FEDORA-2022-c6fe3ebd94
Packages in this update:
php-twig-1.44.7-1.fc37
Update description:
Version 1.44.7 (2022-09-28)
Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)
php-twig-1.44.7-1.fc37
Version 1.44.7 (2022-09-28)
Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)
booth-1.0-251.4.bfb2f92.git.fc35
Remove Alias directive from booth@.service unit file
Security fix for CVE-2022-2553
booth-1.0-262.3.d0ac26c.git.fc36
Remove Alias directive from booth@.service unit file
Security fix for CVE-2022-2553
php-8.0.24-1.fc35
PHP version 8.0.24 (29 Sep 2022)
Core:
Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)
Fixed bug GH-9361 (Segmentation fault on script exit php#9379). (cmb, Christian Schneider)
Fixed bug GH-9407 (LSP error in eval’d code refers to wrong class for static type). (ilutov)
Fixed bug php#81727: Don’t mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629). (Derick)
DOM:
Fixed bug php#79451 (DOMDocument->replaceChild on doctype causes double free). (Nathan Freeman)
FPM:
Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload). (Dmitry Menshikov)
Fixed bug php#77780 (“Headers already sent…” when previous connection was aborted). (Jakub Zelenka)
GMP
Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()). (Girgias)
Intl
Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter). (Girgias)
Phar:
Fixed bug php#81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628). (cmb)
PDO_PGSQL:
Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed). (Yurunsoft)
Reflection:
Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure). (cmb, Nicolas Grekas)
Fixed bug GH-9409 (Private method is incorrectly dumped as “overwrites”). (ilutov)
Streams:
Fixed bug GH-9316 ($http_response_header is wrong for long status line). (cmb, timwolla)
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Microsoft Windows Active Directory Certificate Services. Authentication is required to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE CIMPLICITY. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE CIMPLICITY. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE CIMPLICITY. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE CIMPLICITY. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.