Debian Security Advisory 5715-1

Debian Security Advisory 5715-1: Posted Jun 19, 2024; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5715-1 - Two vulnerabilities have been discovered in Composer, a dependency manager for PHP, which could result in arbitrary command execution by operating on malicious git/hg repositories.; tags | advisory, arbitrary, php, vulnerability; systems | linux, debian; advisories | CVE-2024-35241, CVE-2024-35242; SHA-256 | 47524eaef79a18432c3a4ae5e3acd5c797c5783aef817def7aece996f17e03da; Download | Favorite | View

Debian Security Advisory 5715-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5715-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 18, 2024                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : composer
CVE ID         : CVE-2024-35241 CVE-2024-35242

Two vulnerabilities have been discovered in Composer, a dependency
manager for PHP, which could result in arbitrary command execution by
operating on malicious git/hg repositories.

For the oldstable distribution (bullseye), these problems have been fixed
in version 2.0.9-2+deb11u3.

For the stable distribution (bookworm), these problems have been fixed in
version 2.5.5-1+deb12u2.

We recommend that you upgrade your composer packages.

For the detailed security status of composer please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/composer

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZyAQwACgkQEMKTtsN8
TjYxTw//by7RwssfrKcrNXWHLSJjcCJLtIUfDCzp31pxo9z1uc2viR1QYgfGgIB6
yuUtjY0j8KDVBnvlpo8CTlt9Z5auzgQ0poGzshgKlvFcMwhzt7wQJtoF/mlO1dlA
BUcUyZvv8YLyKA4oYfRIN9bLSsldTb6gSV1bBTVLZeCggWb69HsFHrDxGmpKbcX4
3a+QL+qkScNu6wm7AdEG6RHDwJTJuFh72RjsONrg172i/6zL8wVqbGEg1HRYiFCC
TYTniZsTi1eqQRSNzqIrq61Z/PFHhE7IS7DpNLF+8nVdTFAolou89/VTJSXO/nQC
KR0MN/xHlctKY7wDj4lM3IrqNY0RoG1s4V/EiUz9fzdBitFvozPXgf45h45ETfv7
7NVw8quKrIQGKUNRtRBoemqHJ3J6ZpmGHyR5MRBjLdlZqnY0LtIq5dbj/AZJE48t
waKbP8KsV6Yt7CtXe/c6zbqlRjZsV4p+4qOQtDuSqO751k3gWSLMtgogT4cmKLRu
hhobe/zInQIsiUKcAmYiUcTjv2BXnSz2XYNfBn4Sd4/J2Bn+vMRMlLPOj7U3ZOIz
Zr5gWnSoJrUQEj68icbYHLG2jVGxLpZ+N3YlGEd+V+5N5sklR6Ggy5RjgPCB7at2
84WtvfU0EggKpgWhjoDx273K/EIVEAaEpvIUe3mhle1Tj3cdeYo=
=oulZ
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 203 files
Ubuntu 74 files
Debian 25 files
Gentoo 14 files
Ahmet Umit Bayram 6 files
Amit Roy 4 files
Furkan Eren Tetik 4 files
tmrswrr 4 files
ron190 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,089)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,073)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,514)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,167)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,155)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,609)
UNIX (9,423)
UnixWare (187)
Windows (6,665)
Other

Debian Security Advisory 5715-1

Debian Security Advisory 5715-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 5715-1

Share This

Debian Security Advisory 5715-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems