Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Fedora 22: Security Advisory - php-twig Critical Session Fixation Issue

fedora
Calendar Grey December 6, 2015
Dist Fedora Esm H88
Important patch for php-twig in Fedora 22 resolves security issues and weaknesses. Update ASAP for improved safety.
**Twig 1.23.1** (2015-11-05) * fixed some exception messages which triggered PHP warnings * fixed BC on Twig_Test_NodeTestCase **Twig 1.23.0** (2015-10-29) * deprecated the possibi...

Summary

The flexible, fast, and secure template engine for PHP.

* Fast: Twig compiles templates down to plain optimized PHP code. The

overhead compared to regular PHP code was reduced to the very minimum.

* Secure: Twig has a sandbox mode to evaluate untrusted template code. This

allows Twig to be used as a template language for applications where users may modify the template design.

* Flexible: Twig is powered by a flexible lexer and parser. This allows the

developer to define its own custom tags and filters, and create its own

DSL.

Update Information:

**Twig 1.23.1** (2015-11-05) * fixed some exception messages which triggered PHP warnings * fixed BC on Twig_Test_NodeTestCase **Twig 1.23.0** (2015-10-29) * deprecated the possibility to override an extension by registering another one with the same name * deprecated Twig_ExtensionInterface::getGlobals() (added Twig_Extension_GlobalsInterface for BC) * deprecated Twig_ExtensionInterface::initRuntime() (added Twig_Extension_InitRuntimeInterface for BC) * deprecated Twig_Environment::computeAlternatives() **Symfony 2.7.7** (2015-11-23) * security #16631 CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature (xabbuh) * security #16630 CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service (xabbuh) * bug #16588 Sent out a status text for unknown HTTP headers. (dawehner) * bug #16295 [DependencyInjection] Unescape parameters for all types of injection (Nicofuma) * bug #16574 [Process] Fix PhpProcess with phpdbg runtime (ni...

Change Log

References


[ 1 ] Bug #1285263 - CVE-2015-8124 CVE-2015-8125 php-symfony: Session fixation and remote timing attack vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1285263

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php-twig' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php-twig
Product: Fedora 22
Version: 1.23.1
Release: 2.fc22
URL: Summary : The flexible, fast, and secure template engine for PHP

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.