Headline
Ubuntu Security Notice USN-6277-1
Ubuntu Security Notice 6277-1 - It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. It was discovered that Dompdf was not properly validating processed HTML content that referenced PHAR files, which could result in the deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-6277-1August 08, 2023php-dompdf vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in Dompdf.Software Description:- php-dompdf: HTML to PDF converterDetails:It was discovered that Dompdf was not properly validating untrusted input whenprocessing HTML content under certain circumstances. An attacker couldpossibly use this issue to expose sensitive information or execute arbitrarycode. This issue only affected Ubuntu 16.04 LTS.(CVE-2014-5011, CVE-2014-5012, CVE-2014-5013)It was discovered that Dompdf was not properly validating processed HTMLcontent that referenced PHAR files, which could result in the deserializationof untrusted data. An attacker could possibly use this issue to executearbitrary code. (CVE-2021-3838)It was discovered that Dompdf was not properly validating processed HTMLcontent that referenced both a remote base and a local file, which couldresult in the bypass of a chroot check. An attacker could possibly use thisissue to expose sensitive information. (CVE-2022-2400)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:php-dompdf 0.6.2+dfsg-3ubuntu0.20.04.1Ubuntu 18.04 LTS (Available with Ubuntu Pro):php-dompdf 0.6.2+dfsg-3ubuntu0.18.04.1~esm1Ubuntu 16.04 LTS (Available with Ubuntu Pro):php-dompdf 0.6.1+dfsg-2ubuntu1+esm1In general, a standard system update will make all the necessary changes.References:https://ubuntu.com/security/notices/USN-6277-1CVE-2014-5011, CVE-2014-5012, CVE-2014-5013, CVE-2021-3838,CVE-2022-2400Package Information:https://launchpad.net/ubuntu/+source/php-dompdf/0.6.2+dfsg-3ubuntu0.20.04.1Related news
DomPDF before version 2.0.0 is vulnerable to PHAR (PHP Archive) deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code.
Ubuntu Security Notice 6277-2 - USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.
Dompdf prior to version 2.0.0 is vulnerable to a chroot check bypass, which could cause disclosure of png and jpeg files.
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.