Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Ubuntu 24.04 moderate: USN-7272-1 Symfony user access issues

ubuntu
Calendar Grey February 18, 2025
Dist Ubuntu Esm H88
Ubuntu has released vital security updates for Symfony to tackle several vulnerabilities, which compromise sensitive data and session management.
Several security issues were fixed in Symfony.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Symfony. Software Description: - symfony: set of reusable components and framework for web projects Details: Soner Sayakci discovered that Symfony incorrectly handled cookie storage in the web cache. An attacker could possibly use this issue to obtain sensitive information and access unauthorized resources. (CVE-2022-24894) Marco Squarcina discovered that Symfony incorrectly handled the storage of user session information. An attacker could possibly use this issue to perform a cross-site request forgery (CSRF) attack. (CVE-2022-24895) Pierre Rudloff discovered that Symfony incorrectly checked HTML input. An attacker could possibly use this issue to perform cross site scripting. (CVE-2023-46734) Vladimir Dusheyko discovered that Symfony incorrectly sanitized special input w...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate denial of service access control web application Ubuntu information exposure ubuntu web application security CSRF symfony Symfony

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS   php-symfony                     6.4.5+dfsg-3ubuntu3+esm1                                   Available with Ubuntu Pro Ubuntu 22.04 LTS   php-symfony                     5.4.4+dfsg-1ubuntu8+esm1                                   Available with Ubuntu Pro Ubuntu 20.04 LTS   php-symfony                     4.3.8+dfsg-1ubuntu1+esm2                                   Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7272-1

  CVE-2022-24894, CVE-2022-24895, CVE-2023-46734, CVE-2024-50340,

  CVE-2024-50341, CVE-2024-50342, CVE-2024-50343, CVE-2024-50345,

  CVE-2024-51996

Ubuntu Security Notice USN-7272-1

Topics%20covered

Topics Covered

security advisory moderate denial of service access control web application Ubuntu information exposure ubuntu web application security CSRF symfony Symfony

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here