Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-1707-1:A69DA
HistoryMar 10, 2019 - 1:19 a.m.

[SECURITY] [DLA 1707-1] symfony security update

2019-03-1001:19:23
lists.debian.org
181

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

76.0%

JSON

Package : symfony
Version : 2.3.21+dfsg-4+deb8u4
CVE ID : CVE-2017-16652 CVE-2017-16654 CVE-2018-11385 CVE-2018-11408
CVE-2018-14773 CVE-2018-19789 CVE-2018-19790

Several security vulnerabilities have been discovered in symfony, a PHP
web application framework. Numerous symfony components are affected:
Security, bundle readers, session handling, SecurityBundle,
HttpFoundation, Form, and Security\Http.

The corresponding upstream advisories contain further details:

[CVE-2017-16652]
https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers

[CVE-2017-16654]
https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths

[CVE-2018-11385]
https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication

[CVE-2018-11408]
https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers

[CVE-2018-14773]
https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers

[CVE-2018-19789]
https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path

[CVE-2018-19790]
https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http

For Debian 8 "Jessie", these problems have been fixed in version
2.3.21+dfsg-4+deb8u4.

We recommend that you upgrade your symfony packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian8allphp-symfony-security-bundle<Β 2.3.21+dfsg-4+deb8u4php-symfony-security-bundle_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-translation<Β 2.3.21+dfsg-4+deb8u4php-symfony-translation_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-security<Β 2.3.21+dfsg-4+deb8u4php-symfony-security_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-templating<Β 2.3.21+dfsg-4+deb8u4php-symfony-templating_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-web-profiler-bundle<Β 2.3.21+dfsg-4+deb8u4php-symfony-web-profiler-bundle_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-options-resolver<Β 2.3.21+dfsg-4+deb8u4php-symfony-options-resolver_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-swiftmailer-bridge<Β 2.3.21+dfsg-4+deb8u4php-symfony-swiftmailer-bridge_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-stopwatch<Β 2.3.21+dfsg-4+deb8u4php-symfony-stopwatch_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-validator<Β 2.3.21+dfsg-4+deb8u4php-symfony-validator_2.3.21+dfsg-4+deb8u4_all.deb
Debian8allphp-symfony-locale<Β 2.3.21+dfsg-4+deb8u4php-symfony-locale_2.3.21+dfsg-4+deb8u4_all.deb
Rows per page:
1-10 of 401

Related

nessus 21
openvas 27
osv 16
fedora 21
debiancve 7
prion 7
cve 7
symfony 7
veracode 7
ubuntucve 7
github 6
debian 3
redhatcve 1
ibm 1
drupal 2
thn 1
nessus
nessus
Debian DLA-1707-1 : symfony security update
2019-03-11 00:00:00
Fedora 28 : php-symfony3 (2018-66547a8c14)
2019-01-03 00:00:00
Fedora 29 : php-symfony4 (2018-84a1f77d89)
2019-01-03 00:00:00
openvas
openvas
Debian LTS: Security Advisory for symfony (DLA-1707-1)
2019-03-11 00:00:00
Fedora Update for php-symfony4 FEDORA-2018-6edf04d9d6
2018-12-18 00:00:00
Fedora Update for php-symfony3 FEDORA-2018-66547a8c14
2018-12-18 00:00:00
osv
osv
symfony - security update
2019-03-09 00:00:00
CVE-2018-11408
2018-06-13 16:29:01
Symfony Open Redirect
2022-05-14 01:21:15
fedora
fedora
[SECURITY] Fedora 28 Update: php-symfony-2.8.49-1.fc28
2018-12-17 02:28:11
[SECURITY] Fedora 28 Update: php-symfony3-3.4.20-1.fc28
2018-12-17 02:28:10
[SECURITY] Fedora 28 Update: php-symfony4-4.0.15-1.fc28
2018-12-17 02:28:12
debiancve
debiancve
CVE-2018-11408
2018-06-13 16:29:00
CVE-2017-16654
2018-08-06 21:29:00
CVE-2018-11385
2018-06-13 16:29:00
prion
prion
Open redirect
2018-06-13 16:29:00
Directory traversal
2018-08-06 21:29:00
Open redirect
2018-06-13 16:29:00
cve
cve
CVE-2018-11408
2018-06-13 16:29:00
CVE-2017-16652
2018-06-13 16:29:00
CVE-2017-16654
2018-08-06 21:29:00
symfony
symfony
CVE-2018-11408: Open redirect vulnerability on security handlers
2018-05-25 00:00:00
CVE-2018-19789: Disclosure of uploaded files full path
2018-12-06 00:00:00
CVE-2017-16654: Intl bundle readers breaking out of paths
2017-11-17 00:00:00
veracode
veracode
Open Redirect
2018-06-14 03:06:14
Directory Traversal
2017-11-21 06:26:16
Open Redirect
2018-12-19 01:52:36
ubuntucve
ubuntucve
CVE-2018-11408
2018-06-13 00:00:00
CVE-2017-16654
2018-08-06 00:00:00
CVE-2018-11385
2018-06-13 00:00:00
github
github
Symfony Open Redirect
2022-05-14 01:21:15
Symfony Directory Traversal
2022-05-14 01:21:16
Symfony Session Fixation Vulnerability
2022-05-14 01:22:27
debian
debian
[SECURITY] [DSA 4441-1] symfony security update
2019-05-10 06:26:19
[SECURITY] [DSA 4441-1] symfony security update
2019-05-10 06:26:19
[SECURITY] [DSA 4262-1] symfony security update
2018-08-03 16:32:58
redhatcve
redhatcve
CVE-2017-16654
2022-05-20 23:43:31
ibm
ibm
Security Bulletin: IBM API Connect is impacted by a Drupal 8 vulnerability (CVE-2018-14773)
2018-08-23 16:19:33
drupal
drupal
Drupal Core - 3rd-party libraries -SA-CORE-2018-005
2018-08-01 00:00:00
Drupal Core - 3rd-party libraries -SA-CORE-2018-005
2018-08-01 00:00:00
thn
thn
Symfony Flaw Leaves Drupal Sites Vulnerable to Hackersβ€”Patch Now
2018-08-03 11:13:00

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

76.0%

JSON
Related for DEBIAN:DLA-1707-1:A69DA
nessus21openvas27osv16fedora21debiancve7prion7cve7symfony7veracode7ubuntucve7github6debian3redhatcve1ibm1drupal2thn1