Fedora Linux Distribution - Page 437.25
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
**Version 1.3.6** **Security Fixes:** * Fix XSS in proxy mode [#271] (Joachim Fritschi) **Bug Fixes:** * Fix bad condition [#252] (Brice Vercoustre) * Hash ticket strings to generate valid-length session-ids [#224, #244, #248] (Adam Franco) * Fix "phpCAS" class capitalization in code [#273, #277] (phy25) **Improvement:** * Remove fallback for __autoload [#247]
- ifcfg: fix crash parsing DNS entries (rh #1607866) - dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688)
- SASL password overflow via integer overflow (CVE-2018-16839) - fix use-after- free in handle close (CVE-2018-16840) - fix bad arethmetic when outputting warnings to stderr (CVE-2018-16842)
This update does sanity checking when an application passes in a checksum to verify. Before this release, applications could pass in non-hex values for the checksum, which could cause zchunk to crash. Now non-hex values will be rejected.
**Version 1.3.8** This is a service release to update the stable version 1.3 of Roundcube Webmail. It contains fixes to several bugs backported from the master branch including a security fix for a reported XSS vulnerability plus updates to ensure compatibility with PHP 7.3 and recent versions of Courier-IMAP, Dovecot and MySQL 8. See the complete changelog below. **Changelog** - Fix PHP
dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688)
This update addresses the following vulnerability: * [CVE-2018-4345](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4345) This update brings the following changes: * Many improvements and fixes for video playback with media source extensions (MSE), which improve the user experience across the board, and in particular for playback of WebM videos. *
**Version 1.3.8** This is a service release to update the stable version 1.3 of Roundcube Webmail. It contains fixes to several bugs backported from the master branch including a security fix for a reported XSS vulnerability plus updates to ensure compatibility with PHP 7.3 and recent versions of Courier-IMAP, Dovecot and MySQL 8. See the complete changelog below. **Changelog** - Fix PHP
- Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV (CVE-2018-10932). - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices.
latest upstream release, fixes several CVE security issues