Debian DSA-6312:php-symfony - 安全更新
critical Nessus 插件 ID 318121
语言:
简介
远程 Debian 主机上缺少一个或多个与安全性相关的更新。描述
远程 Debian 13 主机上存在安装的程序包,该程序包受到 dsa-6312 公告中提及的多个漏洞的影响。- ------------------------------------------------------------------------- Debian 安全公告 [email protected] DSA-6312-1https://www.debian.org/security/Moritz Muehlenhoff 2026 年 5 月 31 日 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
程序包:symfony CVE ID: CVE-2024-50340 CVE-2026-45063 CVE-2026-45064 CVE-2026-45065 CVE-2026-45066 CVE-2026-45067 CVE-2026-45068 CVE-2026-45069 CVE-2026-45071 CVE-2026-45072 CVE-2026-45073 CVE-2026-45077 CVE-2026-45133 CVE-2026-45304 CVE-2026-45305 CVE-2026-45754 CVE-2026-46626 CVE-2026-48489 CVE-2026-48736 CVE-2026-48760 CVE-2026-48761 CVE-2026-48784
Symfony PHP 框架中发现多个漏洞,通过 PHP 对象反序列化,可导致绕过安全控制、跨站脚本、拒绝服务、SQL 注入、电子邮件标头注入、信息泄露或代码执行。
对于稳定发行版本 (trixie),已在版本 6.4.41+dfsg-0+deb13u1 中修复这些问题。
我们建议您升级 Symfony 程序包。
如需了解 Symfony 的详细安全状态,请参阅其安全跟踪页面:
https://security-tracker.debian.org/tracker/symfony
有关 Debian 安全公告、如何将这些更新应用到系统以及常见问题解答的更多信息,请访问以下网址:https://www.debian.org/security/
邮件列表:[email protected]
Tenable 已直接从 Debian 安全公告中提取上述描述块。
请注意,Nessus 尚未测试这些问题,而是只依据应用程序自我报告的版本号进行判断。
解决方案
升级 php-symfony 程序包。另见
https://security-tracker.debian.org/tracker/source-package/symfony
https://security-tracker.debian.org/tracker/CVE-2024-50340
https://security-tracker.debian.org/tracker/CVE-2026-45063
https://security-tracker.debian.org/tracker/CVE-2026-45064
https://security-tracker.debian.org/tracker/CVE-2026-45065
https://security-tracker.debian.org/tracker/CVE-2026-45066
https://security-tracker.debian.org/tracker/CVE-2026-45067
https://security-tracker.debian.org/tracker/CVE-2026-45068
https://security-tracker.debian.org/tracker/CVE-2026-45069
https://security-tracker.debian.org/tracker/CVE-2026-45071
https://security-tracker.debian.org/tracker/CVE-2026-45072
https://security-tracker.debian.org/tracker/CVE-2026-45073
https://security-tracker.debian.org/tracker/CVE-2026-45077
https://security-tracker.debian.org/tracker/CVE-2026-45133
https://security-tracker.debian.org/tracker/CVE-2026-45304
https://security-tracker.debian.org/tracker/CVE-2026-45305
https://security-tracker.debian.org/tracker/CVE-2026-45754
https://security-tracker.debian.org/tracker/CVE-2026-46626
https://security-tracker.debian.org/tracker/CVE-2026-48489
https://security-tracker.debian.org/tracker/CVE-2026-48736
https://security-tracker.debian.org/tracker/CVE-2026-48760
https://security-tracker.debian.org/tracker/CVE-2026-48761
插件详情
严重性: Critical
ID: 318121
文件名: debian_DSA-6312.nasl
版本: 1.1
类型: Local
代理: unix
发布时间: 2026/6/1
最近更新时间: 2026/6/1
支持的传感器: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
风险信息
VPR
风险因素: High
分数: 7.4
CVSS v2
风险因素: High
基本分数: 7.5
时间分数: 5.9
矢量: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 分数来源: CVE-2024-50340
CVSS v3
风险因素: High
基本分数: 7.3
时间分数: 6.6
矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
时间矢量: CVSS:3.0/E:P/RL:O/RC:C
CVSS v4
风险因素: Critical
Base Score: 9.3
Threat Score: 8.1
Threat Vector: CVSS:4.0/E:P
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS 分数来源: CVE-2026-45077
漏洞信息
CPE: p-cpe:/a:debian:debian_linux:php-symfony-sendgrid-mailer, p-cpe:/a:debian:debian_linux:php-symfony-framework-bundle, p-cpe:/a:debian:debian_linux:php-symfony-zulip-notifier, p-cpe:/a:debian:debian_linux:php-symfony-amazon-sns-notifier, p-cpe:/a:debian:debian_linux:php-symfony-mattermost-notifier, p-cpe:/a:debian:debian_linux:php-symfony-browser-kit, p-cpe:/a:debian:debian_linux:php-symfony-filesystem, p-cpe:/a:debian:debian_linux:php-symfony-ldap, p-cpe:/a:debian:debian_linux:php-symfony-routing, p-cpe:/a:debian:debian_linux:php-symfony-http-kernel, p-cpe:/a:debian:debian_linux:php-symfony-novu-notifier, p-cpe:/a:debian:debian_linux:php-symfony-one-signal-notifier, p-cpe:/a:debian:debian_linux:php-symfony-ring-central-notifier, p-cpe:/a:debian:debian_linux:php-symfony-esendex-notifier, p-cpe:/a:debian:debian_linux:php-symfony-orange-sms-notifier, p-cpe:/a:debian:debian_linux:php-symfony-fake-chat-notifier, p-cpe:/a:debian:debian_linux:php-symfony-mercure-notifier, p-cpe:/a:debian:debian_linux:php-symfony-kaz-info-teh-notifier, p-cpe:/a:debian:debian_linux:php-symfony-sendinblue-mailer, p-cpe:/a:debian:debian_linux:php-symfony-gateway-api-notifier, p-cpe:/a:debian:debian_linux:php-symfony-lock, p-cpe:/a:debian:debian_linux:php-symfony-security-core, p-cpe:/a:debian:debian_linux:php-symfony-chatwork-notifier, p-cpe:/a:debian:debian_linux:php-symfony-smsapi-notifier, p-cpe:/a:debian:debian_linux:php-symfony-clock, p-cpe:/a:debian:debian_linux:php-symfony-expression-language, p-cpe:/a:debian:debian_linux:php-symfony-http-foundation, p-cpe:/a:debian:debian_linux:php-symfony-remote-event, p-cpe:/a:debian:debian_linux:php-symfony-yunpian-notifier, p-cpe:/a:debian:debian_linux:php-symfony-security-csrf, p-cpe:/a:debian:debian_linux:php-symfony-mailchimp-mailer, p-cpe:/a:debian:debian_linux:php-symfony-process, p-cpe:/a:debian:debian_linux:php-symfony-bandwidth-notifier, p-cpe:/a:debian:debian_linux:php-symfony-infobip-notifier, p-cpe:/a:debian:debian_linux:php-symfony-mailer-send-mailer, p-cpe:/a:debian:debian_linux:php-symfony-css-selector, p-cpe:/a:debian:debian_linux:php-symfony-loco-translation-provider, p-cpe:/a:debian:debian_linux:php-symfony-workflow, p-cpe:/a:debian:debian_linux:php-symfony-telegram-notifier, p-cpe:/a:debian:debian_linux:php-symfony-oh-my-smtp-mailer, p-cpe:/a:debian:debian_linux:php-symfony-var-dumper, p-cpe:/a:debian:debian_linux:php-symfony-google-chat-notifier, p-cpe:/a:debian:debian_linux:php-symfony-crowdin-translation-provider, p-cpe:/a:debian:debian_linux:php-symfony-validator, p-cpe:/a:debian:debian_linux:php-symfony-mailgun-mailer, p-cpe:/a:debian:debian_linux:php-symfony-sinch-notifier, p-cpe:/a:debian:debian_linux:php-symfony-psr-http-message-bridge, p-cpe:/a:debian:debian_linux:php-symfony-contact-everyone-notifier, p-cpe:/a:debian:debian_linux:php-symfony-linked-in-notifier, p-cpe:/a:debian:debian_linux:php-symfony-runtime, p-cpe:/a:debian:debian_linux:php-symfony-line-notify-notifier, p-cpe:/a:debian:debian_linux:php-symfony-expo-notifier, p-cpe:/a:debian:debian_linux:php-symfony-microsoft-teams-notifier, p-cpe:/a:debian:debian_linux:php-symfony-web-profiler-bundle, p-cpe:/a:debian:debian_linux:php-symfony-http-client, p-cpe:/a:debian:debian_linux:php-symfony-beanstalkd-messenger, p-cpe:/a:debian:debian_linux:php-symfony-rocket-chat-notifier, p-cpe:/a:debian:debian_linux:php-symfony-message-bird-notifier, p-cpe:/a:debian:debian_linux:php-symfony-iqsms-notifier, p-cpe:/a:debian:debian_linux:php-symfony-brevo-notifier, p-cpe:/a:debian:debian_linux:php-symfony-password-hasher, p-cpe:/a:debian:debian_linux:php-symfony-proxy-manager-bridge, p-cpe:/a:debian:debian_linux:php-symfony-infobip-mailer, p-cpe:/a:debian:debian_linux:php-symfony-amqp-messenger, p-cpe:/a:debian:debian_linux:php-symfony-event-dispatcher, p-cpe:/a:debian:debian_linux:php-symfony-security-http, p-cpe:/a:debian:debian_linux:php-symfony-clickatell-notifier, p-cpe:/a:debian:debian_linux:php-symfony-smsmode-notifier, p-cpe:/a:debian:debian_linux:php-symfony-forty-six-elks-notifier, p-cpe:/a:debian:debian_linux:php-symfony-notifier, p-cpe:/a:debian:debian_linux:php-symfony-semaphore, p-cpe:/a:debian:debian_linux:php-symfony-monolog-bridge, p-cpe:/a:debian:debian_linux:php-symfony-click-send-notifier, p-cpe:/a:debian:debian_linux:php-symfony-sms-biuras-notifier, p-cpe:/a:debian:debian_linux:php-symfony-slack-notifier, p-cpe:/a:debian:debian_linux:php-symfony-scaleway-mailer, p-cpe:/a:debian:debian_linux:php-symfony-serializer, p-cpe:/a:debian:debian_linux:php-symfony-go-ip-notifier, p-cpe:/a:debian:debian_linux:php-symfony-twilio-notifier, p-cpe:/a:debian:debian_linux:php-symfony-string, p-cpe:/a:debian:debian_linux:php-symfony-ovh-cloud-notifier, p-cpe:/a:debian:debian_linux:php-symfony-telnyx-notifier, p-cpe:/a:debian:debian_linux:php-symfony-web-link, p-cpe:/a:debian:debian_linux:php-symfony, p-cpe:/a:debian:debian_linux:php-symfony-pager-duty-notifier, p-cpe:/a:debian:debian_linux:php-symfony-turbo-sms-notifier, p-cpe:/a:debian:debian_linux:php-symfony-all-my-sms-notifier, p-cpe:/a:debian:debian_linux:php-symfony-debug-bundle, p-cpe:/a:debian:debian_linux:php-symfony-mail-pace-mailer, p-cpe:/a:debian:debian_linux:php-symfony-property-access, p-cpe:/a:debian:debian_linux:php-symfony-ntfy-notifier, p-cpe:/a:debian:debian_linux:php-symfony-html-sanitizer, p-cpe:/a:debian:debian_linux:php-symfony-stopwatch, p-cpe:/a:debian:debian_linux:php-symfony-uid, p-cpe:/a:debian:debian_linux:php-symfony-config, p-cpe:/a:debian:debian_linux:php-symfony-plivo-notifier, p-cpe:/a:debian:debian_linux:php-symfony-smsc-notifier, p-cpe:/a:debian:debian_linux:php-symfony-mime, p-cpe:/a:debian:debian_linux:php-symfony-cache, p-cpe:/a:debian:debian_linux:php-symfony-firebase-notifier, p-cpe:/a:debian:debian_linux:php-symfony-brevo-mailer, p-cpe:/a:debian:debian_linux:php-symfony-twig-bundle, p-cpe:/a:debian:debian_linux:php-symfony-mobyt-notifier, p-cpe:/a:debian:debian_linux:php-symfony-finder, p-cpe:/a:debian:debian_linux:php-symfony-termii-notifier, p-cpe:/a:debian:debian_linux:php-symfony-google-mailer, p-cpe:/a:debian:debian_linux:php-symfony-redis-messenger, p-cpe:/a:debian:debian_linux:php-symfony-mailjet-mailer, p-cpe:/a:debian:debian_linux:php-symfony-vonage-notifier, p-cpe:/a:debian:debian_linux:php-symfony-sendberry-notifier, p-cpe:/a:debian:debian_linux:php-symfony-light-sms-notifier, p-cpe:/a:debian:debian_linux:php-symfony-free-mobile-notifier, p-cpe:/a:debian:debian_linux:php-symfony-zendesk-notifier, p-cpe:/a:debian:debian_linux:php-symfony-octopush-notifier, p-cpe:/a:debian:debian_linux:php-symfony-form, p-cpe:/a:debian:debian_linux:php-symfony-messenger, p-cpe:/a:debian:debian_linux:php-symfony-amazon-sqs-messenger, p-cpe:/a:debian:debian_linux:php-symfony-security-bundle, p-cpe:/a:debian:debian_linux:php-symfony-doctrine-bridge, p-cpe:/a:debian:debian_linux:php-symfony-isendpro-notifier, p-cpe:/a:debian:debian_linux:php-symfony-intl, p-cpe:/a:debian:debian_linux:php-symfony-engagespot-notifier, p-cpe:/a:debian:debian_linux:php-symfony-dom-crawler, p-cpe:/a:debian:debian_linux:php-symfony-lokalise-translation-provider, p-cpe:/a:debian:debian_linux:php-symfony-sendinblue-notifier, p-cpe:/a:debian:debian_linux:php-symfony-fake-sms-notifier, p-cpe:/a:debian:debian_linux:php-symfony-simple-textin-notifier, p-cpe:/a:debian:debian_linux:php-symfony-asset-mapper, p-cpe:/a:debian:debian_linux:php-symfony-error-handler, p-cpe:/a:debian:debian_linux:php-symfony-postmark-mailer, p-cpe:/a:debian:debian_linux:php-symfony-discord-notifier, p-cpe:/a:debian:debian_linux:php-symfony-mailjet-notifier, p-cpe:/a:debian:debian_linux:php-symfony-mastodon-notifier, p-cpe:/a:debian:debian_linux:php-symfony-property-info, p-cpe:/a:debian:debian_linux:php-symfony-spot-hit-notifier, p-cpe:/a:debian:debian_linux:php-symfony-translation, cpe:/o:debian:debian_linux:13.0, p-cpe:/a:debian:debian_linux:php-symfony-phpunit-bridge, p-cpe:/a:debian:debian_linux:php-symfony-doctrine-messenger, p-cpe:/a:debian:debian_linux:php-symfony-console, p-cpe:/a:debian:debian_linux:php-symfony-sms77-notifier, p-cpe:/a:debian:debian_linux:php-symfony-templating, p-cpe:/a:debian:debian_linux:php-symfony-dependency-injection, p-cpe:/a:debian:debian_linux:php-symfony-mailer, p-cpe:/a:debian:debian_linux:php-symfony-pushover-notifier, p-cpe:/a:debian:debian_linux:php-symfony-twig-bridge, p-cpe:/a:debian:debian_linux:php-symfony-sms-factor-notifier, p-cpe:/a:debian:debian_linux:php-symfony-redlink-notifier, p-cpe:/a:debian:debian_linux:php-symfony-asset, p-cpe:/a:debian:debian_linux:php-symfony-options-resolver, p-cpe:/a:debian:debian_linux:php-symfony-var-exporter, p-cpe:/a:debian:debian_linux:php-symfony-webhook, p-cpe:/a:debian:debian_linux:php-symfony-scheduler, p-cpe:/a:debian:debian_linux:php-symfony-amazon-mailer, p-cpe:/a:debian:debian_linux:php-symfony-yaml, p-cpe:/a:debian:debian_linux:php-symfony-rate-limiter, p-cpe:/a:debian:debian_linux:php-symfony-dotenv, p-cpe:/a:debian:debian_linux:php-symfony-gitter-notifier, p-cpe:/a:debian:debian_linux:php-symfony-phrase-translation-provider, p-cpe:/a:debian:debian_linux:php-symfony-twitter-notifier, p-cpe:/a:debian:debian_linux:php-symfony-message-media-notifier
必需的 KB 项: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
可利用: true
易利用性: Exploits are available
补丁发布日期: 2026/5/31
漏洞发布日期: 2024/11/6
参考资料信息
CVE: CVE-2024-50340, CVE-2026-45063, CVE-2026-45064, CVE-2026-45065, CVE-2026-45066, CVE-2026-45067, CVE-2026-45068, CVE-2026-45069, CVE-2026-45071, CVE-2026-45072, CVE-2026-45073, CVE-2026-45077, CVE-2026-45133, CVE-2026-45304, CVE-2026-45305, CVE-2026-45754, CVE-2026-46626, CVE-2026-48489, CVE-2026-48736, CVE-2026-48760, CVE-2026-48761, CVE-2026-48784