Packages
- symfony - set of reusable components and framework for web projects
Details
Soner Sayakci discovered that Symfony incorrectly handled cookie storage in
the web cache. An attacker could possibly use this issue to obtain
sensitive information and access unauthorized resources. (CVE-2022-24894)
Marco Squarcina discovered that Symfony incorrectly handled the storage of
user session information. An attacker could possibly use this issue to
perform a cross-site request forgery (CSRF) attack. (CVE-2022-24895)
Pierre Rudloff discovered that Symfony incorrectly checked HTML input. An
attacker could possibly use this issue to perform cross site scripting.
(CVE-2023-46734)
Vladimir Dusheyko discovered that Symfony incorrectly sanitized special
input with a PHP directive in URL query strings. An attacker could possibly
use this issue to expose sensitive information or cause a denial of
service....
Soner Sayakci discovered that Symfony incorrectly handled cookie storage in
the web cache. An attacker could possibly use this issue to obtain
sensitive information and access unauthorized resources. (CVE-2022-24894)
Marco Squarcina discovered that Symfony incorrectly handled the storage of
user session information. An attacker could possibly use this issue to
perform a cross-site request forgery (CSRF) attack. (CVE-2022-24895)
Pierre Rudloff discovered that Symfony incorrectly checked HTML input. An
attacker could possibly use this issue to perform cross site scripting.
(CVE-2023-46734)
Vladimir Dusheyko discovered that Symfony incorrectly sanitized special
input with a PHP directive in URL query strings. An attacker could possibly
use this issue to expose sensitive information or cause a denial of
service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 22.04 LTS.
(CVE-2024-50340)
Oleg Andreyev, Antoine Makdessi, and Moritz Rauch discovered that Symfony
incorrectly handled user authentication. An attacker could possibly use
this issue to access unauthorized resources and expose sensitive
information. This issue was only addressed in Ubuntu 24.04 LTS.
(CVE-2024-50341, CVE-2024-51996)
Linus Karlsson and Chris Smith discovered that Symfony returned internal
host information during host resolution. An attacker could possibly use
this issue to obtain sensitive information. This issue only affected Ubuntu
24.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-50342)
It was discovered that Symfony incorrectly parsed user input through
regular expressions. An attacker could possibly use this issue to expose
sensitive information. (CVE-2024-50343)
Sam Mush discovered that Symfony incorrectly parsed URIs with special
characters. An attacker could possibly use this issue to perform phishing
attacks. (CVE-2024-50345)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 24.04 noble | php-symfony – 6.4.5+dfsg-3ubuntu3+esm1 | ||
| 22.04 jammy | php-symfony – 5.4.4+dfsg-1ubuntu8+esm1 | ||
| 20.04 focal | php-symfony – 4.3.8+dfsg-1ubuntu1+esm2 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.