USN-4836-1: Symfony vulnerability
15 March 2021
Symfony could allow unintended access to network services.
Releases
Packages
- symfony - set of reusable components and framework for web projects
Details
It was discovered that Symfony through the HttpFoundation
component allowed unauthorized access on a misconfigured LDAP server. A
remote attacker could use this vulnerability to gain unauthorized access.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
php-symfony
-
3.4.6+dfsg-1ubuntu0.1+esm1
Available with Ubuntu Pro
-
php-symfony-http-foundation
-
3.4.6+dfsg-1ubuntu0.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.