Read Time:35 Second

FEDORA-2023-275c12e496

Packages in this update:

composer-2.6.5-1.fc37

Update description:

Version 2.6.5 – 2023-10-06

Fixed error when vendor dir contains broken symlinks (#11670)
Fixed composer.lock missing from Composer’s zip archives (#11674)
Fixed AutoloadGenerator::dump() non-BC signature change in 2.6.4 (cb363b0e8)

Version 2.6.4 – 2023-09-29

Security: Fixed possible remote code execution vulnerability if composer.phar is publicly accessible, executable as PHP, and register_argc_argv is enabled in php.ini (GHSA-jm6m-4632-36hf / CVE-2023-43655)
Fixed json output of abandoned packages in audit command (#11647)
Performance improvement in pool optimization step (#11638)
Performance improvement in show -a <packagename> (#11659)

Gift Card Fraud

U.S. Army Soldier Arrested in AT&T, Verizon Extortions

Salt Typhoon’s Reach Continues to Grow

Majority of UK SMEs Lack Cybersecurity Policy

Happy 15th Anniversary, KrebsOnSecurity!

CISA’s 2024 Review Highlights Major Efforts in Cybersecurity Industry Collaboration

Casino Players Using Hidden Cameras for Cheating

Friday Squid Blogging: Squid on Pizza

Scams Based on Fake Google Emails

composer-2.6.5-1.fc37

FEDORA-2023-275c12e496

Packages in this update:

Update description:

gimp-2.10.38-12.fc40

Multiple vulnerabilities in CTFd versions <= 3.7.4

IBMi Navigator / CVE-2024-51464 / HTTP Security Token Bypass

IBMi Navigator / CVE-2024-51463 / Server Side Request Forgery (SSRF)

PAN-OS Firewall Denial of Service (DoS) Vulnerability

golang-github-git-5-5.13.0-1.fc42