FEDORA-2024-2b429e720e
Packages in this update:
php-8.3.12-1.fc40
Update description:
PHP version 8.3.12 (26 Sep 2024)
CGI:
Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) (nielsdos)
Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927) (nielsdos)
Core:
Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer). (zeriyoshi)
Fixed bug GH-15515 (Configure error grep illegal option q). (Peter Kokot)
Fixed bug GH-15514 (Configure error: genif.sh: syntax error). (Peter Kokot)
Fixed bug GH-15565 (–disable-ipv6 during compilation produces error EAI_SYSTEM not found). (nielsdos)
Fixed bug GH-15587 (CRC32 API build error on arm 32-bit). (Bernd Kuhls, Thomas Petazzoni)
Fixed bug GH-15330 (Do not scan generator frames more than once). (Arnaud)
Fixed uninitialized lineno in constant AST of internal enums. (ilutov)
Curl:
FIxed bug GH-15547 (curl_multi_select overflow on timeout argument). (David Carlier)
DOM:
Fixed bug GH-15551 (Segmentation fault (access null pointer) in ext/dom/xml_common.h). (nielsdos)
Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c). (nielsdos)
Fileinfo:
Fixed bug GH-15752 (Incorrect error message for finfo_file with an empty filename argument). (DanielEScherzer)
FPM:
Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026) (Jakub Zelenka)
MySQLnd:
Fixed bug GH-15432 (Heap corruption when querying a vector). (cmb, Kamil Tekiela)
Opcache:
Fixed bug GH-15661 (Access null pointer in Zend/Optimizer/zend_inference.c). (nielsdos)
Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h). (nielsdos)
SAPI:
Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925) (Arnaud)
Standard:
Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c). (cmb)
Streams:
Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated). (cmb)
More Stories
libxml2-2.12.9-1.fc40
FEDORA-2024-9f3765a04b Packages in this update: libxml2-2.12.9-1.fc40 Update description: Update to 2.12.9 Fixes CVE-2024-40896 Read More
libxml2-2.12.9-1.fc41
FEDORA-2024-867a14de12 Packages in this update: libxml2-2.12.9-1.fc41 Update description: Update to 2.12.9 Fixes CVE-2024-40896. Read More
iwd-3.3-1.fc40 libell-0.71-1.fc40
FEDORA-2024-0fa283c43a Packages in this update: iwd-3.3-1.fc40 libell-0.71-1.fc40 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
iwd-3.3-1.fc41 libell-0.71-1.fc41
FEDORA-2024-256818da09 Packages in this update: iwd-3.3-1.fc41 libell-0.71-1.fc41 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. Apache Struts2 is an open-source...
CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205
Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 21 CyberDanube Security Research 20241219-0 ------------------------------------------------------------------------------- title| Authenticated Remote Code...