Debian dsa-6317 : php-symfony - 安全性更新
critical Nessus Plugin ID 318254
語言:
概要
遠端 Debian 主機上缺少一個或多個安全性更新。說明
遠端 Debian 12 主機已安裝的套件會受到 dsa-6317 公告中提及的多個弱點影響。- ------------------------------------------------------------------------- Debian安全公告 DSA-6317-1 [email protected] https://www.debian.org/security/Moritz Muehlenhoff 2026 年 6 月 1 日 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
套件:symfony CVE ID: CVE-2024-50340 CVE-2026-45063 CVE-2026-45065 CVE-2026-45067 CVE-2026-45068 CVE-2026-45071 CVE-2026-45073 CVE-2026-45077 CVE-2026-45133 CVE-2026-45304 CVE-2026-45305 CVE-2026-46626 CVE-2026-48489 CVE-2026-48736 CVE-2026-48784
在 Symfony PHP 框架中發現多個漏洞,這些漏洞可能導致繞過安全控制、跨站腳本、拒絕服務、SQL 插入、電子郵件標頭插入、資訊洩露或透過 PHP 物件反序列化執行程式碼。
對於 oldstable 發行版 (bookworm),這些問題已在 +dfsg-0+deb12u1 版本 5.4.53中修正。
建議您升級 symfony 套件。
如需有關 symfony 安全性狀態的詳細資訊,請參閱其安全追蹤頁面:
https://security-tracker.debian.org/tracker/symfony
有關 Debian 安全公告、如何將這些更新套用至您的系統以及常見問題的詳細資訊,請參閱:https://www.debian.org/security/
郵寄清單:[email protected]
Tenable 已直接從 Debian 安全公告擷取前置描述區塊。
請注意,Nessus 並未測試這些問題,而是僅依據應用程式自我報告的版本號碼作出判斷。
解決方案
升級 php-symfony 套件。另請參閱
https://security-tracker.debian.org/tracker/source-package/symfony
https://security-tracker.debian.org/tracker/CVE-2024-50340
https://security-tracker.debian.org/tracker/CVE-2026-45063
https://security-tracker.debian.org/tracker/CVE-2026-45065
https://security-tracker.debian.org/tracker/CVE-2026-45067
https://security-tracker.debian.org/tracker/CVE-2026-45068
https://security-tracker.debian.org/tracker/CVE-2026-45071
https://security-tracker.debian.org/tracker/CVE-2026-45073
https://security-tracker.debian.org/tracker/CVE-2026-45077
https://security-tracker.debian.org/tracker/CVE-2026-45133
https://security-tracker.debian.org/tracker/CVE-2026-45304
https://security-tracker.debian.org/tracker/CVE-2026-45305
https://security-tracker.debian.org/tracker/CVE-2026-46626
https://security-tracker.debian.org/tracker/CVE-2026-48489
https://security-tracker.debian.org/tracker/CVE-2026-48736
Plugin 詳細資訊
嚴重性: Critical
ID: 318254
檔案名稱: debian_DSA-6317.nasl
版本: 1.1
類型: Local
代理程式: unix
已發布: 2026/6/2
已更新: 2026/6/2
支援的感應器: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
風險資訊
VPR
風險因素: High
分數: 7.4
CVSS v2
風險因素: High
基本分數: 7.5
時間性分數: 5.9
媒介: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 評分資料來源: CVE-2024-50340
CVSS v3
風險因素: High
基本分數: 7.3
時間性分數: 6.6
媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
時間媒介: CVSS:3.0/E:P/RL:O/RC:C
CVSS v4
風險因素: Critical
Base Score: 9.3
Threat Score: 8.1
Threat Vector: CVSS:4.0/E:P
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS 評分資料來源: CVE-2026-45077
弱點資訊
CPE: p-cpe:/a:debian:debian_linux:php-symfony-intl, p-cpe:/a:debian:debian_linux:php-symfony-dom-crawler, p-cpe:/a:debian:debian_linux:php-symfony-lokalise-translation-provider, p-cpe:/a:debian:debian_linux:php-symfony-sendinblue-notifier, p-cpe:/a:debian:debian_linux:php-symfony-fake-sms-notifier, p-cpe:/a:debian:debian_linux:php-symfony-error-handler, p-cpe:/a:debian:debian_linux:php-symfony-postmark-mailer, p-cpe:/a:debian:debian_linux:php-symfony-discord-notifier, p-cpe:/a:debian:debian_linux:php-symfony-mailjet-notifier, p-cpe:/a:debian:debian_linux:php-symfony-nexmo-notifier, p-cpe:/a:debian:debian_linux:php-symfony-property-info, p-cpe:/a:debian:debian_linux:php-symfony-spot-hit-notifier, p-cpe:/a:debian:debian_linux:php-symfony-sendgrid-mailer, p-cpe:/a:debian:debian_linux:php-symfony-framework-bundle, p-cpe:/a:debian:debian_linux:php-symfony-zulip-notifier, p-cpe:/a:debian:debian_linux:php-symfony-amazon-sns-notifier, p-cpe:/a:debian:debian_linux:php-symfony-mattermost-notifier, p-cpe:/a:debian:debian_linux:php-symfony-browser-kit, p-cpe:/a:debian:debian_linux:php-symfony-filesystem, p-cpe:/a:debian:debian_linux:php-symfony-ldap, p-cpe:/a:debian:debian_linux:php-symfony-routing, p-cpe:/a:debian:debian_linux:php-symfony-http-kernel, p-cpe:/a:debian:debian_linux:php-symfony-one-signal-notifier, p-cpe:/a:debian:debian_linux:php-symfony-esendex-notifier, p-cpe:/a:debian:debian_linux:php-symfony-fake-chat-notifier, p-cpe:/a:debian:debian_linux:php-symfony-mercure-notifier, p-cpe:/a:debian:debian_linux:php-symfony-sendinblue-mailer, p-cpe:/a:debian:debian_linux:php-symfony-gateway-api-notifier, p-cpe:/a:debian:debian_linux:php-symfony-lock, p-cpe:/a:debian:debian_linux:php-symfony-security-core, p-cpe:/a:debian:debian_linux:php-symfony-translation, p-cpe:/a:debian:debian_linux:php-symfony-phpunit-bridge, p-cpe:/a:debian:debian_linux:php-symfony-doctrine-messenger, p-cpe:/a:debian:debian_linux:php-symfony-infobip-notifier, p-cpe:/a:debian:debian_linux:php-symfony-css-selector, p-cpe:/a:debian:debian_linux:php-symfony-loco-translation-provider, p-cpe:/a:debian:debian_linux:php-symfony-workflow, p-cpe:/a:debian:debian_linux:php-symfony-telegram-notifier, p-cpe:/a:debian:debian_linux:php-symfony-oh-my-smtp-mailer, p-cpe:/a:debian:debian_linux:php-symfony-var-dumper, p-cpe:/a:debian:debian_linux:php-symfony-google-chat-notifier, p-cpe:/a:debian:debian_linux:php-symfony-crowdin-translation-provider, p-cpe:/a:debian:debian_linux:php-symfony-validator, p-cpe:/a:debian:debian_linux:php-symfony-mailgun-mailer, p-cpe:/a:debian:debian_linux:php-symfony-sinch-notifier, p-cpe:/a:debian:debian_linux:php-symfony-linked-in-notifier, p-cpe:/a:debian:debian_linux:php-symfony-runtime, p-cpe:/a:debian:debian_linux:php-symfony-web-profiler-bundle, p-cpe:/a:debian:debian_linux:php-symfony-expo-notifier, p-cpe:/a:debian:debian_linux:php-symfony-microsoft-teams-notifier, p-cpe:/a:debian:debian_linux:php-symfony-http-client, p-cpe:/a:debian:debian_linux:php-symfony-beanstalkd-messenger, p-cpe:/a:debian:debian_linux:php-symfony-rocket-chat-notifier, cpe:/o:debian:debian_linux:12.0, p-cpe:/a:debian:debian_linux:php-symfony-message-bird-notifier, p-cpe:/a:debian:debian_linux:php-symfony-iqsms-notifier, p-cpe:/a:debian:debian_linux:php-symfony-password-hasher, p-cpe:/a:debian:debian_linux:php-symfony-proxy-manager-bridge, p-cpe:/a:debian:debian_linux:php-symfony-form, p-cpe:/a:debian:debian_linux:php-symfony-messenger, p-cpe:/a:debian:debian_linux:php-symfony-amazon-sqs-messenger, p-cpe:/a:debian:debian_linux:php-symfony-console, p-cpe:/a:debian:debian_linux:php-symfony-sms77-notifier, p-cpe:/a:debian:debian_linux:php-symfony-templating, p-cpe:/a:debian:debian_linux:php-symfony-dependency-injection, p-cpe:/a:debian:debian_linux:php-symfony-mailer, p-cpe:/a:debian:debian_linux:php-symfony-twig-bridge, p-cpe:/a:debian:debian_linux:php-symfony-asset, p-cpe:/a:debian:debian_linux:php-symfony-options-resolver, p-cpe:/a:debian:debian_linux:php-symfony-var-exporter, p-cpe:/a:debian:debian_linux:php-symfony-amazon-mailer, p-cpe:/a:debian:debian_linux:php-symfony-yaml, p-cpe:/a:debian:debian_linux:php-symfony-rate-limiter, p-cpe:/a:debian:debian_linux:php-symfony-dotenv, p-cpe:/a:debian:debian_linux:php-symfony-gitter-notifier, p-cpe:/a:debian:debian_linux:php-symfony-message-media-notifier, p-cpe:/a:debian:debian_linux:php-symfony-smsapi-notifier, p-cpe:/a:debian:debian_linux:php-symfony-expression-language, p-cpe:/a:debian:debian_linux:php-symfony-http-foundation, p-cpe:/a:debian:debian_linux:php-symfony-inflector, p-cpe:/a:debian:debian_linux:php-symfony-yunpian-notifier, p-cpe:/a:debian:debian_linux:php-symfony-security-csrf, p-cpe:/a:debian:debian_linux:php-symfony-mailchimp-mailer, p-cpe:/a:debian:debian_linux:php-symfony-process, p-cpe:/a:debian:debian_linux:php-symfony-amqp-messenger, p-cpe:/a:debian:debian_linux:php-symfony-event-dispatcher, p-cpe:/a:debian:debian_linux:php-symfony-security-http, p-cpe:/a:debian:debian_linux:php-symfony-clickatell-notifier, p-cpe:/a:debian:debian_linux:php-symfony-notifier, p-cpe:/a:debian:debian_linux:php-symfony-semaphore, p-cpe:/a:debian:debian_linux:php-symfony-monolog-bridge, p-cpe:/a:debian:debian_linux:php-symfony-sms-biuras-notifier, p-cpe:/a:debian:debian_linux:php-symfony-slack-notifier, p-cpe:/a:debian:debian_linux:php-symfony-serializer, p-cpe:/a:debian:debian_linux:php-symfony-twilio-notifier, p-cpe:/a:debian:debian_linux:php-symfony-string, p-cpe:/a:debian:debian_linux:php-symfony-ovh-cloud-notifier, p-cpe:/a:debian:debian_linux:php-symfony-telnyx-notifier, p-cpe:/a:debian:debian_linux:php-symfony-web-link, p-cpe:/a:debian:debian_linux:php-symfony, p-cpe:/a:debian:debian_linux:php-symfony-turbo-sms-notifier, p-cpe:/a:debian:debian_linux:php-symfony-all-my-sms-notifier, p-cpe:/a:debian:debian_linux:php-symfony-debug-bundle, p-cpe:/a:debian:debian_linux:php-symfony-property-access, p-cpe:/a:debian:debian_linux:php-symfony-security-guard, p-cpe:/a:debian:debian_linux:php-symfony-stopwatch, p-cpe:/a:debian:debian_linux:php-symfony-uid, p-cpe:/a:debian:debian_linux:php-symfony-config, p-cpe:/a:debian:debian_linux:php-symfony-smsc-notifier, p-cpe:/a:debian:debian_linux:php-symfony-mime, p-cpe:/a:debian:debian_linux:php-symfony-cache, p-cpe:/a:debian:debian_linux:php-symfony-firebase-notifier, p-cpe:/a:debian:debian_linux:php-symfony-twig-bundle, p-cpe:/a:debian:debian_linux:php-symfony-mobyt-notifier, p-cpe:/a:debian:debian_linux:php-symfony-finder, p-cpe:/a:debian:debian_linux:php-symfony-google-mailer, p-cpe:/a:debian:debian_linux:php-symfony-redis-messenger, p-cpe:/a:debian:debian_linux:php-symfony-mailjet-mailer, p-cpe:/a:debian:debian_linux:php-symfony-vonage-notifier, p-cpe:/a:debian:debian_linux:php-symfony-light-sms-notifier, p-cpe:/a:debian:debian_linux:php-symfony-free-mobile-notifier, p-cpe:/a:debian:debian_linux:php-symfony-octopush-notifier, p-cpe:/a:debian:debian_linux:php-symfony-security-bundle, p-cpe:/a:debian:debian_linux:php-symfony-doctrine-bridge
必要的 KB 項目: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
可被惡意程式利用: true
可輕鬆利用: Exploits are available
修補程式發佈日期: 2026/6/1
弱點發布日期: 2024/11/6
參考資訊
CVE: CVE-2024-50340, CVE-2026-45063, CVE-2026-45065, CVE-2026-45067, CVE-2026-45068, CVE-2026-45071, CVE-2026-45073, CVE-2026-45077, CVE-2026-45133, CVE-2026-45304, CVE-2026-45305, CVE-2026-46626, CVE-2026-48489, CVE-2026-48736, CVE-2026-48784