Fedora 21 : php-twig-1.20.0-1.fc21 (2015-13423)

high Nessus Plugin ID 85811

Synopsis

The remote Fedora host is missing a security update.

Description

## 1.20.0 (2015-08-12) * forbid access to the Twig environment from templates and internal parts of Twig_Template * fixed limited RCEs when in sandbox mode * deprecated Twig_Template::getEnvironment() * deprecated the _self variable for usage outside of the from and import tags * added Twig_BaseNodeVisitor to ease the compatibility of node visitors between 1.x and 2.x ## 1.19.0 (2015-07-31)

- fixed wrong error message when including an undefined template in a child template * added support for variadic filters, functions, and tests * added support for extra positional arguments in macros * added ignore_missing flag to the source function * fixed batch filter with zero items * deprecated Twig_Environment::clearTemplateCache() * fixed sandbox disabling when using the include function

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php-twig package.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1255795

http://www.nessus.org/u?150d2496

Plugin Details

Severity: High

ID: 85811

File Name: fedora_2015-13423.nasl

Version: 2.4

Type: local

Agent: unix

Published: 9/8/2015

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php-twig, cpe:/o:fedoraproject:fedora:21

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 9/6/2015

Reference Information

FEDORA: 2015-13423