FEDORA-2022-6744980220

Packages in this update:

booth-1.0-262.3.d0ac26c.git.fc36

Update description:

Remove Alias directive from booth@.service unit file

Security fix for CVE-2022-2553

Read More

FEDORA-2022-afdea1c747

Packages in this update:

php-8.0.24-1.fc35

Update description:

PHP version 8.0.24 (29 Sep 2022)

Core:

Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)
Fixed bug GH-9361 (Segmentation fault on script exit php#9379). (cmb, Christian Schneider)
Fixed bug GH-9407 (LSP error in eval’d code refers to wrong class for static type). (ilutov)
Fixed bug php#81727: Don’t mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629). (Derick)

DOM:

Fixed bug php#79451 (DOMDocument->replaceChild on doctype causes double free). (Nathan Freeman)

FPM:

Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload). (Dmitry Menshikov)
Fixed bug php#77780 (“Headers already sent…” when previous connection was aborted). (Jakub Zelenka)

GMP

Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()). (Girgias)

Intl

Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter). (Girgias)

Phar:

Fixed bug php#81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628). (cmb)

PDO_PGSQL:

Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed). (Yurunsoft)

Reflection:

Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure). (cmb, Nicolas Grekas)
Fixed bug GH-9409 (Private method is incorrectly dumped as “overwrites”). (ilutov)

Streams:

Fixed bug GH-9316 ($http_response_header is wrong for long status line). (cmb, timwolla)

Read More

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Read More

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Microsoft Windows Active Directory Certificate Services. Authentication is required to exploit this vulnerability.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE CIMPLICITY. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE CIMPLICITY. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE CIMPLICITY. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE CIMPLICITY. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE CIMPLICITY. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Read More