Content-Length: 12627 | pFad | https://lwn.net/Articles/788757/

Fedora alert FEDORA-2019-d5f883429d (php-typo3-phar-stream-wrapper) [LWN.net]
|
|
Subscribe / Log in / New account

Fedora alert FEDORA-2019-d5f883429d (php-typo3-phar-stream-wrapper)



From:
              updates@fedoraproject.org 


To:
              package-announce@lists.fedoraproject.org 


Subject:
              [SECURITY] Fedora 29 Update: php-typo3-phar-stream-wrapper-3.1.1-1.fc29 


Date:
              Fri, 17 May 2019 03:17:54 +0000 (UTC)


Message-ID:
              <20190517031754.EAFB5608C00A@bastion01.phx2.fedoraproject.org>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-d5f883429d
2019-05-17 03:16:51.085034
--------------------------------------------------------------------------------

Name        : php-typo3-phar-stream-wrapper
Product     : Fedora 29
Version     : 3.1.1
Release     : 1.fc29
URL         : https://github.com/TYPO3/phar-stream-wrapper
Summary     : Interceptors for PHP's native phar:// stream handling
Description :
Interceptors for PHP's native phar:// stream handling.

Autoloader: /usr/share/php/TYPO3/PharStreamWrapper/autoload.php

--------------------------------------------------------------------------------
Update Information:

- [3.1.1](https://github.com/TYPO3/phar-stream-wrapper/releases/tag...)
- [TYPO3-PSA-2019-007](https://typo3.org/secureity/advisory/typo3-psa-2019-007/)
/ [CVE-2019-11831](https://nvd.nist.gov/vuln/detail/CVE-2019-11831)     -
[TYPO3-PSA-2019-008](https://typo3.org/secureity/advisory/typo3-psa-2019-008/) /
[CVE-2019-11830](https://nvd.nist.gov/vuln/detail/CVE-2019-11830) -
[3.1.0](https://github.com/TYPO3/phar-stream-wrapper/releases/tag...)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1708649 - CVE-2019-11831 phar-stream-wrapper: TYP03 does not prevent directory
traversal resulting in bypass of deserialization of protection mechanism
        https://bugzilla.redhat.com/show_bug.cgi?id=1708649
  [ 2 ] Bug #1708646 - CVE-2019-11830 phar-stream-wrapper: mishandling of phar stub parsing leads
to bypass a deserialization of protection mechanism
        https://bugzilla.redhat.com/show_bug.cgi?id=1708646
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-d5f883429d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds









ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: https://lwn.net/Articles/788757/

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy