The UK Government’s latest Cyber Security Breaches Survey found a large increase in the proportion of businesses impacted by a cyber-attack or breach in the past 12 months
Daily Archives: April 10, 2024
Targus business operations disrupted following cyber attack
Targus, the well-known laptop bag and case manufacturer, has been hit by a cyber attack that has interrupted its normal business operations.
Read more in my article on the Hot for Security blog.
php-8.2.18-1.fc38
FEDORA-2024-39d50cc975
Packages in this update:
php-8.2.18-1.fc38
Update description:
PHP version 8.2.18 (11 Apr 2024)
Core:
Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)
DOM:
Add some missing ZPP checks. (nielsdos)
Fix potential memory leak in XPath evaluation results. (nielsdos)
Fix phpdoc for DOMDocument load methods. (VincentLanglet)
FPM
Fix incorrect check in fpm_shm_free(). (nielsdos)
GD:
Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)
Gettext:
Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)
MySQLnd:
Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)
Opcache:
Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)
PDO:
Fix various PDORow bugs. (Girgias)
Random:
Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)
Session:
Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)
Sockets:
Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name). (David Carlier)
SPL:
Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos)
Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)
Standard:
Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
Fixed GH-13402 (Added validation of n in $additional_headers of mail()). (SakiTakamachi)
Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
XML:
Fixed bug GH-13517 (Multiple test failures when building with –with-expat). (nielsdos)
php-8.2.18-1.fc39
FEDORA-2024-b46619f761
Packages in this update:
php-8.2.18-1.fc39
Update description:
PHP version 8.2.18 (11 Apr 2024)
Core:
Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)
DOM:
Add some missing ZPP checks. (nielsdos)
Fix potential memory leak in XPath evaluation results. (nielsdos)
Fix phpdoc for DOMDocument load methods. (VincentLanglet)
FPM
Fix incorrect check in fpm_shm_free(). (nielsdos)
GD:
Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)
Gettext:
Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)
MySQLnd:
Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)
Opcache:
Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)
PDO:
Fix various PDORow bugs. (Girgias)
Random:
Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)
Session:
Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)
Sockets:
Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name). (David Carlier)
SPL:
Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos)
Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)
Standard:
Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
Fixed GH-13402 (Added validation of n in $additional_headers of mail()). (SakiTakamachi)
Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
XML:
Fixed bug GH-13517 (Multiple test failures when building with –with-expat). (nielsdos)
php-8.3.5-1.fc40
FEDORA-2024-5e8ae0def0
Packages in this update:
php-8.3.5-1.fc40
Update description:
PHP version 8.3.5 (11 Apr 2024)
Core:
Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). (Arnaud)
Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
Fixed bug GH-13446 (Restore exception handler after it finishes). (ilutov)
Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)
DOM:
Add some missing ZPP checks. (nielsdos)
Fix potential memory leak in XPath evaluation results. (nielsdos)
FPM:
Fixed GH-11086 (FPM: config test runs twice in daemonised mode). (Jakub Zelenka)
Fix incorrect check in fpm_shm_free(). (nielsdos)
GD:
Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)
Gettext:
Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)
MySQLnd:
Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)
Opcache:
Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)
Random:
Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)
Session:
Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)
SPL:
Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)
Standard:
Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
Fixed GH-13402 (Added validation of n in $additional_headers of mail()). (SakiTakamachi)
Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some inputs). (CVE-2024-2757) (Alex Dowad)
rust-1.77.2-1.fc38
FEDORA-2024-bbb141c1ed
Packages in this update:
rust-1.77.2-1.fc38
Update description:
Security fix for CVE-2024-24576 (Windows command injection)
rust-1.77.2-1.fc40
FEDORA-2024-ab4573fb3b
Packages in this update:
rust-1.77.2-1.fc40
Update description:
Security fix for CVE-2024-24576 (Windows command injection)
rust-1.77.2-1.fc39
FEDORA-2024-6bc17db348
Packages in this update:
rust-1.77.2-1.fc39
Update description:
Security fix for CVE-2024-24576 (Windows command injection)
rust-1.77.2-1.fc41
FEDORA-2024-3534c44ef9
Packages in this update:
rust-1.77.2-1.fc41
Update description:
Automatic update for rust-1.77.2-1.fc41.
Changelog
* Tue Apr 9 2024 Josh Stone <jistone@redhat.com> – 1.77.2-1
– Update to 1.77.2; Fixes RHBZ#2274248 CVE-2024-24576