Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-4047,
CVE-2023-4048, CVE-2023-4049, CVE-2023-4051, CVE-2023-4053, CVE-2023-4055,
CVE-2023-4056, CVE-2023-4057, CVE-2023-4058)

Max Vlasov discovered that Firefox Offscreen Canvas did not properly track
cross-origin tainting. An attacker could potentially exploit this issue to
access image data from another site in violation of same-origin policy.
(CVE-2023-4045)

Alexander Guryanov discovered that Firefox did not properly update the
value of a global variable in WASM JIT analysis in some circumstances. An
attacker could potentially exploit this issue to cause a denial of service.
(CVE-2023-4046)

Mark Brand discovered that Firefox did not properly validate the size of
an untrusted input stream. An attacker could potentially exploit this issue
to cause a denial of service. (CVE-2023-4050)

Read More

FEDORA-2023-c68f2227e6

Packages in this update:

php-8.1.22-1.fc37

Update description:

PHP version 8.1.22 (03 Aug 2023)

Build:

Fixed bug GH-11522 (PHP version check fails with ‘-‘ separator). (SVGAnimate)

CLI:

Fix interrupted CLI output causing the process to exit. (nielsdos)

Core:

Fixed oss-fuzz php#60011 (Mis-compilation of by-reference nullsafe operator). (ilutov)
Fixed use-of-uninitialized-value with ??= on assert. (ilutov)
Fixed build for FreeBSD before the 11.0 releases. (David Carlier)

Curl:

Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION. (nielsdos)

Date:

Fixed bug GH-11368 (Date modify returns invalid datetime). (Derick)

DOM:

Fixed bug GH-11625 (DOMElement::replaceWith() doesn’t replace node with DOMDocumentFragment but just deletes node or causes wrapping <> depending on libxml2 version). (nielsdos)

Fileinfo:

Fixed bug GH-11298 (finfo returns wrong mime type for xz files). (Anatol)

FTP:

Fix context option check for “overwrite”. (JonasQuinten)
Fixed bug GH-10562 (Memory leak and invalid state with consecutive ftp_nb_fget). (nielsdos)

GD:

Fix most of the external libgd test failures. (Michael Orlitzky)

Hash:

Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options parameter in signature. (ilutov)

Intl:

Fix memory leak in MessageFormatter::format() on failure. (Girgias)

Libxml:

Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov)

MBString:

Fix GH-11300 (license issue: restricted unicode license headers). (nielsdos)

Opcache:

Fixed bug GH-10914 (OPCache with Enum and Callback functions results in segmentation fault). (nielsdos)
Prevent potential deadlock if accelerated globals cannot be allocated. (nielsdos)

PCNTL:

Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open). (nielsdos)

PCRE:

Mangle PCRE regex cache key with JIT option. (mvorisek)

PDO:

Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled). (SakiTakamachi)

PDO SQLite:

Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt). (KapitanOczywisty, CViniciusSDias)

Phar:

Add missing check on EVP_VerifyUpdate() in phar util. (nielsdos)
Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824) (nielsdos)

PHPDBG:

Fixed bug GH-9669 (phpdbg -h options doesn’t list the -z option). (adsr)

Session:

Removed broken url support for transferring session ID. (ilutov)

Standard:

Fix serialization of RC1 objects appearing in object graph twice. (ilutov)

SQLite3:

Fix replaced error handling in SQLite3Stmt::__construct. (nielsdos)

Read More

In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment.

Read More

In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.

Read More

FEDORA-2023-b7b87e4966

Packages in this update:

xen-4.16.4-4.fc37

Update description:

arm: Guests can trigger a deadlock on Cortex-A77 [XSA-436, CVE-2023-34320]
(#2228238)

bugfix for x86/AMD: Zenbleed [XSA-433, CVE-2023-20593]

x86/AMD: Zenbleed [XSA-433, CVE-2023-20593]

Read More

FEDORA-2023-0d6aa10621

Packages in this update:

xen-4.17.1-9.fc38

Update description:

arm: Guests can trigger a deadlock on Cortex-A77 [XSA-436, CVE-2023-34320]
(#2228238)

bugfix for x86/AMD: Zenbleed [XSA-433, CVE-2023-20593]

x86/AMD: Zenbleed [XSA-433]
omit OCaml 5 patch on fc38

Read More

Posted by Stefan Pietsch on Aug 01

# Trovent Security Advisory 2303-01 #
#####################################

Authenticated remote code execution in Eramba
#############################################

Overview
########

Advisory ID: TRSA-2303-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2303-01
Affected product: Eramba
Affected version: 3.19.1 (Enterprise and Community edition)
Vendor: Eramba Limited,…

Read More

Posted by Rick Verdoes via Fulldisclosure on Aug 01

=========================
Exploit Title: Hostname injection leads to Remote Code Execution RCE (Authenticated)
Product: Gaia Portal
Vendor: Checkpoint
Vulnerable Versions: R81.20 < Take 14, R81.10 < Take 95, R81 < Take 82 and R80.40 < Take 198
Tested Version: R81.10 (take 335)
Advisory Publication: July 27, 2023
Latest Update: July 72, 2023
Vulnerability Type: Improper Control of Generation of Code (Code Injection) [CWE-94]
CVE…

Read More