drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen von Code mit höheren Privilegien in composer
Name: |
Ausführen von Code mit höheren Privilegien in composer |
|
ID: |
DSA-5632-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian bullseye, Debian bookworm |
|
Datum: |
Fr, 15. März 2024, 18:14 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24821 |
|
Applikationen: |
Composer |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-5632-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 26, 2024 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : composer CVE ID : CVE-2024-24821 Debian Bug : 1063603
It was discovered that composer, a dependency manager for the PHP language, processed files in the local working directory. This could lead to local privilege escalation or malicious code execution. Due to a technical issue this email was not sent on 2024-02-26 like it should have.
For the oldstable distribution (bullseye), this problem has been fixed in version 2.0.9-2+deb11u2.
For the stable distribution (bookworm), this problem has been fixed in version 2.5.5-1+deb12u1.
We recommend that you upgrade your composer packages.
For the detailed security status of composer please refer to its security tracker page at: https://security-tracker.debian.org/tracker/composer
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmX0DyUACgkQEL6Jg/PV nWSBoggAmRdaBN8p7agJH0S2fvEJWuF+gFAAY4112EeOzbHwk/Bm6EuTY9VcGTtj HlW8X3t/H1+NW5xejcm1gEaXIE2HHIc1KTaG3ui/kKC2T3ybx0cmnqYWu/TJWmw+ nbaneBK74PkXukzFvjuYaOy7a6EgnpNcMhc0b2tc/IqIUOYiePKbg4lio8u6q5rP 5uFIJydeqI0IXja6H4N0ub/zOAn6I6C3ToKMa0WnfllmrMaj/JnBbgam3VrT06n6 3NoW6xZepdMDP3QofOVWWP5HshF/0CH1BGEcKS6AtAaIgARalFMgbP6SU8NDsgNF Q3UCiuR+sTjZc2YA0muIpmBGSPVyAw== =y4my -----END PGP SIGNATURE-----
|
|
|
|