-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3495-2 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès August 10, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : php-dompdf Version : 0.6.2+dfsg-3+deb10u2 CVE ID : CVE-2021-3838 Ubuntu security team noted after extensive testing that DLA-3495-1 was incomplete as one PoC for CVE-2022-2400 (particularly the chroot escape) was still working on the patched version of the package. Further analysis of the upstream patch and DLA-3495-1 version helped to identify that the vulnerability was still present due to DLA 3495-1 not including commit 7adf00f9, which added chroot checks to one of the code path. Special thanks to Camila Camargo de Matos of Ubuntu security team. For Debian 10 buster, this problem has been fixed in version 0.6.2+dfsg-3+deb10u2. We recommend that you upgrade your php-dompdf packages. For the detailed security status of php-dompdf please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php-dompdf Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmTV+S0ACgkQADoaLapB CF+fzA/+IEhPFe6aORNDp+bmugxgpYdan9P7yFYoEsBOw0S08mOLhCtKJ6PZU4l2 O60/vK4RtbCoEM4pyvw6b8X1TKjARCXOnB2CoG/nfHIITpIp/9KQSalimuexL0Kt q20ze3Eu4xNNff5pA7QZShW+ykjsHHECOy4WPPb3nSjdRHphuRlitcRDhD0O/HQM WJtq1mX/ZgEj9kH77LeBf64NHZ2yxGpmae4xKOa+kF1IEGIO2+pbaUP1jq1P+wQ/ leGfTdUKEN+IpaPCIC+8HvLjp22phrXBQJm93fQz+jKBaVY6iFoe/zW9kDv2SOwM ZZtFWvZkmdHSH+GQCKadzygwK1Gsm5YN2+mzEypBjksFnMp92KXnpzYtCod4Yda5 RM+bkg2cis9APc690KzuLmH5W9c1loAa1RfvwO2UwHtH1b+yjuO3QPS3SLtavAdp F7yDJlPQwYZ9IrXlZlCXjS6kJfQI2zEqxKXDlqbgzHLIKNJcJ2HY3RzjSj3FCEU6 VpiqbABX84Vig6F5hJ9qo1g/cRw80tmjWRjnh1PluAEioU9hyXC4o7YmXbbZTCsg +H5uo58otWWW9B+SqTqz3iQUo39w0Xaj9zn/r/XSgTS7NCP0J1M7oCw+1MSrJlfT ERpI5r6u7gETAt+jSwupE2Oqz7uC2f+OKYPS4uk0uu8+86xuOhM= =20sV -----END PGP SIGNATURE-----
