Fedora 38 Update: wordpress-6.4.4-1.fc38
Fedora 38 Update: php-8.2.18-1.fc38
Fedora 38 Update: rust-1.77.2-1.fc38
Fedora 38 Update: editorconfig-0.12.7-1.fc38
Fedora 39 Update: perl-Clipboard-0.29-1.fc39
Fedora 39 Update: php-8.2.18-1.fc39
Fedora 39 Update: editorconfig-0.12.7-1.fc39
Fedora 38 Update: wordpress-6.4.4-1.fc38
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0a2f144348
2024-04-19 02:52:22.310713
--------------------------------------------------------------------------------
Name : wordpress
Product : Fedora 38
Version : 6.4.4
Release : 1.fc38
URL : http://www.wordpress.org
Summary : Blog tool and publishing platform
Description :
Wordpress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.
Important information in /usr/share/doc/wordpress/README.fedora
--------------------------------------------------------------------------------
Update Information:
WordPress 6.4.4 Security Release
Security updates included in this release
A cross-site scripting (XSS) vulnerability affecting the Avatar block type;
reported by John Blackbourn of the WordPress security team. Many thanks to Mat
Rollings for assisting with the research.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 10 2024 Remi Collet [remi@remirepo.net] - 6.4.4-1
- WordPress 6.4.4 Security Release
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0a2f144348' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 38 Update: php-8.2.18-1.fc38
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-39d50cc975
2024-04-19 02:52:22.310679
--------------------------------------------------------------------------------
Name : php
Product : Fedora 38
Version : 8.2.18
Release : 1.fc38
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
--------------------------------------------------------------------------------
Update Information:
PHP version 8.2.18 (11 Apr 2024)
Core:
Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
(nielsdos)
Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
Fixed bug GH-13670 (GC does not scale well with a lot of objects created in
destructor). (Arnaud)
DOM:
Add some missing ZPP checks. (nielsdos)
Fix potential memory leak in XPath evaluation results. (nielsdos)
Fix phpdoc for DOMDocument load methods. (VincentLanglet)
FPM
Fix incorrect check in fpm_shm_free(). (nielsdos)
GD:
Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)
Gettext:
Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with
category set to LC_ALL. (David Carlier)
MySQLnd:
Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)
Opcache:
Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud,
Dmitry)
Fixed GH-13712 (Segmentation fault for enabled observers when calling trait
method of internal trait when opcache is loaded). (Bob)
PDO:
Fix various PDORow bugs. (Girgias)
Random:
Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes).
(timwolla)
Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests
when MT_RAND_PHP is used). (timwolla)
Session:
Fixed bug GH-13680 (Segfault with session_decode and compilation error).
(nielsdos)
Sockets:
Fixed bug GH-13604 (socket_getsockname returns random characters in the end of
the socket name). (David Carlier)
SPL:
Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in
PHP 8.2.15). (nielsdos)
Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)
Standard:
Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
Fixed GH-13402 (Added validation of \n in $additional_headers of mail()).
(SakiTakamachi)
Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
(divinity76)
Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command
parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial
CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
XML:
Fixed bug GH-13517 (Multiple test failures when building with --with-expat).
(nielsdos)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 10 2024 Remi Collet [remi@remirepo.net] - 8.2.18-1
- Update to 8.2.18 - http://www.php.net/releases/8_2_18.php
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2275058 - CVE-2024-2756 php: host/secure cookie bypass due to partial CVE-2022-31629 fix
https://bugzilla.redhat.com/show_bug.cgi?id=2275058
[ 2 ] Bug #2275061 - CVE-2024-3096 php: password_verify can erroneously return true, opening ATO risk
https://bugzilla.redhat.com/show_bug.cgi?id=2275061
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-39d50cc975' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 38 Update: rust-1.77.2-1.fc38
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bbb141c1ed
2024-04-19 02:52:22.310673
--------------------------------------------------------------------------------
Name : rust
Product : Fedora 38
Version : 1.77.2
Release : 1.fc38
URL : https://www.rust-lang.org
Summary : The Rust Programming Language
Description :
Rust is a systems programming language that runs blazingly fast, prevents
segfaults, and guarantees thread safety.
This package includes the Rust compiler and documentation generator.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2024-24576 (Windows command injection)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 9 2024 Josh Stone [jistone@redhat.com] - 1.77.2-1
- Update to 1.77.2; Fixes RHBZ#2274248 CVE-2024-24576
* Fri Apr 5 2024 Josh Stone [jistone@redhat.com] - 1.77.0-3
- Ensure more consistency in PGO flags -- fixes Cargo tests
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2265585 - CVE-2024-24576 rust: Fail to Escape Arguments Properly in Microsoft Windows
https://bugzilla.redhat.com/show_bug.cgi?id=2265585
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bbb141c1ed' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 38 Update: editorconfig-0.12.7-1.fc38
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0f08e59f25
2024-04-19 02:52:22.310660
--------------------------------------------------------------------------------
Name : editorconfig
Product : Fedora 38
Version : 0.12.7
Release : 1.fc38
URL : https://github.com/editorconfig/editorconfig-core-c
Summary : Parser for EditorConfig files written in C
Description :
EditorConfig makes it easy to maintain the correct coding style when
switching between different text editors and between different projects.
The EditorConfig project maintains a file format and plugins for various
text editors which allow this file format to be read and used by those
editors.
--------------------------------------------------------------------------------
Update Information:
Update to 0.12.7: fix pointer overflow in STRING_CAT; fix a few more stack
buffer overflows.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0.12.7-1
- Update to 0.12.7 (close RHBZ#2272370)
* Fri Mar 8 2024 Yaakov Selkowitz [yselkowi@redhat.com] - 0.12.6-5
- Use bundled uthash in RHEL builds
* Wed Jan 24 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.12.6-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.12.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jul 19 2023 Fedora Release Engineering [releng@fedoraproject.org] - 0.12.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2272370 - editorconfig-0.12.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2272370
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0f08e59f25' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: perl-Clipboard-0.29-1.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-43a0920f12
2024-04-19 01:17:18.086598
--------------------------------------------------------------------------------
Name : perl-Clipboard
Product : Fedora 39
Version : 0.29
Release : 1.fc39
URL : https://metacpan.org/release/Clipboard
Summary : Copy and paste with any OS
Description :
Who doesn't remember the first time they learned to copy and paste, and
generated an exponentially growing text document? Yes, that's right,
clipboards are magical.
--------------------------------------------------------------------------------
Update Information:
Update to 0.29
- Fixes 'clipbrowse command execution with multi-line clipboard text including
"| sh"'
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 10 2024 Xavier Bachelot [xavier@bachelot.org] - 0.29-1
- Update to 0.29 (RHBZ#2273832)
- Fixes RHBZ#2257224 and RHBZ#2257225
- Convert License: to SPDX
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.28-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.28-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2257225 - perl-Clipboard: clipbrowse command execution with multi-line clipboard text including "| sh" [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2257225
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-43a0920f12' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: php-8.2.18-1.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b46619f761
2024-04-19 01:17:18.086550
--------------------------------------------------------------------------------
Name : php
Product : Fedora 39
Version : 8.2.18
Release : 1.fc39
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
--------------------------------------------------------------------------------
Update Information:
PHP version 8.2.18 (11 Apr 2024)
Core:
Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
(nielsdos)
Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
Fixed bug GH-13670 (GC does not scale well with a lot of objects created in
destructor). (Arnaud)
DOM:
Add some missing ZPP checks. (nielsdos)
Fix potential memory leak in XPath evaluation results. (nielsdos)
Fix phpdoc for DOMDocument load methods. (VincentLanglet)
FPM
Fix incorrect check in fpm_shm_free(). (nielsdos)
GD:
Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)
Gettext:
Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with
category set to LC_ALL. (David Carlier)
MySQLnd:
Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)
Opcache:
Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud,
Dmitry)
Fixed GH-13712 (Segmentation fault for enabled observers when calling trait
method of internal trait when opcache is loaded). (Bob)
PDO:
Fix various PDORow bugs. (Girgias)
Random:
Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes).
(timwolla)
Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests
when MT_RAND_PHP is used). (timwolla)
Session:
Fixed bug GH-13680 (Segfault with session_decode and compilation error).
(nielsdos)
Sockets:
Fixed bug GH-13604 (socket_getsockname returns random characters in the end of
the socket name). (David Carlier)
SPL:
Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in
PHP 8.2.15). (nielsdos)
Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)
Standard:
Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
Fixed GH-13402 (Added validation of \n in $additional_headers of mail()).
(SakiTakamachi)
Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
(divinity76)
Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command
parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial
CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
XML:
Fixed bug GH-13517 (Multiple test failures when building with --with-expat).
(nielsdos)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 10 2024 Remi Collet [remi@remirepo.net] - 8.2.18-1
- Update to 8.2.18 - http://www.php.net/releases/8_2_18.php
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2275058 - CVE-2024-2756 php: host/secure cookie bypass due to partial CVE-2022-31629 fix
https://bugzilla.redhat.com/show_bug.cgi?id=2275058
[ 2 ] Bug #2275061 - CVE-2024-3096 php: password_verify can erroneously return true, opening ATO risk
https://bugzilla.redhat.com/show_bug.cgi?id=2275061
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b46619f761' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: editorconfig-0.12.7-1.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-deddae25dd
2024-04-19 01:17:18.086513
--------------------------------------------------------------------------------
Name : editorconfig
Product : Fedora 39
Version : 0.12.7
Release : 1.fc39
URL : https://github.com/editorconfig/editorconfig-core-c
Summary : Parser for EditorConfig files written in C
Description :
EditorConfig makes it easy to maintain the correct coding style when
switching between different text editors and between different projects.
The EditorConfig project maintains a file format and plugins for various
text editors which allow this file format to be read and used by those
editors.
--------------------------------------------------------------------------------
Update Information:
Update to 0.12.7: fix pointer overflow in STRING_CAT; fix a few more stack
buffer overflows.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0.12.7-1
- Update to 0.12.7 (close RHBZ#2272370)
* Fri Mar 8 2024 Yaakov Selkowitz [yselkowi@redhat.com] - 0.12.6-5
- Use bundled uthash in RHEL builds
* Wed Jan 24 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.12.6-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.12.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2272370 - editorconfig-0.12.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2272370
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-deddae25dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
