Advisories » MGASA-2017-0067

Updated php-tcpdf packages fix security vulnerability

Publication date: 26 Feb 2017
Modification date: 26 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-6100

Description

A local file inclusion vulnerability in TCPDF allows to upload files from
the server generating PDF files to an external FTP server (CVE-2017-6100).

The updated php-tcpdf-6.0.098-1.1.mga5 package fixes this issue by setting
K_TCPDF_CALLS_IN_HTML configuration parameter to false by default.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20322
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6100

SRPMS

5/core

• php-tcpdf-6.0.098-1.1.mga5