FEDORA-2022-c6fe3ebd94
Packages in this update:
php-twig-1.44.7-1.fc37
Update description:
Version 1.44.7 (2022-09-28)
Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)
php-twig-1.44.7-1.fc37
Version 1.44.7 (2022-09-28)
Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)
Cybersecurity continues to be high on the agenda of governments across the globe, with both national and local levels increasingly working to counter cybersecurity threats. Much like last year, 2022 has seen significant, government-led initiatives launched to help to address diverse security issues.
Here are 22 notable cybersecurity initiatives introduced around the world in 2022.
The Israeli government announced that it will join the Inter-American Development Bank (IDB) to establish a new cybersecurity initiative, committing $2 million USD to help strengthen cybersecurity capabilities in Latin America and the Caribbean (LAC). Israel’s funding would aid in building cyber capacity across the region by giving officials and policymakers access to forefront practices and world-leading knowledge and expertise, the government stated. “The cybersecurity initiative is paving the way for the safe and secure digitalization of Latin America and the Caribbean, one of the key elements for growth in the post-COVID era,” said Matan Lev-Ari, Israel’s representative on the IDB’s Board.
On September 1, a crew of US government offices launched the fourth-annual National Insider Threat Awareness Month (NITAM). The goal of the month-long event is to educate the government and industry about the dangers posed by insider threats and the role of insider threat programs. This year’s campaign focuses on the importance of critical thinking to help workforces guard against risk in digital spaces.
The NITAM launch announcement cited recent examples of insider threats in the digital space:
booth-1.0-251.4.bfb2f92.git.fc35
Remove Alias directive from booth@.service unit file
Security fix for CVE-2022-2553
booth-1.0-262.3.d0ac26c.git.fc36
Remove Alias directive from booth@.service unit file
Security fix for CVE-2022-2553
php-8.0.24-1.fc35
PHP version 8.0.24 (29 Sep 2022)
Core:
Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)
Fixed bug GH-9361 (Segmentation fault on script exit php#9379). (cmb, Christian Schneider)
Fixed bug GH-9407 (LSP error in eval’d code refers to wrong class for static type). (ilutov)
Fixed bug php#81727: Don’t mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629). (Derick)
DOM:
Fixed bug php#79451 (DOMDocument->replaceChild on doctype causes double free). (Nathan Freeman)
FPM:
Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload). (Dmitry Menshikov)
Fixed bug php#77780 (“Headers already sent…” when previous connection was aborted). (Jakub Zelenka)
GMP
Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()). (Girgias)
Intl
Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter). (Girgias)
Phar:
Fixed bug php#81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628). (cmb)
PDO_PGSQL:
Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed). (Yurunsoft)
Reflection:
Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure). (cmb, Nicolas Grekas)
Fixed bug GH-9409 (Private method is incorrectly dumped as “overwrites”). (ilutov)
Streams:
Fixed bug GH-9316 ($http_response_header is wrong for long status line). (cmb, timwolla)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.