stable

php-8.2.18-1.fc38

FEDORA-2024-39d50cc975 created by remi 8 months ago for Fedora 38

PHP version 8.2.18 (11 Apr 2024)

Core:

  • Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
  • Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
  • Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)

DOM:

  • Add some missing ZPP checks. (nielsdos)
  • Fix potential memory leak in XPath evaluation results. (nielsdos)
  • Fix phpdoc for DOMDocument load methods. (VincentLanglet)

FPM

  • Fix incorrect check in fpm_shm_free(). (nielsdos)

GD:

  • Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)

Gettext:

  • Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)

MySQLnd:

  • Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
  • Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

Opcache:

  • Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
  • Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)

PDO:

  • Fix various PDORow bugs. (Girgias)

Random:

  • Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
  • Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)

Session:

  • Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)

Sockets:

  • Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name). (David Carlier)

SPL:

  • Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos)
  • Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)

Standard:

  • Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
  • Fixed GH-13402 (Added validation of \n in $additional_headers of mail()). (SakiTakamachi)
  • Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
  • Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
  • Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
  • Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)

XML:

  • Fixed bug GH-13517 (Multiple test failures when building with --with-expat). (nielsdos)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-39d50cc975

This update has been submitted for testing by remi.

8 months ago

This update's test gating status has been changed to 'ignored'.

8 months ago

This update has been pushed to testing.

8 months ago

remi edited this update.

8 months ago

This update has been submitted for stable by bodhi.

8 months ago

This update has been pushed to stable.

8 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
8 months ago
in testing
8 months ago
in stable
8 months ago
modified
8 months ago
approved
8 months ago
BZ#2275058 CVE-2024-2756 php: host/secure cookie bypass due to partial CVE-2022-31629 fix
0
0
BZ#2275059 CVE-2024-2756 php: host/secure cookie bypass due to partial CVE-2022-31629 fix [fedora-all]
0
0
BZ#2275061 CVE-2024-3096 php: password_verify can erroneously return true, opening ATO risk
0
0
BZ#2275062 CVE-2024-3096 php: password_verify can erroneously return true, opening ATO risk [fedora-all]
0
0

Automated Test Results