What Are You Looking For?

Popular Tags

Sign Up

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3495-1                [email protected]
https://www.debian.org/lts/security/                   Bastien Roucariès
July 13, 2023                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : php-dompdf
Version        : 0.6.2+dfsg-3+deb10u1
CVE ID         : CVE-2021-3838 CVE-2022-2400
Debian Bug     : #1015874

Multiple vulnerabilies were fixed in php-dompdf a CSS 2.1 compliant HTML
to PDF converter, written in PHP.

CVE-2021-3838

    php-dompdf was vulnerable to deserialization of Untrusted Data using
    PHAR deserialization (phar://) as url for image.

CVE-2022-2400

    php-dompdf was vulnerable to External Control of File Name bypassing
    unallowed access verification.

For Debian 10 buster, these problems have been fixed in version
0.6.2+dfsg-3+deb10u1.

We recommend that you upgrade your php-dompdf packages.

For the detailed security status of php-dompdf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-dompdf

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3495-1: php-dompdf security update

July 13, 2023
Multiple vulnerabilies were fixed in php-dompdf a CSS 2.1 compliant HTML to PDF converter, written in PHP

Summary

CVE-2021-3838

php-dompdf was vulnerable to deserialization of Untrusted Data using
PHAR deserialization (phar://) as url for image.

CVE-2022-2400

php-dompdf was vulnerable to External Control of File Name bypassing
unallowed access verification.

For Debian 10 buster, these problems have been fixed in version
0.6.2+dfsg-3+deb10u1.

We recommend that you upgrade your php-dompdf packages.

For the detailed security status of php-dompdf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-dompdf

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : php-dompdf
Version : 0.6.2+dfsg-3+deb10u1
CVE ID : CVE-2021-3838 CVE-2022-2400
Debian Bug : #1015874

Related News

Linux’s sudo and su Are Being Rewritten in Rust

May 2, 2023

News

Advisories

HOWTOs

Features

Guide To Tackling Network Programming Assignments On Linux
Guide To Software Security Testing On Linux
Everything You Need to Know About Linux Proxy Servers
Simple Steps for Identifying & Troubleshooting a Kernel Panic
Linux Endpoint Detection and Response (EDR): A Crucial Part of a Successful Cybersecurity Strategy

About Us

Powered By

Footer Logo

Feedback