Stay Secure with the Latest Linux Advisories

security advisoryfedoracritical

Fedora 36: FEDORA-2022-b7dcd1cde4 Critical: Php-Twig3 Filesystem Issue

**Version 3.4.3** (2022-09-28) * Fix a security issue on filesystem loader (possibility to load a template outside a configured directory). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-b7dcd1cde4 2022-10-07 15:54:31.083243 --------------------------------------------------------------------------------Name : php-twig3 Product : Fedora 36 Version : 3.4.3 Release : 1.fc36 URL : https://twig.symfony.com Summary : The flexible, fast, and secure template engine for PHP Description : The flexible, fast, and secure template engine for PHP. * Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. * Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a template language for applications where users may modify the template design. * Flexible: Twig is powered by a flexible lexer and parser. This allows the developer to define its own custom tags and filters, and create its own DSL. Autoloader: /usr/share/php/Twig3/autoload.php --------------------------------------------------------------------------------Update Information: **Version 3.4.3** (2022-09-28) * Fix a security issue on filesystem loader (possibility to load a template outside a configured directory) --------------------------------------------------------------------------------ChangeLog: * Thu Sep 29 2022 Remi Collet - 3.4.3-1 - update to 3.4.3 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-b7dcd1cde4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys usedby the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . A patch for php-twig3 addresses a critical vulnerability that permitted loading templates from arbitrary directories.. Fedora Update, php-twig3 Issue, Filesystem Security, Template Loader. . Severity: Critical. LinuxSecurity.com Team

Oct 07, 2022 •Critical Fedora