FEDORA-2023-9e5a29a25d

Packages in this update:

mingw-glib2-2.74.7-1.fc38

Update description:

Update to glib2-2.74.7.

Read More

FEDORA-2023-1a7e2b3dda

Packages in this update:

mingw-glib2-2.74.7-1.fc37

Update description:

Update to glib2-2.74.7.

Read More

FEDORA-2023-2b7eeaaee5

Packages in this update:

php-8.1.20-1.fc37

Update description:

PHP version 8.1.20 (08 Jun 2023)

Core:

Fixed bug GH-9068 (Conditional jump or move depends on uninitialised value(s)). (nielsdos)
Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state). (Bob)
Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash). (Bob)

Date:

Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in offset). (nielsdos)

Exif:

Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper chunk sizes). (nielsdos)

FPM:

Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of child->ev_std(out|err)). (Jakub Zelenka)
Fixed bug php#64539 (FPM status page: query_string not properly JSON encoded). (Jakub Zelenka)
Fixed memory leak for invalid primary script file handle. (Jakub Zelenka)

Hash:

Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments). (nielsdos)

LibXML:

Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0). (nielsdos)

Opcache:

Fixed bug GH-11134 (Incorrect match default branch optimization). (ilutov)
Fixed too wide OR and AND range inference. (nielsdos)
Fixed bug GH-11245 (In some specific cases SWITCH with one default statement will cause segfault). (nielsdos)

PGSQL:

Fixed parameter parsing of pg_lo_export(). (kocsismate)

Phar:

Fixed bug GH-11099 (Generating phar.php during cross-compile can’t be done). (peter279k)

Soap:

Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla)
Fixed bug GH-8426 (make test fail while soap extension build). (nielsdos)

SPL:

Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)). (nielsdos)

Standard:

Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for source file). (ilutov)
Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308 redirect). (nielsdos)

Streams:

Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data). (nielsdos)
Fixed bug GH-11175 (Stream Socket Timeout). (nielsdos)
Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client). (nielsdos)

Read More

It was discovered that LibreOffice did not properly validate the number of
parameters passed to the formula interpreter, leading to an array index
underflow attack. If a user were tricked into opening a specially crafted
spreadsheet file, an attacker could possibly use this issue to execute
arbitrary code. (CVE-2023-0950)

Amel Bouziane-Leblond discovered that LibreOffice did not prompt the user
before loading the host document inside an IFrame. If a user were tricked
into opening a specially crafted input file, an attacker could possibly use
this issue to cause information disclosure or execute arbitrary code.
(CVE-2023-2255)

Read More

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-34414,
CVE-2023-34416, CVE-2023-34417)

Jun Kokatsu discovered that Firefox did not properly validate site-isolated
process for a document loaded from a data: URL that was the result of a
redirect, leading to an open redirect attack. An attacker could possibly
use this issue to perform phishing attacks. (CVE-2023-34415)

Read More

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ZTE MF286R routers. Authentication is required to exploit this vulnerability.

Read More

The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary HTML in emails that could be used to phish unsuspecting victims.

Read More

The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator into performing an action such as clicking on a link.

Read More

The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings.

Read More