MGASA-2017-0067

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2017-0067.html
Import Source
https://advisories.mageia.org/MGASA-2017-0067.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2017-0067
Related
Published
2017-02-26T22:02:17Z
Modified
2017-02-26T21:51:46Z
Summary
Updated php-tcpdf packages fix security vulnerability
Details

A local file inclusion vulnerability in TCPDF allows to upload files from the server generating PDF files to an external FTP server (CVE-2017-6100).

The updated php-tcpdf-6.0.098-1.1.mga5 package fixes this issue by setting KTCPDFCALLSINHTML configuration parameter to false by default.

References
Credits

Affected packages

Mageia:5 / php-tcpdf

Package

Name
php-tcpdf
Purl
pkg:rpm/mageia/php-tcpdf?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.098-1.1.mga5

Ecosystem specific 

{
    "section": "core"
}