Aggregator

FEDORA-2024-39d50cc975 Packages in this update:

• php-8.2.18-1.fc38

Update description:

PHP version 8.2.18 (11 Apr 2024)

Core:

• Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
• Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
• Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)

DOM:

• Add some missing ZPP checks. (nielsdos)
• Fix potential memory leak in XPath evaluation results. (nielsdos)
• Fix phpdoc for DOMDocument load methods. (VincentLanglet)

FPM

• Fix incorrect check in fpm_shm_free(). (nielsdos)

GD:

• Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)

Gettext:

• Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)

MySQLnd:

• Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
• Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

Opcache:

• Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
• Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)

PDO:

• Fix various PDORow bugs. (Girgias)

Random:

• Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
• Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)

Session:

• Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)

Sockets:

• Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name). (David Carlier)

SPL:

• Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos)
• Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)

Standard:

• Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
• Fixed GH-13402 (Added validation of \n in $additional_headers of mail()). (SakiTakamachi)
• Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
• Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
• Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
• Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)

XML:

• Fixed bug GH-13517 (Multiple test failures when building with --with-expat). (nielsdos)

FEDORA-2024-b46619f761 Packages in this update:

• php-8.2.18-1.fc39

Update description:

PHP version 8.2.18 (11 Apr 2024)

Core:

• Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
• Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
• Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)

DOM:

• Add some missing ZPP checks. (nielsdos)
• Fix potential memory leak in XPath evaluation results. (nielsdos)
• Fix phpdoc for DOMDocument load methods. (VincentLanglet)

FPM

• Fix incorrect check in fpm_shm_free(). (nielsdos)

GD:

• Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)

Gettext:

• Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)

MySQLnd:

• Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
• Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

Opcache:

• Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
• Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)

PDO:

• Fix various PDORow bugs. (Girgias)

Random:

• Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
• Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)

Session:

• Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)

Sockets:

• Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name). (David Carlier)

SPL:

• Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos)
• Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)

Standard:

• Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
• Fixed GH-13402 (Added validation of \n in $additional_headers of mail()). (SakiTakamachi)
• Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
• Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
• Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
• Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)

XML:

• Fixed bug GH-13517 (Multiple test failures when building with --with-expat). (nielsdos)

FEDORA-2024-5e8ae0def0 Packages in this update:

• php-8.3.6-1.fc40

Update description:

PHP version 8.3.6 (11 Apr 2024)

Core:

• Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). (Arnaud)
• Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
• Fixed bug GH-13446 (Restore exception handler after it finishes). (ilutov)
• Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
• Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)

DOM:

• Add some missing ZPP checks. (nielsdos)
• Fix potential memory leak in XPath evaluation results. (nielsdos)

FPM:

• Fixed GH-11086 (FPM: config test runs twice in daemonised mode). (Jakub Zelenka)
• Fix incorrect check in fpm_shm_free(). (nielsdos)

GD:

• Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)

Gettext:

• Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)

MySQLnd:

• Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
• Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

Opcache:

• Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
• Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)

Random:

• Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
• Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)

Session:

• Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)

SPL:

• Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)

Standard:

• Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
• Fixed GH-13402 (Added validation of \n in $additional_headers of mail()). (SakiTakamachi)
• Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
• Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
• Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
• Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some inputs). (CVE-2024-2757) (Alex Dowad)
• Fix bug GH-13932 (Attempt to fix mbstring on windows build) (msvc). (David Carlier)

Version:next-20240410 (linux-next) Released:2024-04-10

FEDORA-2024-bbb141c1ed Packages in this update:

• rust-1.77.2-1.fc38

Update description:

Security fix for CVE-2024-24576 (Windows command injection)

FEDORA-2024-ab4573fb3b Packages in this update:

• rust-1.77.2-1.fc40

Update description:

Security fix for CVE-2024-24576 (Windows command injection)

FEDORA-2024-6bc17db348 Packages in this update:

• rust-1.77.2-1.fc39

Update description:

Security fix for CVE-2024-24576 (Windows command injection)

FEDORA-2024-3534c44ef9 Packages in this update:

• rust-1.77.2-1.fc41

Update description:

Automatic update for rust-1.77.2-1.fc41.

Changelog * Tue Apr 9 2024 Josh Stone <jistone@redhat.com> - 1.77.2-1 - Update to 1.77.2; Fixes RHBZ#2274248 CVE-2024-24576

FEDORA-2024-4357ec611d Packages in this update:

• xen-4.17.4-1.fc39

Update description:

x86: Native Branch History Injection [XSA-456, CVE-2024-2201] update to xen 4.17.4, remove patches now included upstream rebase xen.gcc12.fixes.patch x86 HVM hypercalls may trigger Xen bug check [XSA-454, CVE-2023-46842] x86: Incorrect logic for BTC/SRSO mitigations [XSA-455, CVE-2024-31142]

FEDORA-2024-a46df5ba2f Packages in this update:

• xen-4.18.2-1.fc40

Update description:

x86: Native Branch History Injection [XSA-456, CVE-2024-2201] update to xen 4.18.2, remove patches now included upstream x86 HVM hypercalls may trigger Xen bug check [XSA-454, CVE-2023-46842] x86: Incorrect logic for BTC/SRSO mitigations [XSA-455, CVE-2024-31142]

USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete resulting in a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. (CVE-2024-31080, CVE-2024-31081, CVE-2024-31082) It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2024-31083)

FEDORA-2024-bb70b21754 Packages in this update:

• abseil-cpp-20240116.2-1.fc40

Update description:

Update to 20240116.2: fixes possible out-of-bounds string access as described in https://github.com/abseil/abseil-cpp/pull/1650.

FEDORA-2024-f9ce536a3e Packages in this update:

• emacs-29.3-5.fc40

Update description:

Select correct Emacs binary on X11.

Obsolete the newer emacs-nox now in F39, fixing system upgrades

New upstream release 29.3, fixes rhbz#2271287

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. (CVE-2023-3006) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-34256) Eric Dumazet discovered that the netfilter subsystem in the Linux kernel did not properly handle DCCP conntrack buffers in certain situations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-39197) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel did not properly handle device initialization failures in certain situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2023-4132) Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838) It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51781) Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel did not properly handle connect command payloads in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2023-6121) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle the remount operation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-0775) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855)

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838) It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-52340) It was discovered that the device mapper driver in the Linux kernel did not properly validate target size during certain memory allocations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-52429, CVE-2024-23851) Dan Carpenter discovered that the netfilter subsystem in the Linux kernel did not store data in properly sized memory locations. A local user could use this to cause a denial of service (system crash). (CVE-2024-0607) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Architecture specifics; - Cryptographic API; - Android drivers; - EDAC drivers; - GPU drivers; - Media drivers; - MTD block device drivers; - Network drivers; - NVME drivers; - TTY drivers; - Userspace I/O drivers; - F2FS file system; - GFS2 file system; - IPv6 Networking; - AppArmor security module; (CVE-2023-52464, CVE-2023-52448, CVE-2023-52457, CVE-2023-52443, CVE-2023-52439, CVE-2023-52612, CVE-2024-26633, CVE-2024-26597, CVE-2023-52449, CVE-2023-52444, CVE-2023-52609, CVE-2023-52469, CVE-2023-52445, CVE-2023-52451, CVE-2023-52470, CVE-2023-52454, CVE-2023-52436, CVE-2023-52438)

FEDORA-2024-4afd3d38ae Packages in this update:

• rpm-ostree-2024.4-6.fc39

Update description:

Backport fix for /etc/[g]shadow permissions

FEDORA-2024-589189d414 Packages in this update:

• rpm-ostree-2024.4-5.fc40

Update description:

Securit fix for CVE-2024-2905 Backport fix for /etc/[g]shadow permissions

Backport patch to fix https://github.com/coreos/rpm-ostree/issues/4879

FEDORA-2024-1706127797 Packages in this update:

• xorg-x11-server-Xwayland-22.1.9-7.fc38

Update description:

CVE fix for CVE-2024-31080, CVE-2024-31081, CVE-2024-31083, and a fix for a regression introduced with the fix for CVE-2024-31083

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1194) Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32254) It was discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling session connections, leading to a use- after-free vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32258) It was discovered that the KSMBD implementation in the Linux kernel did not properly validate buffer sizes in certain operations, leading to an integer underflow and out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-38427) Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate SMB request protocol IDs, leading to a out-of- bounds read vulnerability. A remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-38430) Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate packet header sizes in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-38431) It was discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose sensitive information. (CVE-2023-3867) Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838) It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-52340) It was discovered that the device mapper driver in the Linux kernel did not properly validate target size during certain memory allocations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-52429, CVE-2024-23851) Yang Chaoming discovered that the KSMBD implementation in the Linux kernel did not properly validate request buffer sizes, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-22705) Chenyuan Yang discovered that the btrfs file system in the Linux kernel did not properly handle read operations on newly created subvolumes in certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-23850) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service (system crash). (CVE-2024-24860) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Architecture specifics; - Block layer; - Cryptographic API; - Android drivers; - EDAC drivers; - GPU drivers; - Media drivers; - Multifunction device drivers; - MTD block device drivers; - Network drivers; - NVME drivers; - TTY drivers; - Userspace I/O drivers; - EFI Variable file system; - F2FS file system; - GFS2 file system; - SMB network file system; - BPF subsystem; - IPv6 Networking; - Network Traffic Control; - AppArmor security module; (CVE-2023-52463, CVE-2023-52445, CVE-2023-52462, CVE-2023-52609, CVE-2023-52448, CVE-2023-52457, CVE-2023-52464, CVE-2023-52456, CVE-2023-52454, CVE-2023-52438, CVE-2023-52480, CVE-2023-52443, CVE-2023-52442, CVE-2024-26631, CVE-2023-52439, CVE-2023-52612, CVE-2024-26598, CVE-2024-26586, CVE-2024-26589, CVE-2023-52444, CVE-2023-52436, CVE-2024-26633, CVE-2024-26597, CVE-2023-52458, CVE-2024-26591, CVE-2023-52449, CVE-2023-52467, CVE-2023-52441, CVE-2023-52610, CVE-2023-52451, CVE-2023-52469, CVE-2023-52470)

FEDORA-2024-5af98298c7 Packages in this update:

• xorg-x11-server-Xwayland-23.2.6-1.fc39

Update description:

xwayland 23.2.6 - CVE fix for CVE-2024-31080, CVE-2024-31081, CVE-2024-31083