Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
87
security advisorydenial of servicecriticalDebian: DSA-5819-1 critical: PHP 8.2 denial of service issues
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service, CLRF injection or information disclosure. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5819-1
Nov 26, 2024
•Critical
Debian
172
security advisorysoftware updateUbuntuUbuntu 18.04 LTS, USN-6305-3 Moderate: PHP XML Handling Issue
USN-6305-2 caused a regression in parsing XML.. ========================================================================== Ubuntu Security Notice USN-6305-3 July 03, 2024 php7.0 and php7.2 regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: USN-6305-2 caused a regression in parsing XML. Software Description: - php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Details: USN-6305-2 fixed a vulnerability in PHP. The update caused a regression in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update fix it. Original advisory details: It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. (CVE-2023-3823) It was discovered that PHP incorrectly handled certain PHAR files. An attacker could possibly use this issue to cause a crash, expose sensitive information or execute arbitrary code. (CVE-2023-3824) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS php7.2 7.2.24-0ubuntu0.18.04.17+esm4 Available with Ubuntu Pro php7.2-cgi 7.2.24-0ubuntu0.18.04.17+esm4 Available with Ubuntu Pro php7.2-cli 7.2.24-0ubuntu0.18.04.17+esm4 Available with Ubuntu Pro php7.2-fpm 7.2.24-0ubuntu0.18.04.17+esm4 Available with Ubuntu Pro php7.2-xml 7.2.24-0ubuntu0.18.04.17+esm4 Available with Ubuntu Pro php7.2-xmlrpc 7.2.24-0ubuntu0.18.04.17+esm4 Available with Ubuntu Pro Ubuntu 16.04 LTS php7.0 7.0.33-0ubuntu0.16.04.16+esm10 Available with Ubuntu Pro php7.0-cgi 7.0.33-0ubuntu0.16.04.16+esm10 Available with Ubuntu Pro php7.0-cli 7.0.33-0ubuntu0.16.04.16+esm10 Available with Ubuntu Pro php7.0-fpm 7.0.33-0ubuntu0.16.04.16+esm10 Available with Ubuntu Pro php7.0-xml 7.0.33-0ubuntu0.16.04.16+esm10 Available with Ubuntu Pro php7.0-xmlrpc 7.0.33-0ubuntu0.16.04.16+esm10 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6305-3 https://ubuntu.com/security/notices/USN-6305-1 . Recent patches for PHP vulnerabilities in Ubuntu enhance security, focusing on risks tied to XML parsing. Users are urged to update PHP for vital security fixes.. Ubuntu PHP Security Update XML. . Severity: Important. LinuxSecurity.com Team
Jul 03, 2024
•Important
Ubuntu
89
security advisorysoftware updateFedoraImportant Announcement: Critical Bug Fixes for Fedora 37 PHP 8.1.20
**PHP version 8.1.20** (08 Jun 2023) **Core:** * Fixed bug [GH-9068](https://github.com/php/php-src/issues/9068) (Conditional jump or move depends on uninitialised value(s)). (nielsdos) * Fixed bug [GH-11189](https://github.com/php/php-src/issues/11189) (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state). (Bob) * Fixed bug. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-2b7eeaaee5 2023-06-16 02:13:40.625154 --------------------------------------------------------------------------------Name : php Product : Fedora 37 Version : 8.1.20 Release : 1.fc37 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. --------------------------------------------------------------------------------Update Information: **PHP version 8.1.20** (08 Jun 2023) **Core:** * Fixed bug [GH-9068](https://github.com/php/php-src/issues/9068) (Conditional jump or move depends on uninitialised value(s)). (nielsdos) * Fixed bug [GH-11189](https://github.com/php/php-src/issues/11189) (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state). (Bob) * Fixed bug [GH-11222](https://github.com/php/php-src/issues/11222) (foreach by-ref may jump over keys during a rehash). (Bob) **Date:** * Fixed bug [GH-11281](https://github.com/php/php-src/issues/11281) (DateTimeZone::getName() does not include seconds in offset). (nielsdos) **Exif:** * Fixed bug [GH-10834](https://github.com/php/php-src/issues/10834) (exif_read_data()cannot read smaller stream wrapper chunk sizes). (nielsdos) **FPM:** * Fixed bug [GH-10461](https://github.com/php/php-src/issues/10461) (PHP-FPM segfault due to after free usage of child-> ev_std(out|err)). (Jakub Zelenka) * Fixed bug php#64539 (FPM status page: query_string not properly JSON encoded). (Jakub Zelenka) * Fixed memory leak for invalid primary script file handle. (Jakub Zelenka) **Hash:** * Fixed bug [GH-11180](https://github.com/php/php-src/issues/11180) (hash_file() appears to be restricted to 3 arguments). (nielsdos) **LibXML:** * Fixed bug [GH-11160](https://github.com/php/php-src/issues/11160) (Few tests failed building with new libxml 2.11.0). (nielsdos) **Opcache:** * Fixed bug [GH-11134](https://github.com/php/php-src/issues/11134) (Incorrect match default branch optimization). (ilutov) * Fixed too wide OR and AND range inference. (nielsdos) * Fixed bug [GH-11245](https://github.com/php/php-src/issues/11245) (In some specific cases SWITCH with one default statement will cause segfault). (nielsdos) **PGSQL:** * Fixed parameter parsing of pg_lo_export(). (kocsismate) **Phar:** * Fixed bug [GH-11099](https://github.com/php/php-src/issues/11099) (Generating phar.php during cross-compile can't be done). (peter279k) **Soap:** * Fixed bug [GHSA-76gg-c692-v2mw](https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw) (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla) * Fixed bug [GH-8426](https://github.com/php/php-src/issues/8426) (make test fail while soap extension build). (nielsdos) **SPL:** * Fixed bug [GH-11178](https://github.com/php/php-src/issues/11178) (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)). (nielsdos) **Standard:** * Fixed bug [GH-11138](https://github.com/php/php-src/issues/11138) (move_uploaded_file() emits open_basedir warning for source file). (ilutov) * Fixed bug [GH-11274](https://github.com/php/php-src/issues/11274) (POST/PATCH requestswitches to GET after a HTTP 308 redirect). (nielsdos) **Streams:** * Fixed bug [GH-10031](https://github.com/php/php-src/issues/10031) ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data). (nielsdos) * Fixed bug [GH-11175](https://github.com/php/php-src/issues/11175) (Stream Socket Timeout). (nielsdos) * Fixed bug [GH-11177](https://github.com/php/php-src/issues/11177) (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client). (nielsdos) --------------------------------------------------------------------------------ChangeLog: * Wed Jun 7 2023 Remi Collet - 8.1.20-1 - Update to 8.1.20 - https://www.php.net/releases/8_1_20.php --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-2b7eeaaee5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jun 16, 2023
•Important
Fedora
172
security advisoryupdatephpUbuntu 20.04 LTS: USN-4330-2 Moderate: PHP Security Issues
Several security issues were fixed in PHP.. =========================================================================Ubuntu Security Notice USN-4330-2 May 06, 2020 php7.4 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in PHP. Software Description: - php7.4: server-side, HTML-embedded scripting language (metapackage) Details: USN-4330-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. (CVE-2020-7064) It was discovered that PHP incorrectly handled certain UTF strings. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2020-7065) It was discovered that PHP incorrectly handled certain URLs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7066) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libapache2-mod-php7.4 7.4.3-4ubuntu1.1 php7.4-cgi 7.4.3-4ubuntu1.1 php7.4-cli 7.4.3-4ubuntu1.1 php7.4-fpm 7.4.3-4ubuntu1.1 php7.4-mbstring 7.4.3-4ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4330-2 https://ubuntu.com/security/notices/USN-4330-1 CVE-2020-7064, CVE-2020-7065, CVE-2020-7066 Package Information: https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu1.1 . Ubuntu 20.04 LTS rolls out essential security patches for PHP, targeting various vulnerabilities and their potential threats.. PHP Security Update, Ubuntu 20.04 LTS, PHPVulnerabilities. . Severity: Important. LinuxSecurity.com Team
May 06, 2020
•Important
Ubuntu
89
security advisoryFedoracritical fixFedora 23: Critical Security Fix for Ruby 2.2.4 Vulnerabilities Released
Update to Ruby 2.2.4 including security fix for CVE-2009-5147 and CVE-2015-7551.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-eef21b972e 2015-12-29 18:54:14.972418 -------------------------------------------------------------------------------- Name : ruby Product : Fedora 23 Version : 2.2.4 Release : 47.fc23 URL : https://www.ruby-lang.org/ Summary : An interpreter of object-oriented scripting language Description : Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. -------------------------------------------------------------------------------- Update Information: Update to Ruby 2.2.4 including security fix for CVE-2009-5147 and CVE-2015-7551. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1248935 - CVE-2009-5147 CVE-2015-7551 ruby: DL::dlopen could open a library with tainted library name https://bugzilla.redhat.com/show_bug.cgi?id=1248935 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update ruby' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Dec 29, 2015
•Critical
Fedora
89
security advisoryfedorapackage updateFedora Core 3: FEDORA-2005-425 Moderate: Ruby 1.8.2 Upgrade Info
Updated package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-425 2005-06-17 ---------------------------------------------------------------------Product : Fedora Core 3 Name : ruby Version : 1.8.2 Release : 1.fc3.2 Summary : An interpreter of object-oriented scripting language Description : Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. ---------------------------------------------------------------------* Fri Jun 17 2005 Akira TAGOH - 1.8.2-1.fc3.2 - backported the changes from devel: - ruby-1.8.2-strscan-memset.patch: fixed an wrong usage of memset(3). - ruby-1.8.2-deadcode.patch: removed the dead code from the source. (#146108) - make sure that all documentation files in ruby-docs are the world- readable. (#147279) - ruby-1.8.2-tcltk-multilib.patch: applied to get tcltklib.so built. (#160194) ---------------------------------------------------------------------This update can be downloaded from: 2019dda1af1aa635784de35076f99163 SRPMS/ruby-1.8.2-1.fc3.2.src.rpm 8cff25610e2e8f08cb35d143c9cc4602 x86_64/rdoc-1.8.2-1.fc3.2.x86_64.rpm 87f5e0444c4997006c8465ded3f85d2d x86_64/irb-1.8.2-1.fc3.2.x86_64.rpm 7cc25fc9bcb62fc38ab47ceb0083e7d4 x86_64/ruby-1.8.2-1.fc3.2.x86_64.rpm b66f169819c52b8542596d1bfc8e7c9c x86_64/ri-1.8.2-1.fc3.2.x86_64.rpm 7b90db14eb118cdb3e86b88f041aa9b8 x86_64/debug/ruby-debuginfo-1.8.2-1.fc3.2.x86_64.rpm e3378a7e227acc2d959acb1db4d74411 x86_64/ruby-devel-1.8.2-1.fc3.2.x86_64.rpm 085c50463c7814c2fc5d50137fe6cd9c x86_64/ruby-docs-1.8.2-1.fc3.2.x86_64.rpm 274a05a53239ec489a1644a816b5faf1 x86_64/ruby-libs-1.8.2-1.fc3.2.x86_64.rpm 2bf00202739f74a7ed9b9fa573c54779 x86_64/ruby-mode-1.8.2-1.fc3.2.x86_64.rpm 93db9ab0599023d959de2ec8e7bfa6e0 x86_64/ruby-tcltk-1.8.2-1.fc3.2.x86_64.rpm 99085a99ec940ea0d438d84566eeec60 x86_64/ruby-libs-1.8.2-1.fc3.2.i386.rpm d837967a472c71cedb132fe85e3f0821 i386/ruby-devel-1.8.2-1.fc3.2.i386.rpm 752f9a882a148ac1911cd41f83f34140 i386/irb-1.8.2-1.fc3.2.i386.rpm 0406062de370fef9c0f1bf41a2f6cd5f i386/rdoc-1.8.2-1.fc3.2.i386.rpm 65a4366899ec460b9061f8c429adddf5 i386/ri-1.8.2-1.fc3.2.i386.rpm 5815fc58525a03f26d87e419f8c568e7 i386/ruby-1.8.2-1.fc3.2.i386.rpm 9193323c313aec6506a1ea1e400ee9c0 i386/debug/ruby-debuginfo-1.8.2-1.fc3.2.i386.rpm 5496902f10079e1a8bf4e0a071ac23b1 i386/ruby-docs-1.8.2-1.fc3.2.i386.rpm 99085a99ec940ea0d438d84566eeec60 i386/ruby-libs-1.8.2-1.fc3.2.i386.rpm f065711335dc3b0c11ae02c51f744f79 i386/ruby-mode-1.8.2-1.fc3.2.i386.rpm 1a0b8ff1b1d6d07c6ed3e320c01cc7c5 i386/ruby-tcltk-1.8.2-1.fc3.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Jun 16, 2005
Fedora
89
security advisorymoderatefedora coreFedora Core 3: FEDORA-2004-594 Moderate: Ruby 1.8.2 Update
New upstream release.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2004-594 2005-01-06 ---------------------------------------------------------------------Product : Fedora Core 3 Name : ruby Version : 1.8.2 Release : 1.FC3.0 Summary : An interpreter of object-oriented scripting language Description : Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. ---------------------------------------------------------------------* Thu Jan 06 2005 Akira TAGOH - 1.8.2-1.FC3.0 - New upstream release. - ruby-1.8.1-ia64-stack-limit.patch: removed - it's no longer needed. - ruby-1.8.1-cgi_session_perms.patch: likewise. - ruby-1.8.1-cgi-dos.patch: likewise. - generated Ruby interactive documentation - senarated package. it's now provided as ri package. (#141806) ---------------------------------------------------------------------This update can be downloaded from: 49a953871d9f92b6b01f5e048a46a1f4 SRPMS/ruby-1.8.2-1.FC3.0.src.rpm 61c544d1c4787b42c2007276657c99a1 x86_64/ruby-1.8.2-1.FC3.0.x86_64.rpm 62a8151ae1e2637055ea7afa91661345 x86_64/irb-1.8.2-1.FC3.0.x86_64.rpm 59c76e31da5de0fa51d8a20fb8d39944 x86_64/ri-1.8.2-1.FC3.0.x86_64.rpm c8ca13ac4854a63d505dd7c1fae5211a x86_64/debug/ruby-debuginfo-1.8.2-1.FC3.0.x86_64.rpm fb2016c7b909124053009c798df6ceb6 x86_64/ruby-devel-1.8.2-1.FC3.0.x86_64.rpm 29e1dfa4096ea0ae22895a191eab74c4 x86_64/ruby-docs-1.8.2-1.FC3.0.x86_64.rpm 071453c0a3baa183657d065f21edaf85 x86_64/ruby-libs-1.8.2-1.FC3.0.x86_64.rpm 4055623dbc83d19b5b2ba1018e8c83c8 x86_64/ruby-mode-1.8.2-1.FC3.0.x86_64.rpm 64c9e208c1c031788e696b840dc0b850 x86_64/ruby-tcltk-1.8.2-1.FC3.0.x86_64.rpm f91500d14818f8116cdf30a439048284 x86_64/ruby-libs-1.8.2-1.FC3.0.i386.rpm f8aa2bd17f8f922dd3316e866df74f8c i386/ruby-devel-1.8.2-1.FC3.0.i386.rpm 0c328bd1c00bfec75cba411b7aa8c61f i386/irb-1.8.2-1.FC3.0.i386.rpm 095eb887db458bf9b3104c4b9baaae8f i386/ri-1.8.2-1.FC3.0.i386.rpm 7c2705a3157f4cf38386ec1efba435c3 i386/ruby-1.8.2-1.FC3.0.i386.rpm cdfa93cde4137977fd0526be4bc26136 i386/debug/ruby-debuginfo-1.8.2-1.FC3.0.i386.rpm 6dc3d8c5cb127b62518b4e1894782519 i386/ruby-docs-1.8.2-1.FC3.0.i386.rpm f91500d14818f8116cdf30a439048284 i386/ruby-libs-1.8.2-1.FC3.0.i386.rpm f5413a1aefa9e13fdf234f2f575433fd i386/ruby-mode-1.8.2-1.FC3.0.i386.rpm 9d3798bee532eef374f4c19573679ad3 i386/ruby-tcltk-1.8.2-1.FC3.0.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Jan 06, 2005
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!