Fedora 28 PHP Update 2018-9438795217 Critical Memory Leak Fix

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

**PHP version 7.2.8** (19 Jul 2018) **Core:** * Fixed bug php#76534 (PHP hangs

on 'illegal string offset on string references with an error handler).

(Laruence) * Fixed bug php#76520 (Object creation leaks memory when executed

over HTTP). (Nikita) * Fixed bug php#76502 (Chain of mixed exceptions and errors

does not serialize properly). (Nikita) **Date:** * Fixed bug php#76462

(Undefined property: DateInterval::$f). (Anatol) **EXIF:** * Fixed bug

php#76409 (heap use after free in _php_stream_free). (cmb) * Fixed bug php#76423

(Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (Stas)

* Fixed bug php#76557 (heap-buffer-overflow (READ of size 48) while reading exif

data). (Stas) **FPM:** * Fixed bug php#73342 (Vulnerability in php-fpm by

changing stdin to non-blocking). (Nikita) **GMP:** * Fixed bug php#74670

(Integer Underflow when unserializing GMP and possible other classes). (Nikita)

**intl:** * Fixed bug php#76556 (get_debug_info handler for BreakIterator shows

wrong type). (cmb) **mbstring:** * Fixed bug php#76532 (Integer overflow and

excessive memory usage in mb_strimwidth). (MarcusSchwarz) **Opcache:** * Fixed

bug php#76477 (Opcache causes empty return value). (Nikita, Laruence)

**PGSQL:** * Fixed bug php#76548 (pg_fetch_result did not fetch the next row).

(Anatol) **phpdbg:** * Fix arginfo wrt. optional/required parameters. (cmb)

**Reflection:** * Fixed bug php#76536 (PHP crashes with core dump when throwing

exception in error handler). (Laruence) * Fixed bug php#75231

(ReflectionProperty#getValue() incorrectly works with inherited classes).

(Nikita) **Standard:** * Fixed bug php#76505 (array_merge_recursive() is

duplicating sub-array keys). (Laruence) * Fixed bug php#71848 (getimagesize with

$imageinfo returns false). (cmb) **Win32:** * Fixed bug php#76459 (windows

linkinfo lacks openbasedir check). (Anatol) **ZIP:** * Fixed bug php#76461

(OPSYS_Z_CPM defined instead of OPSYS_CPM). (Dennis Birkholz, Remi)

* Tue Jul 17 2018 Remi Collet - 7.2.8-1

- Update to 7.2.8 - https://www.php.net/releases/7_2_8.php

- FPM: add getallheaders, backported from 7.3

* Wed Jun 20 2018 Remi Collet - 7.2.7-1

- Update to 7.2.7 - https://www.php.net/releases/7_2_7.php

* Wed May 23 2018 Remi Collet - 7.2.6-1

- Update to 7.2.6 - https://www.php.net/releases/7_2_6.php

* Tue Apr 24 2018 Remi Collet - 7.2.5-1

- Update to 7.2.5 - https://www.php.net/releases/7_2_5.php

* Wed Apr 11 2018 Remi Collet - 7.2.5~RC1-1

- update to 7.2.5RC1

su -c 'dnf upgrade --advisory FEDORA-2018-9438795217' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMMANNSWGI3NXNNUPHYMS35YCW7X6VR6/