Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu 22.04 LTS: USN-6277-2 Critical: Dompdf Code Execution Threats

ubuntu
Calendar Grey August 10, 2023
Dist Ubuntu Esm H88
Recent updates for Dompdf in Ubuntu 22.04 LTS resolve risks linked to potential code execution and data leakage.
Several security issues were fixed in Dompdf.

Summary

Several security issues were fixed in Dompdf.

Software Description:

- php-dompdf: HTML to PDF converter

Details:

USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the

corresponding updates for Ubuntu 22.04 LTS.

Original advisory details:

 It was discovered that Dompdf was not properly validating untrusted input when

 processing HTML content under certain circumstances. An attacker could

 possibly use this issue to expose sensitive information or execute arbitrary

 code. This issue only affected Ubuntu 16.04 LTS.

 (CVE-2014-5011, CVE-2014-5012, CVE-2014-5013)

 It was discovered that Dompdf was not properly validating processed HTML

 content that referenced PHAR files, which could result in the deserialization

 of untrusted data. An attacker could possibly use this issue to execute

 arbitrary code. (CVE-2021-3838)

 It was discovered that Dompdf was not properly validating processed HTML

 content that referenced both...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
   php-dompdf                      0.6.2+dfsg-3.1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6277-2

  https://ubuntu.com/security/notices/USN-6277-1

  CVE-2021-3838, CVE-2022-2400

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6277-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here