Category Archives: Advisories

CVE-2021-3695

Read Time:29 Second

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.

Read More

xen-4.16.1-5.fc36

Read Time:11 Second

FEDORA-2022-c4ec706488

Packages in this update:

xen-4.16.1-5.fc36

Update description:

Linux disk/nic frontends data leaks [XSA-403, CVE-2022-26365,
CVE-2022-33740, CVE-2022-33741, CVE-2022-3374]

Read More

php-laminas-diactoros2-2.12.0-1.fc36

Read Time:2 Minute, 31 Second

FEDORA-2022-42c54e9e5f

Packages in this update:

php-laminas-diactoros2-2.12.0-1.fc36

Update description:

Version 2.12.0

Bug

99: Merge release 2.11.3 into 2.12.x thanks to @github-actions[bot]
92: Fix typo in property name in UploadedFileTest::setUp() thanks to @TimWolla

Enhancement

97: Ignore obviously malformed host headers when constructing a ServerRequest thanks to @TimWolla
91: Fix typo thanks to @PhantomWatson

Version 2.11.3

Bug, Enhancement

98: Fixed UploadedFile::moveTo() so it actually removes the original file when used in CLI context, and doesn’t leave orphaned files thanks to @k2rn

Version 2.11.2

Bug

95: Resolve Host header and X-Forwarded-Proto regressions thanks to @weierophinney

Release Notes for 2.11.1

This is a SECURITY release. All users are encouraged to upgrade immediately.

Added

This release adds features to allow filtering a ServerRequest as generated by LaminasDiactorosServerRequestFactory::fromGlobals() for the purposes of initialization. Examples include:

Adding a request identifier.
Using X-Forwarded-* headers to modify the URL to represent the original client request.

The features are based on a new interface, LaminasDiactororsServerRequestFilterFilterServerRequestInterface, which defines a single method:

public function __invoke(
PsrHttpMessageServerRequestInterface $request
): PsrHttpMessageServerRequestInterface

We provide two implementations, as follows:

LaminasDiactorosServerRequestFilterDoNotFilter will return the provided request verbatim.
LaminasDiactorosServerRequestFilterFilterUsingXForwardedHeaders has named constructors that allow you to define how and when X-Forwarded- headers are used to modify the URI instance associated with the request. These methods are:
* trustAny(): this method generates a filter instance that will trust all X-Forwarded-
headers from any source.
* trustReservedSubnets(array $trustedHeaders = ?): this method generates a filter instance that only modifies the URL if the IP address of the requesting server is from a reserved, private subnet (localhost; classes A, B, and C subnets; and IPv6 private and local-link subnets). By default, it will trust all X-Forwarded- headers from these sources, but you may specify a list to allow via the $trustedHeaders argument.
* trustProxies(array $proxyCIDRList, array $trustedHeaders = ?): this method will generate a filter instance that only modifies the URL if the requesting server matches an entry in the $proxyCIDRList. These entries may be IP addresses, or any IPv4 or IPv6 CIDR subnets. By default, it will trust all X-Forwarded-
headers from these sources, but you may specify a list to allow via the $trustedHeaders argument.

ServerRequestFactory::fromGlobals() now accepts a FilterServerRequestInterface instance as the optional argument $requestFilter. If none is provided, it uses one as produced by FilterUsingXForwardedHeaders::trustReservedSubnets().

Deprecated

The function LaminasDiactorosmarshalUriFromSapi() is deprecated, and no longer used internally.

Changed

LaminasDiactorosServerRequestFactory::fromGlobals() no longer consumes marshalUriFromSapi(), and instead inlines an alternate implementation. The new implementation does not consider X-Forwarded- headers by default when generating the associated URI instance. Internally, if no FilterServerRequestInterface implementation is provided, it defaults to using an instance returned by FilterUsingXForwardeHeaders::trustReservedSubnets(). If you previously relied on X-Forwarded- headers, you MAY need to update your code to use either the FilterUsingXForwardedHeaders::trustAny() or FilterUsingXForwardedHeaders::trustProxies() methods to generate a filter to use with ServerRequestFactory::fromGlobals().

Fixed

Fixes CVE-2022-31109

Read More

CVE-2021-23163

Read Time:16 Second

JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x.

Read More

CVE-2021-45721

Read Time:19 Second

JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory versions before 6.23.41 versions prior to 6.23.38.

Read More

subversion-1.14.2-5.fc36

Read Time:40 Second

FEDORA-2022-2af658b090

Packages in this update:

subversion-1.14.2-5.fc36

Update description:

This update includes the latest stable release of Apache Subversion, version 1.14.2. This update addresses two security issues, CVE-2021-28544 and CVE-2022-24070.

For more information see https://subversion.apache.org/security/CVE-2022-24070-advisory.txt and https://subversion.apache.org/security/CVE-2021-28544-advisory.txt

Client-side bugfixes:

Don’t show unreadable copyfrom paths in ‘svn log -v’
Fix -r option documentation for some svnadmin subcommands
Fix error message encoding when system() call fails
Fix assertion failure in conflict resolver

Client-side improvements and bugfixes:

Support multiple working copy formats (1.8-onward, 1.15)

Server-side bugfixes:

Fix use-after-free of object-pools when running in httpd (issue SVN-4880)

Read More