Debian 10 Buster: DLA-3495-2 Critical: Php-Dompdf Chroot Escape Fix
debian lts
August 11, 2023
Ubuntu security team noted after extensive testing that DLA-3495-1 was incomplete as one PoC for CVE-2022-2400 (particularly the chroot escape) was still working on the patched ver...
Topics Covered
Summary
Further analysis of the upstream patch and DLA-3495-1 version
helped to identify that the vulnerability was still present due to
DLA 3495-1 not including commit 7adf00f9, which added chroot checks
to one of the code path.
Special thanks to Camila Camargo de Matos of Ubuntu security team.
For Debian 10 buster, this problem has been fixed in version
0.6.2+dfsg-3+deb10u2.
We recommend that you upgrade your php-dompdf packages.
For the detailed security status of php-dompdf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/php-dompdf
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: php-dompdf
Version: 0.6.2+dfsg-3+deb10u2
CVE ID: CVE-2021-3838
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!