USN-5947-1: Twig vulnerabilities

Read Time:40 Second

Fabien Potencier discovered that Twig was not properly enforcing sandbox
policies when dealing with objects automatically cast to strings by PHP.
An attacker could possibly use this issue to expose sensitive information.
This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
(CVE-2019-9942)

Marlon Starkloff discovered that Twig was not properly enforcing closure
constraints in some of its array filtering functions. An attacker could
possibly use this issue to execute arbitrary code. This issue was only
fixed in Ubuntu 20.04 ESM. (CVE-2022-23614)

Dariusz Tytko discovered that Twig was not properly verifying input data
utilized when defining pathnames used to access files in a system. An
attacker could possibly use this issue to access unauthorized resources
and expose sensitive information. (CVE-2022-39261)

Threat Actors Shift to JavaScript-Based Phishing Attacks

Cybersecurity Incident Affects Arkansas City Water Treatment Facility

Warnings after new Valencia ransomware group strikes businesses and leaks data

New Octo2 Malware Variant Threatens Mobile Banking Security

The AI Fix #17: Why AI is an AWFUL writer and LinkedIn’s outrageous land grab

14 Million Patients Impacted by US Healthcare Data Breaches in 2024

#GartnerSEC: Zero Failure Tolerance, A Cybersecurity Myth Holding Back Organizations

Citing security fears, Ukraine bans Telegram on government and military devices

Israel’s Pager Attacks and Supply Chain Vulnerabilities

xen-4.17.5-2.fc39

xen-4.18.3-2.fc40

xen-4.19.0-4.fc41

USN-7031-2: Puma vulnerability

USN-7031-1: Puma vulnerability

USN-7030-1: py7zr vulnerability