1. Ubuntu Security Notices
  2. USN-5290-1

USN-5290-1: Symfony vulnerabilities

Publication date

24 August 2022

Overview

Several security issues were fixed in Symfony.

Releases

Packages

  • symfony - set of reusable components and framework for web projects

Details

James Isaac and Mathias Brodala discovered that Symfony incorrectly handled
switch users functionality. An attacker could possibly use this issue to
enumerate users. (CVE-2021-21424)

It was discovered that Symfony incorrectly handled certain specially crafted
CSV files. An attacker could possibly use this issue to execute arbitrary
code. This issue only affected Ubuntu 20.04 ESM. (CVE-2021-41270)

James Isaac and Mathias Brodala discovered that Symfony incorrectly handled
switch users functionality. An attacker could possibly use this issue to
enumerate users. (CVE-2021-21424)

It was discovered that Symfony incorrectly handled certain specially crafted
CSV files. An attacker could possibly use this issue to execute arbitrary
code. This issue only affected Ubuntu 20.04 ESM. (CVE-2021-41270)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
20.04 focal php-symfony-security-core –  4.3.8+dfsg-1ubuntu1+esm1  
php-symfony-property-access –  4.3.8+dfsg-1ubuntu1+esm1  
php-symfony-security-guard –  4.3.8+dfsg-1ubuntu1+esm1  
php-symfony-serializer –  4.3.8+dfsg-1ubuntu1+esm1  
php-symfony-process –  4.3.8+dfsg-1ubuntu1+esm1  
php-symfony-var-dumper –  4.3.8+dfsg-1ubuntu1+esm1  
php-symfony-security-bundle –  4.3.8+dfsg-1ubuntu1+esm1  
php-symfony-debug –  4.3.8+dfsg-1ubuntu1+esm1  
php-symfony-cache –  4.3.8+dfsg-1ubuntu1+esm1  
php-symfony –  4.3.8+dfsg-1ubuntu1+esm1  
php-symfony-config –  4.3.8+dfsg-1ubuntu1+esm1  
php-symfony-console –  4.3.8+dfsg-1ubuntu1+esm1  
18.04 bionic php-symfony-security-core –  3.4.6+dfsg-1ubuntu0.1+esm2  
php-symfony-property-access –  3.4.6+dfsg-1ubuntu0.1+esm2  
php-symfony-security-guard –  3.4.6+dfsg-1ubuntu0.1+esm2  
php-symfony-process –  3.4.6+dfsg-1ubuntu0.1+esm2  
php-symfony-serializer –  3.4.6+dfsg-1ubuntu0.1+esm2  
php-symfony-var-dumper –  3.4.6+dfsg-1ubuntu0.1+esm2  
php-symfony-property-info –  3.4.6+dfsg-1ubuntu0.1+esm2  
php-symfony-security-bundle –  3.4.6+dfsg-1ubuntu0.1+esm2  
php-symfony-debug –  3.4.6+dfsg-1ubuntu0.1+esm2  
php-symfony-cache –  3.4.6+dfsg-1ubuntu0.1+esm2  
php-symfony –  3.4.6+dfsg-1ubuntu0.1+esm2  
php-symfony-config –  3.4.6+dfsg-1ubuntu0.1+esm2  
php-symfony-console –  3.4.6+dfsg-1ubuntu0.1+esm2  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›