Debian Long Term Support / LTS Security Information / 2019 / Security Information -- DLA-1775-1 phpbb3

Debian Security Advisory

DLA-1775-1 phpbb3 -- LTS security update

Date Reported:

04 May 2019

Affected Packages:

phpbb3

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2019-9826.

More information:

Colin Snover discovered a denial-of-service vulnerability in phpBB3, a full-featured web forum. Previous versions allowed users to run searches that might result in long execution times and load on larger boards when using the fulltext native search engine. To combat this, further restrictions were introduced on search queries.

For Debian 8 Jessie, this problem has been fixed in version 3.0.12-5+deb8u3.

We recommend that you upgrade your phpbb3 packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS