USN-5290-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-5290-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5290-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5290-1
Related
Published
2022-08-24T11:38:04.408385Z
Modified
2022-08-24T11:38:04.408385Z
Summary
symfony vulnerabilities
Details

James Isaac and Mathias Brodala discovered that Symfony incorrectly handled switch users functionality. An attacker could possibly use this issue to enumerate users. (CVE-2021-21424)

It was discovered that Symfony incorrectly handled certain specially crafted CSV files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 20.04 ESM. (CVE-2021-41270)

References

Affected packages

Ubuntu:Pro:18.04:LTS / symfony

Package

Name
symfony

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.6+dfsg-1ubuntu0.1+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "php-symfony-framework-bundle": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-monolog-bridge": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-security-guard": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-serializer": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-asset": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-browser-kit": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-yaml": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-web-link": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-class-loader": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-property-info": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-console": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-ldap": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-debug-bundle": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-doctrine-bridge": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-form": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-workflow": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-expression-language": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-options-resolver": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-debug": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-security-bundle": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-dependency-injection": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-proxy-manager-bridge": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-property-access": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-finder": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-twig-bundle": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-stopwatch": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-intl": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-twig-bridge": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-validator": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-security": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-event-dispatcher": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-http-foundation": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-cache": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-inflector": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-web-server-bundle": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-lock": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-translation": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-routing": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-security-core": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-templating": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-filesystem": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-process": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-security-csrf": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-dom-crawler": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-css-selector": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-http-kernel": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-security-http": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-var-dumper": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-dotenv": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-phpunit-bridge": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-web-profiler-bundle": "3.4.6+dfsg-1ubuntu0.1+esm2",
            "php-symfony-config": "3.4.6+dfsg-1ubuntu0.1+esm2"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / symfony

Package

Name
symfony

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.8+dfsg-1ubuntu1+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "php-symfony-framework-bundle": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-amazon-mailer": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-monolog-bridge": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-google-mailer": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-http-client": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-property-info": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-debug": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-console": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-ldap": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-debug-bundle": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-doctrine-bridge": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-workflow": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-mime": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-options-resolver": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-mailer": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-twig-bundle": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-property-access": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-proxy-manager-bridge": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-security": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-event-dispatcher": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-mailgun-mailer": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-inflector": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-web-server-bundle": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-css-selector": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-process": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-security-core": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-browser-kit": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-dom-crawler": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-sendgrid-mailer": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-security-guard": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-mailchimp-mailer": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-http-kernel": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-yaml": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-phpunit-bridge": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-config": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-messenger": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-web-link": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-form": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-expression-language": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-dependency-injection": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-security-bundle": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-finder": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-stopwatch": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-intl": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-twig-bridge": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-validator": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-cache": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-var-exporter": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-http-foundation": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-lock": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-postmark-mailer": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-routing": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-templating": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-serializer": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-filesystem": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-asset": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-security-csrf": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-translation": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-security-http": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-var-dumper": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-dotenv": "4.3.8+dfsg-1ubuntu1+esm1",
            "php-symfony-web-profiler-bundle": "4.3.8+dfsg-1ubuntu1+esm1"
        }
    ]
}