USN-6277-2: Dompdf vulnerabilities

Read Time:47 Second

USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the
corresponding updates for Ubuntu 22.04 LTS.

Original advisory details:

It was discovered that Dompdf was not properly validating untrusted input when
processing HTML content under certain circumstances. An attacker could
possibly use this issue to expose sensitive information or execute arbitrary
code. This issue only affected Ubuntu 16.04 LTS.
(CVE-2014-5011, CVE-2014-5012, CVE-2014-5013)

It was discovered that Dompdf was not properly validating processed HTML
content that referenced PHAR files, which could result in the deserialization
of untrusted data. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2021-3838)

It was discovered that Dompdf was not properly validating processed HTML
content that referenced both a remote base and a local file, which could
result in the bypass of a chroot check. An attacker could possibly use this
issue to expose sensitive information. (CVE-2022-2400)

Patch Tuesday, April 2025 Edition

The AI Fix #45: The Turing test falls to GPT-4.5

Google Releases April Android Update to Address Two Zero-Days

NIST Defers Pre-2018 CVEs to Tackle Growing Vulnerability Backlog

Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges

CISA Warns of CrushFTP Vulnerability Exploitation in the Wild

Arguing Against CALEA

Boards Urged to Follow New Cyber Code of Practice

Russian bots hard at work spreading political unrest on Romania’s internet

USN-6277-2: Dompdf vulnerabilities

CrushFTP Authentication Bypass

Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution

rust-openssl-0.10.72-1.el9 rust-openssl-sys-0.9.107-1.el9

rust-openssl-0.10.72-1.el10_0 rust-openssl-sys-0.9.107-1.el10_0

rust-openssl-0.10.72-1.el10_1 rust-openssl-sys-0.9.107-1.el10_1

rust-openssl-0.10.72-1.fc40 rust-openssl-sys-0.9.107-1.fc40