Category Archives: Advisories

Advisories

DSA-5421 firefox-esr – security update

Read Time:7 Second

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code.

Read More

Advisories

Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution

Read Time:34 Second

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.

Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Advisories

php-8.2.7-2.fc38

Read Time:2 Minute, 10 Second

FEDORA-2023-2455981016

Packages in this update:

php-8.2.7-2.fc38

Update description:

PHP version 8.2.7 (08 Jun 2023)

Core:

Fixed bug GH-11152 (Unable to alias namespaces containing reserved class names). (ilutov)
Fixed bug GH-9068 (Conditional jump or move depends on uninitialised value(s)). (nielsdos)
Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state). (Bob)
Fixed bug GH-11063 (Compilation error on old GCC versions). (ingamedeo)
Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash). (Bob)

Date:

Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in offset). (nielsdos)

Exif:

Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper chunk sizes). (nielsdos)

FPM:

Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of child->ev_std(out|err)). (Jakub Zelenka)
Fixed bug php#64539 (FPM status page: query_string not properly JSON encoded). (Jakub Zelenka)
Fixed memory leak for invalid primary script file handle. (Jakub Zelenka)

Hash:

Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments). (nielsdos)

LibXML:

Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0). (nielsdos)

MBString:

Fix bug GH-11217 (Segfault in mb_strrpos / mb_strripos when using negative offset and ASCII encoding). (ilutov)

Opcache:

Fixed bug GH-11134 (Incorrect match default branch optimization). (ilutov)
Fixed too wide OR and AND range inference. (nielsdos)
Fixed missing class redeclaration error with OPcache enabled. (ilutov)
Fixed bug GH-11245 (In some specific cases SWITCH with one default statement will cause segfault). (nielsdos)

PCNTL:

Fixed maximum argument count of pcntl_forkx(). (nielsdos)

PGSQL:

Fixed parameter parsing of pg_lo_export(). (kocsismate)

Phar:

Fixed bug GH-11099 (Generating phar.php during cross-compile can’t be done). (peter279k)

Soap:

Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla)
Fixed bug GH-8426 (make test fail while soap extension build). (nielsdos)

SPL:

Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)). (nielsdos)

Standard:

Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for source file). (ilutov)
Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308 redirect). (nielsdos)

Streams:

Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data). (nielsdos)
Fixed bug GH-11175 (Stream Socket Timeout). (nielsdos)
Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client). (nielsdos)

Read More