--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-13463
2015-08-27 17:56:49.070275
--------------------------------------------------------------------------------

Name        : php-twig
Product     : Fedora 23
Version     : 1.20.0
Release     : 1.fc23
URL         : Summary     : The flexible, fast, and secure template engine for PHP
Description :
The flexible, fast, and secure template engine for PHP.

* Fast: Twig compiles templates down to plain optimized PHP code. The
  overhead compared to regular PHP code was reduced to the very minimum.

* Secure: Twig has a sandbox mode to evaluate untrusted template code. This
  allows Twig to be used as a template language for applications where users  may modify the template design.

* Flexible: Twig is powered by a flexible lexer and parser. This allows the
  developer to define its own custom tags and filters, and create its own
  DSL.

--------------------------------------------------------------------------------
Update Information:

## 1.20.0 (2015-08-12)  * forbid access to the Twig environment from templates
and internal parts of Twig_Template * fixed limited RCEs when in sandbox mode *
deprecated Twig_Template::getEnvironment() * deprecated the _self variable for
usage outside of the from and import tags * added Twig_BaseNodeVisitor to ease
the compatibility of node visitors between 1.x and 2.x  ## 1.19.0 (2015-07-31)
* fixed wrong error message when including an undefined template in a child
template * added support for variadic filters, functions, and tests * added
support for extra positional arguments in macros * added ignore_missing flag to
the source function * fixed batch filter with zero items * deprecated
Twig_Environment::clearTemplateCache() * fixed sandbox disabling when using the
include function
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1249259 - php-twig-v1.20.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1249259
  [ 2 ] Bug #1255796 - php-twig: Remote code execution via Twig templates [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1255796
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update php-twig' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/

Fedora 23: php-twig Security Update 2015-13463

August 27, 2015
## 1.20.0 (2015-08-12) * forbid access to the Twig environment from templates and internal parts of Twig_Template * fixed limited RCEs when in sandbox mode * deprecated Twig_Templa...

Summary

The flexible, fast, and secure template engine for PHP.

* Fast: Twig compiles templates down to plain optimized PHP code. The

overhead compared to regular PHP code was reduced to the very minimum.

* Secure: Twig has a sandbox mode to evaluate untrusted template code. This

allows Twig to be used as a template language for applications where users may modify the template design.

* Flexible: Twig is powered by a flexible lexer and parser. This allows the

developer to define its own custom tags and filters, and create its own

DSL.

Update Information:

## 1.20.0 (2015-08-12) * forbid access to the Twig environment from templates and internal parts of Twig_Template * fixed limited RCEs when in sandbox mode * deprecated Twig_Template::getEnvironment() * deprecated the _self variable for usage outside of the from and import tags * added Twig_BaseNodeVisitor to ease the compatibility of node visitors between 1.x and 2.x ## 1.19.0 (2015-07-31) * fixed wrong error message when including an undefined template in a child template * added support for variadic filters, functions, and tests * added support for extra positional arguments in macros * added ignore_missing flag to the source function * fixed batch filter with zero items * deprecated Twig_Environment::clearTemplateCache() * fixed sandbox disabling when using the include function

Change Log

References

[ 1 ] Bug #1249259 - php-twig-v1.20.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1249259 [ 2 ] Bug #1255796 - php-twig: Remote code execution via Twig templates [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1255796

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php-twig' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : php-twig
Product : Fedora 23
Version : 1.20.0
Release : 1.fc23
URL : Summary : The flexible, fast, and secure template engine for PHP

Related News

6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This
18.WifiCutout Landscape Esm H320
2 - 3 min read
A novel attack called TunnelVision has been discovered. It compromises the security of virtually all VPN apps, rendering their purpose useless. The

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved