Category Archives: Advisories

USN-6719-2: util-linux vulnerability

Read Time:21 Second

USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was
discovered that the fix did not fully address the issue. This update
removes the setgid permission bit from the wall and write utilities.

Original advisory details:

Skyler Ferrante discovered that the util-linux wall command did not filter
escape sequences from command line arguments. A local attacker could
possibly use this issue to obtain sensitive information.

Read More

php-8.2.18-1.fc38

Read Time:2 Minute, 2 Second

FEDORA-2024-39d50cc975

Packages in this update:

php-8.2.18-1.fc38

Update description:

PHP version 8.2.18 (11 Apr 2024)

Core:

Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)

DOM:

Add some missing ZPP checks. (nielsdos)
Fix potential memory leak in XPath evaluation results. (nielsdos)
Fix phpdoc for DOMDocument load methods. (VincentLanglet)

FPM

Fix incorrect check in fpm_shm_free(). (nielsdos)

GD:

Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)

Gettext:

Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)

MySQLnd:

Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

Opcache:

Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)

PDO:

Fix various PDORow bugs. (Girgias)

Random:

Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)

Session:

Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)

Sockets:

Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name). (David Carlier)

SPL:

Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos)
Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)

Standard:

Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
Fixed GH-13402 (Added validation of n in $additional_headers of mail()). (SakiTakamachi)
Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)

XML:

Fixed bug GH-13517 (Multiple test failures when building with –with-expat). (nielsdos)

Read More

php-8.2.18-1.fc39

Read Time:2 Minute, 2 Second

FEDORA-2024-b46619f761

Packages in this update:

php-8.2.18-1.fc39

Update description:

PHP version 8.2.18 (11 Apr 2024)

Core:

Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)

DOM:

Add some missing ZPP checks. (nielsdos)
Fix potential memory leak in XPath evaluation results. (nielsdos)
Fix phpdoc for DOMDocument load methods. (VincentLanglet)

FPM

Fix incorrect check in fpm_shm_free(). (nielsdos)

GD:

Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)

Gettext:

Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)

MySQLnd:

Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

Opcache:

Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)

PDO:

Fix various PDORow bugs. (Girgias)

Random:

Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)

Session:

Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)

Sockets:

Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name). (David Carlier)

SPL:

Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos)
Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)

Standard:

Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
Fixed GH-13402 (Added validation of n in $additional_headers of mail()). (SakiTakamachi)
Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)

XML:

Fixed bug GH-13517 (Multiple test failures when building with –with-expat). (nielsdos)

Read More

php-8.3.5-1.fc40

Read Time:2 Minute, 1 Second

FEDORA-2024-5e8ae0def0

Packages in this update:

php-8.3.5-1.fc40

Update description:

PHP version 8.3.5 (11 Apr 2024)

Core:

Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). (Arnaud)
Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
Fixed bug GH-13446 (Restore exception handler after it finishes). (ilutov)
Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)

DOM:

Add some missing ZPP checks. (nielsdos)
Fix potential memory leak in XPath evaluation results. (nielsdos)

FPM:

Fixed GH-11086 (FPM: config test runs twice in daemonised mode). (Jakub Zelenka)
Fix incorrect check in fpm_shm_free(). (nielsdos)

GD:

Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)

Gettext:

Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)

MySQLnd:

Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

Opcache:

Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)

Random:

Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)

Session:

Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)

SPL:

Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)

Standard:

Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
Fixed GH-13402 (Added validation of n in $additional_headers of mail()). (SakiTakamachi)
Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some inputs). (CVE-2024-2757) (Alex Dowad)

Read More

xen-4.17.4-1.fc39

Read Time:20 Second

FEDORA-2024-4357ec611d

Packages in this update:

xen-4.17.4-1.fc39

Update description:

x86: Native Branch History Injection [XSA-456, CVE-2024-2201]
update to xen 4.17.4, remove patches now included upstream
rebase xen.gcc12.fixes.patch
x86 HVM hypercalls may trigger Xen bug check [XSA-454, CVE-2023-46842]
x86: Incorrect logic for BTC/SRSO mitigations [XSA-455, CVE-2024-31142]

Read More

WordPress 6.5.2 Maintenance and Security Release

Read Time:1 Minute, 46 Second

Note: Due to an issue with the initial package, WordPress 6.5.1 was not released. 6.5.2 is the first minor release for WordPress 6.5.

This security and maintenance release features 2 bug fixes on Core, 12 bug fixes for the Block Editor, and 1 security fix.

Because this is a security release, it is recommended that you update your sites immediately. Backports are also available for other major WordPress releases, 6.1 and later.

You can download WordPress 6.5.2 from WordPress.org, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”. If you have sites that support automatic background updates, the update process will begin automatically.

WordPress 6.5.2 is a short-cycle release. The next major release will be version 6.6 and is currently planned for 16 July 2024.

Security updates included in this release

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by John Blackbourn of the WordPress security team. Many thanks to Mat Rollings for assisting with the research.

Thank you to these WordPress contributors

This release was led by John Blackbourn, Isabel Brison, and Aaron Jorbin.

WordPress 6.5.2 would not have been possible without the contributions of the following people. Their asynchronous coordination to deliver maintenance and security fixes into a stable release is a testament to the power and capability of the WordPress community.

Aaron Jorbin, Aki Hamano, Andrei Draganescu, Artemio Morales, Caleb Burks, colind, Daniel Richards, Dominik Schilling, Fabian Kägy, George Mamadashvili, Greg Ziółkowski, Isabel Brison, Jb Audras, Joe McGill, John Blackbourn, Jonathan Desrosiers, Lovekesh Kumar, Matias Benedetto, Mukesh Panchal, Pascal Birchler, Peter Wilson, Sean Fisher, Sergey Biryukov, Scott Reilly

How to contribute

To get involved in WordPress core development, head over to Trac, pick a ticket, and join the conversation in the #core channel. Need help? Check out the Core Contributor Handbook.

Thanks to John Blackbourn, Ehtisham S., Jb Audras, and Angela Jin for proofreading.

Read More