE-2019-18887 CVE-2019-18888


Multiple vulnerabilities have been found in the Symfony PHP framework
which could lead to a timing attack/information leak, argument injection
and code execution via unserialization.

For Debian 8 "Jessie", these problems have been fixed in version
2.3.21+dfsg-4+deb8u6.

We recommend that you upgrade your symfony packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

    Get the Latest News & Insights

    Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox

    Related News

    ProtonVPN apps handed to open source community in transparency push
    ProtonVPN apps handed to open source community in transparency push
    Why Artificial Intelligence Is The Smart Way to Form Real Bonds With Customers
    Why Artificial Intelligence Is The Smart Way to Form Real Bonds With Customers
    The Performance Cost To SELinux On Fedora 31
    The Performance Cost To SELinux On Fedora 31
    Amazon’s Ring blamed hacks on consumers reusing their passwords. A lawsuit says that’s not true.
    Amazon’s Ring blamed hacks on consumers reusing their passwords. A lawsuit says that’s not true.
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    openSUSE: 2020:0096-1: moderate: libredwg
    Date22 Jan 2020 @ 20:11
    Ubuntu 4247-2: python-apt regression
    Date22 Jan 2020 @ 15:01
    openSUSE: 2020:0095-1: moderate: libredwg
    Date22 Jan 2020 @ 14:13
    SUSE: 2020:0183-1 important: the Linux Kernel (Live Patch 0 for SLE 12 SP5)
    Date22 Jan 2020 @ 14:12

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

    Learn More