Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-3495-2:9FBEC
HistoryAug 11, 2023 - 9:02 a.m.

[SECURITY] [DLA 3495-2] php-dompdf regression update

2023-08-1109:02:38
lists.debian.org

5.3 Medium

AI Score

Confidence

High

JSON

Debian LTS Advisory DLA-3495-2 [email protected]
https://www.debian.org/lts/security/ Bastien Roucariès
August 10, 2023 https://wiki.debian.org/LTS

Package : php-dompdf
Version : 0.6.2+dfsg-3+deb10u2
CVE ID : CVE-2021-3838

Ubuntu security team noted after extensive testing that DLA-3495-1
was incomplete as one PoC for CVE-2022-2400 (particularly the
chroot escape) was still working on the patched version of
the package.

Further analysis of the upstream patch and DLA-3495-1 version
helped to identify that the vulnerability was still present due to
DLA 3495-1 not including commit 7adf00f9, which added chroot checks
to one of the code path.

Special thanks to Camila Camargo de Matos of Ubuntu security team.

For Debian 10 buster, this problem has been fixed in version
0.6.2+dfsg-3+deb10u2.

We recommend that you upgrade your php-dompdf packages.

For the detailed security status of php-dompdf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-dompdf

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10allphp-dompdf< 0.6.2+dfsg-3+deb10u2php-dompdf_0.6.2+dfsg-3+deb10u2_all.deb

Related

debian 1
openvas 3
osv 6
nessus 3
cve 2
ubuntu 2
debiancve 2
github 1
veracode 2
huntr 2
ubuntucve 2
altlinux 1
prion 1
debian
debian
[SECURITY] [DLA 3495-1] php-dompdf security update
2023-07-13 21:16:41
openvas
openvas
Debian: Security Advisory (DLA-3495-1)
2023-07-14 00:00:00
Ubuntu: Security Advisory (USN-6277-1)
2023-08-09 00:00:00
Ubuntu: Security Advisory (USN-6277-2)
2023-08-11 00:00:00
osv
osv
php-dompdf - security update
2023-07-13 00:00:00
php-dompdf vulnerabilities
2023-08-08 14:10:26
php-dompdf vulnerabilities
2023-08-10 18:31:51
nessus
nessus
Debian DLA-3495-1 : php-dompdf - LTS security update
2023-07-14 00:00:00
Ubuntu 22.04 LTS : Dompdf vulnerabilities (USN-6277-2)
2023-08-10 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Dompdf vulnerabilities (USN-6277-1)
2023-08-08 00:00:00
cve
cve
CVE-2022-2400
2022-07-18 15:15:00
CVE-2021-3838
2022-06-21 03:04:12
ubuntu
ubuntu
Dompdf vulnerabilities
2023-08-10 00:00:00
Dompdf vulnerabilities
2023-08-08 00:00:00
debiancve
debiancve
CVE-2022-2400
2022-07-18 15:15:00
CVE-2021-3838
2022-06-21 03:04:12
github
github
Dompdf before v2.0.0 vulnerable to chroot check bypass
2022-07-19 00:00:26
veracode
veracode
Information Disclosure
2022-07-19 08:37:31
Deserialization Of Untrusted Data
2023-03-11 22:33:25
huntr
huntr
in dompdf/dompdf
2021-09-20 16:08:51
in dompdf/dompdf
2021-09-28 17:04:14
ubuntucve
ubuntucve
CVE-2021-3838
2023-02-14 00:00:00
CVE-2022-2400
2022-07-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package tor version 0.4.7.8-alt1
2022-06-20 00:00:00
prion
prion
Xxe
2022-07-18 15:15:00

5.3 Medium

AI Score

Confidence

High

JSON
Related for DEBIAN:DLA-3495-2:9FBEC
debian1openvas3osv6nessus3cve2ubuntu2debiancve2github1veracode2huntr2ubuntucve2altlinux1prion1