[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3495-1] php-dompdf security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3495-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien Roucariès
July 13, 2023                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : php-dompdf
Version        : 0.6.2+dfsg-3+deb10u1
CVE ID         : CVE-2021-3838 CVE-2022-2400
Debian Bug     : #1015874

Multiple vulnerabilies were fixed in php-dompdf a CSS 2.1 compliant HTML
to PDF converter, written in PHP.

CVE-2021-3838

    php-dompdf was vulnerable to deserialization of Untrusted Data using
    PHAR deserialization (phar://) as url for image.

CVE-2022-2400

    php-dompdf was vulnerable to External Control of File Name bypassing
    unallowed access verification.

For Debian 10 buster, these problems have been fixed in version
0.6.2+dfsg-3+deb10u1.

We recommend that you upgrade your php-dompdf packages.

For the detailed security status of php-dompdf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-dompdf

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmSwabkACgkQADoaLapB
CF8nsRAAsmeQ4TBOyOXOcCYD4juWGEb2PEqzoBtGUKnS6N8lWfWuFF9fUKjRSvVq
UQ2kWHSDbT40qTd8eVNm0a1lRaHuubYhHKVtemiMJ71cJkInWQm9JDCCHdYPlN/t
tj1ihB5IWi+yrpOuMzP4QN57kNo27U8tRWNb7eRBP3bECtt/CZtHzaq2zwk7tX6P
SJWkVcTlIg9AHa33vq5/7FJ5o2pF4SUOL2zPs4Z0zqBKUhmXeg3ByYDvkgZMbgTL
zE8RnGIc4pcBuwrhVhBpOv3mvUSfSbko0AqiUS45mgxMUuuSw+cUJwFtRAsH7Bh6
ElZwfkjiWIyrW5w8M1V8vi5ghwUl1AKd5stHjZXEcAYR0HZh1VcXgBB35LPYWzGR
oL8FsD8ngQlCuaNPX3EgdbiluwiewLk9buYZYUb9BbnmCn/LxR7W5TkdnM4pUGU9
nuAEtPneim9qakqyeXLH2vOSlivCAj66iWLiDGbQTPwTjmmYgHlj3FNBuGUDQicL
vdYJIRCVywAt2V2ebFWmxYUDsdFzuVXKfGYi+HOWUM8s9q5A1tGrQ+mGydWc+ses
+u+2c7sNr5iuxF4NE/VdOBxfMy5zLSCRf+9Jccbkq29Y6UuvSCTMUo2L2ZwJIGxG
MVmeBZZ1Ihm633lov0PsILBFfSmueXco0rMMW2/HFGoV2s4feuA=
=ueR0
-----END PGP SIGNATURE-----
Reply to: