Post Content
Category Archives: Advisories
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird, the most severe of which could allow for arbitrary code execution.
Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Mozilla Thunderbird is a free and open-source cross-platform email client, personal information manager, news client, RSS and chat client
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Drupal core – Critical – Multiple vulnerabilities – SA-CORE-2022-016
Drupal uses the Twig third-party library for content templating and sanitization. Twig has released a security update that affects Drupal. Twig has rated the vulnerability as high severity.
Drupal core’s code extending Twig has also been updated to mitigate a related vulnerability.
Multiple vulnerabilities are possible if an untrusted user has access to write Twig code, including potential unauthorized read access to private files, the contents of other files on the server, or database credentials.
The vulnerability is mitigated by the fact that an exploit is only possible in Drupal core with a restricted access administrative permission. Additional exploit paths for the same vulnerability may exist with contributed or custom code that allows users to write Twig templates.
Install the latest version:
If you are using Drupal 9.4, update to Drupal 9.4.7.
If you are using Drupal 9.3, update to Drupal 9.3.22.
All versions of Drupal 9 prior to 9.3.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.
Drupal 7 core does not include Twig and therefore is not affected.
Alex Pott of the Drupal Security Team
Sascha Grossenbacher
Lee Rowlands of the Drupal Security Team
Lauri Eskola, provisional member of the Drupal Security Team
Nathaniel Catchpole of the Drupal Security Team
Dave Long, provisional member of the Drupal Security Team
cilefen of the Drupal Security Team
James Williams
Benji Fisher, provisional member of the Drupal Security Team
nodejs-18.9.1-1.fc37
FEDORA-2022-b7766ddf3e
Packages in this update:
nodejs-18.9.1-1.fc37
Update description:
September Security Updates for Node.js
Update to 18.9.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.9.0
nodejs-16.17.1-1.fc35
FEDORA-2022-58055cb1ef
Packages in this update:
nodejs-16.17.1-1.fc35
Update description:
September Security Updates for Node.js
Update to Node.js 16.17.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md#16.17.0
Fix dependency typo
Update to 16.15.0
Update to Node.js 16.14.1
Note that we will be skipping 16.14.2 since the only changes were in the bundled copy of OpenSSL, which we do not use. The relevant security patches are handled in Fedora’s openssl package.
nodejs-16.17.1-1.fc36
FEDORA-2022-3793987b02
Packages in this update:
nodejs-16.17.1-1.fc36
Update description:
September Security Updates for Node.js
Update to Node.js 16.17.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md#16.17.0
Fix dependency typo
Update to 16.15.0
Update to Node.js 16.14.1
Note that we will be skipping 16.14.2 since the only changes were in the bundled copy of OpenSSL, which we do not use. The relevant security patches are handled in Fedora’s openssl package.
php-8.1.11-1.fc36
FEDORA-2022-0b77fbd9e7
Packages in this update:
php-8.1.11-1.fc36
Update description:
PHP version 8.1.11 (29 Sep 2022)
Core:
Fixed bug php#81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628). (cmb)
Fixed bug php#81727: Don’t mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629). (Derick)
Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)
Fixed bug GH-9361 (Segmentation fault on script exit php#9379). (cmb, Christian Schneider)
Fixed bug GH-9447 (Invalid class FQN emitted by AST dump for new and class constants in constant expressions). (ilutov)
DOM:
Fixed bug php#79451 (DOMDocument->replaceChild on doctype causes double free). (Nathan Freeman)
FPM:
Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload). (Dmitry Menshikov)
Fixed bug php#77780 (“Headers already sent…” when previous connection was aborted). (Jakub Zelenka)
GMP
Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()). (Girgias)
Intl
Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter). (Girgias)
PCRE:
Fixed pcre.jit on Apple Silicon. (Niklas Keller)
PDO_PGSQL:
Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed). (Yurunsoft)
Reflection:
Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure). (cmb, Nicolas Grekas)
Streams:
Fixed bug GH-9316 ($http_response_header is wrong for long status line). (cmb, timwolla)
php-8.1.11-1.fc37
FEDORA-2022-580da6af27
Packages in this update:
php-8.1.11-1.fc37
Update description:
PHP version 8.1.11 (29 Sep 2022)
Core:
Fixed bug php#81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628). (cmb)
Fixed bug php#81727: Don’t mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629). (Derick)
Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)
Fixed bug GH-9361 (Segmentation fault on script exit php#9379). (cmb, Christian Schneider)
Fixed bug GH-9447 (Invalid class FQN emitted by AST dump for new and class constants in constant expressions). (ilutov)
DOM:
Fixed bug php#79451 (DOMDocument->replaceChild on doctype causes double free). (Nathan Freeman)
FPM:
Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload). (Dmitry Menshikov)
Fixed bug php#77780 (“Headers already sent…” when previous connection was aborted). (Jakub Zelenka)
GMP
Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()). (Girgias)
Intl
Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter). (Girgias)
PCRE:
Fixed pcre.jit on Apple Silicon. (Niklas Keller)
PDO_PGSQL:
Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed). (Yurunsoft)
Reflection:
Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure). (cmb, Nicolas Grekas)
Streams:
Fixed bug GH-9316 ($http_response_header is wrong for long status line). (cmb, timwolla)
ZDI-22-1302: Rockwell Automation ThinManager ThinServer URI Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability.
dropbear-2019.78-4.el8
FEDORA-EPEL-2022-54e8e9bf3b
Packages in this update:
dropbear-2019.78-4.el8
Update description:
Backport fix for CVE-2020-36254, resolves rhbz#1933067