[SECURITY] [DLA 3997-1] php-laravel-framework security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3997-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
December 21, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : php-laravel-framework
Version : 6.20.14+dfsg-2+deb11u2
CVE ID : CVE-2024-52301
Debian Bug : 1088189
It was discovered that there was a remotely exploitable vulnerability
in php-laravel-framework, a popular web application framework written
in PHP.
When the register_argc_argv php directive was set to "on" and users
called a URL with a specially-crafted query string, they were able to
change the environment used by the framework when handling the
request.
Laravel now ignores argv values for environment detection on non-CLI
APIs.
For Debian 11 bullseye, this problem has been fixed in version
6.20.14+dfsg-2+deb11u2.
We recommend that you upgrade your php-laravel-framework packages.
For the detailed security status of php-laravel-framework please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-laravel-framework
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmdmxjAACgkQHpU+J9Qx
HlglVQ/+Lu09RTK7yeVCzYSVUsBn+LRFpn94Q4r578g4SRWgTOKGDjDaMnFHqMs8
c9jIasTKhpqPR/O2FRFmZTAyKAYFHe8j12Ezxtce88InU3nalQzxUdiX6ZOQ1Av8
Qxk1+0ZJrqwaRE6d5fteMYjf41Kof7kHhCfmgnH8I1D2AYXQLgVojXLv5walbtDk
z5jKjbf86tcUKmHgyuS/ZF86PLOto4FFFqgNAyplBRhhB/tcgNDJ/ubXjVDNl6gx
bUcwJcgl2vhUg2Kuu5mxLu55DQC9zzoIxnzTeLd7LCUB+dohvxB4fj25ivj+4bM1
w3V9M/DlIoNBG0vWqpnYkCc1ko4sltiO1my2TST7iQEPoJcRtq+/KjQyisUL1DGY
eCVuolOynrvf5Mn5rn1QzkkloH0MT7LI7+W3E3PcyzU3QZPm9eZ4k/e0SROQnUyY
jzCWbmkQRkyltd051W+kQhdTtybAT9VhmYV4L1A0gtu3JQiqqc3z2j+cqXc1JUaJ
RtSj8wuNLJn7SHlP1Y5zbEyq9HsQEjoJl3EO8gRSZFaeJt8oceB/zy7lbezw++7s
QH2SuLYQJoC75ED3tFiZABt0lZv9VI0rwz7akcPLB9tNn/SgKn1swyxLsoCkDPGi
4xIUHdWeWXHT6NmEehY51OsmfVc6Qx3EGlLtETuctRmkd3FuzwE=
=ugRC
-----END PGP SIGNATURE-----
Reply to: