-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3997-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb December 21, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : php-laravel-framework Version : 6.20.14+dfsg-2+deb11u2 CVE ID : CVE-2024-52301 Debian Bug : 1088189 It was discovered that there was a remotely exploitable vulnerability in php-laravel-framework, a popular web application framework written in PHP. When the register_argc_argv php directive was set to "on" and users called a URL with a specially-crafted query string, they were able to change the environment used by the framework when handling the request. Laravel now ignores argv values for environment detection on non-CLI APIs. For Debian 11 bullseye, this problem has been fixed in version 6.20.14+dfsg-2+deb11u2. We recommend that you upgrade your php-laravel-framework packages. For the detailed security status of php-laravel-framework please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php-laravel-framework Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmdmxjAACgkQHpU+J9Qx HlglVQ/+Lu09RTK7yeVCzYSVUsBn+LRFpn94Q4r578g4SRWgTOKGDjDaMnFHqMs8 c9jIasTKhpqPR/O2FRFmZTAyKAYFHe8j12Ezxtce88InU3nalQzxUdiX6ZOQ1Av8 Qxk1+0ZJrqwaRE6d5fteMYjf41Kof7kHhCfmgnH8I1D2AYXQLgVojXLv5walbtDk z5jKjbf86tcUKmHgyuS/ZF86PLOto4FFFqgNAyplBRhhB/tcgNDJ/ubXjVDNl6gx bUcwJcgl2vhUg2Kuu5mxLu55DQC9zzoIxnzTeLd7LCUB+dohvxB4fj25ivj+4bM1 w3V9M/DlIoNBG0vWqpnYkCc1ko4sltiO1my2TST7iQEPoJcRtq+/KjQyisUL1DGY eCVuolOynrvf5Mn5rn1QzkkloH0MT7LI7+W3E3PcyzU3QZPm9eZ4k/e0SROQnUyY jzCWbmkQRkyltd051W+kQhdTtybAT9VhmYV4L1A0gtu3JQiqqc3z2j+cqXc1JUaJ RtSj8wuNLJn7SHlP1Y5zbEyq9HsQEjoJl3EO8gRSZFaeJt8oceB/zy7lbezw++7s QH2SuLYQJoC75ED3tFiZABt0lZv9VI0rwz7akcPLB9tNn/SgKn1swyxLsoCkDPGi 4xIUHdWeWXHT6NmEehY51OsmfVc6Qx3EGlLtETuctRmkd3FuzwE= =ugRC -----END PGP SIGNATURE-----
