Package : debian-edu-config
CVE ID : CVE-2021-20001
Marcel Neumann, Robert Altschaffel, Loris Guba and Dustin Hermann
discovered that debian-edu-config, a set of configuration files used for
the Debian Edu blend configured insecure permissions for the user web
shares (~/public_html), which could result in privilege escalation.
If PHP functionality is needed for the user web shares, please refer
For the oldstable distribution (buster), this problem has been fixed
in version 2.10.65+deb10u8.
For the stable distribution (bullseye), this problem has been fixed in
We recommend that you upgrade your debian-edu-config packages.