FEDORA-EPEL-2023-d55abd83c7
Packages in this update:
perl-HTML-StripScripts-1.06-22.el8
Update description:
Fixes CVE-2023-24038
perl-HTML-StripScripts-1.06-22.el8
Fixes CVE-2023-24038
perl-HTML-StripScripts-1.06-22.el7
Fixes CVE-2023-24038
perl-HTML-StripScripts-1.06-22.el9
Fixes CVE-2023-24038
USN-6028-1 fixed vulnerabilities in libxml2. This update provides the
corresponding updates for Ubuntu 23.04.
Original advisory details:
It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash.
(CVE-2022-2309)
It was discovered that lixml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2023-28484)
It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash.
(CVE-2023-29469)
mingw-glib2-2.74.7-1.fc38
Update to glib2-2.74.7.
mingw-glib2-2.74.7-1.fc37
Update to glib2-2.74.7.
php-8.1.20-1.fc37
PHP version 8.1.20 (08 Jun 2023)
Core:
Fixed bug GH-9068 (Conditional jump or move depends on uninitialised value(s)). (nielsdos)
Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state). (Bob)
Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash). (Bob)
Date:
Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in offset). (nielsdos)
Exif:
Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper chunk sizes). (nielsdos)
FPM:
Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of child->ev_std(out|err)). (Jakub Zelenka)
Fixed bug php#64539 (FPM status page: query_string not properly JSON encoded). (Jakub Zelenka)
Fixed memory leak for invalid primary script file handle. (Jakub Zelenka)
Hash:
Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments). (nielsdos)
LibXML:
Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0). (nielsdos)
Opcache:
Fixed bug GH-11134 (Incorrect match default branch optimization). (ilutov)
Fixed too wide OR and AND range inference. (nielsdos)
Fixed bug GH-11245 (In some specific cases SWITCH with one default statement will cause segfault). (nielsdos)
PGSQL:
Fixed parameter parsing of pg_lo_export(). (kocsismate)
Phar:
Fixed bug GH-11099 (Generating phar.php during cross-compile can’t be done). (peter279k)
Soap:
Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla)
Fixed bug GH-8426 (make test fail while soap extension build). (nielsdos)
SPL:
Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)). (nielsdos)
Standard:
Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for source file). (ilutov)
Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308 redirect). (nielsdos)
Streams:
Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data). (nielsdos)
Fixed bug GH-11175 (Stream Socket Timeout). (nielsdos)
Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client). (nielsdos)
It was discovered that LibreOffice did not properly validate the number of
parameters passed to the formula interpreter, leading to an array index
underflow attack. If a user were tricked into opening a specially crafted
spreadsheet file, an attacker could possibly use this issue to execute
arbitrary code. (CVE-2023-0950)
Amel Bouziane-Leblond discovered that LibreOffice did not prompt the user
before loading the host document inside an IFrame. If a user were tricked
into opening a specially crafted input file, an attacker could possibly use
this issue to cause information disclosure or execute arbitrary code.
(CVE-2023-2255)
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-34414,
CVE-2023-34416, CVE-2023-34417)
Jun Kokatsu discovered that Firefox did not properly validate site-isolated
process for a document loaded from a data: URL that was the result of a
redirect, leading to an open redirect attack. An attacker could possibly
use this issue to perform phishing attacks. (CVE-2023-34415)
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ZTE MF286R routers. Authentication is required to exploit this vulnerability.