custom-content-type-manager WordPress plugin can be used by an administrator to achieve arbitrary PHP remote code execution.
Category Archives: Advisories
gnupg2-2.3.4-2.fc35
FEDORA-2022-1124e5882d
Packages in this update:
gnupg2-2.3.4-2.fc35
Update description:
Fix for CVE-2022-34903 (#2103242)
USN-5488-2: OpenSSL vulnerability
USN-5488-1 fixed vulnerabilities in OpenSSL. This update provides the
corresponding updates for Ubuntu 16.04 ESM.
Original advisory details:
Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the
c_rehash script. A local attacker could possibly use this issue to execute
arbitrary commands when c_rehash is run.
CVE-2021-3695
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
CVE-2021-31677
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members’ passwords.
CVE-2021-31678
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user’s company.
CVE-2021-31679
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members’ account numbers.
CVE-2021-31676
A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CSRF in the same file, they can cause bigger destruction.
xen-4.16.1-5.fc36
FEDORA-2022-c4ec706488
Packages in this update:
xen-4.16.1-5.fc36
Update description:
Linux disk/nic frontends data leaks [XSA-403, CVE-2022-26365,
CVE-2022-33740, CVE-2022-33741, CVE-2022-3374]
php-laminas-diactoros2-2.12.0-1.fc36
FEDORA-2022-42c54e9e5f
Packages in this update:
php-laminas-diactoros2-2.12.0-1.fc36
Update description:
Version 2.12.0
Bug
99: Merge release 2.11.3 into 2.12.x thanks to @github-actions[bot]
92: Fix typo in property name in UploadedFileTest::setUp() thanks to @TimWolla
Enhancement
97: Ignore obviously malformed host headers when constructing a ServerRequest thanks to @TimWolla
91: Fix typo thanks to @PhantomWatson
Version 2.11.3
Bug, Enhancement
98: Fixed UploadedFile::moveTo() so it actually removes the original file when used in CLI context, and doesn’t leave orphaned files thanks to @k2rn
Version 2.11.2
Bug
95: Resolve Host header and X-Forwarded-Proto regressions thanks to @weierophinney
Release Notes for 2.11.1
This is a SECURITY release. All users are encouraged to upgrade immediately.
Added
This release adds features to allow filtering a ServerRequest as generated by LaminasDiactorosServerRequestFactory::fromGlobals() for the purposes of initialization. Examples include:
Adding a request identifier.
Using X-Forwarded-* headers to modify the URL to represent the original client request.
The features are based on a new interface, LaminasDiactororsServerRequestFilterFilterServerRequestInterface, which defines a single method:
public function __invoke(
PsrHttpMessageServerRequestInterface $request
): PsrHttpMessageServerRequestInterface
We provide two implementations, as follows:
LaminasDiactorosServerRequestFilterDoNotFilter will return the provided request verbatim.
LaminasDiactorosServerRequestFilterFilterUsingXForwardedHeaders has named constructors that allow you to define how and when X-Forwarded- headers are used to modify the URI instance associated with the request. These methods are:
* trustAny(): this method generates a filter instance that will trust all X-Forwarded- headers from any source.
* trustReservedSubnets(array $trustedHeaders = ?): this method generates a filter instance that only modifies the URL if the IP address of the requesting server is from a reserved, private subnet (localhost; classes A, B, and C subnets; and IPv6 private and local-link subnets). By default, it will trust all X-Forwarded- headers from these sources, but you may specify a list to allow via the $trustedHeaders argument.
* trustProxies(array $proxyCIDRList, array $trustedHeaders = ?): this method will generate a filter instance that only modifies the URL if the requesting server matches an entry in the $proxyCIDRList. These entries may be IP addresses, or any IPv4 or IPv6 CIDR subnets. By default, it will trust all X-Forwarded- headers from these sources, but you may specify a list to allow via the $trustedHeaders argument.
ServerRequestFactory::fromGlobals() now accepts a FilterServerRequestInterface instance as the optional argument $requestFilter. If none is provided, it uses one as produced by FilterUsingXForwardedHeaders::trustReservedSubnets().
Deprecated
The function LaminasDiactorosmarshalUriFromSapi() is deprecated, and no longer used internally.
Changed
LaminasDiactorosServerRequestFactory::fromGlobals() no longer consumes marshalUriFromSapi(), and instead inlines an alternate implementation. The new implementation does not consider X-Forwarded- headers by default when generating the associated URI instance. Internally, if no FilterServerRequestInterface implementation is provided, it defaults to using an instance returned by FilterUsingXForwardeHeaders::trustReservedSubnets(). If you previously relied on X-Forwarded- headers, you MAY need to update your code to use either the FilterUsingXForwardedHeaders::trustAny() or FilterUsingXForwardedHeaders::trustProxies() methods to generate a filter to use with ServerRequestFactory::fromGlobals().
Fixed
Fixes CVE-2022-31109