Fedora: 2020-9aac6c76c4 Critical: Core Fixes in PHP 7.4.4

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

**PHP version 7.4.4** (19 Mar 2020) **Core:** * Fixed bug php#79329

(get_headers() silently truncates after a null byte) (**CVE-2020-7066**) (cmb) *

Fixed bug php#79244 (php crashes during parsing INI file). (Laruence) * Fixed

bug php#63206 (restore_error_handler does not restore previous errors mask).

(Mark Plomer) **CURL:** * Fixed bug php#79019 (Copied cURL handles upload

empty file). (cmb) * Fixed bug php#79013 (Content-Length missing when posting a

curlFile with curl). (cmb) **DOM:** * Fixed bug php#77569: (Write Access

Violation in DomImplementation). (Nikita, cmb) * Fixed bug php#79271

(DOMDocumentType::$childNodes is NULL). (cmb) **Enchant:** * Fixed bug

php#79311 (enchant_dict_suggest() fails on big endian architecture). (cmb)

**EXIF:** * Fixed bug php#79282 (Use-of-uninitialized-value in exif)

(**CVE-2020-7064**) (Nikita) **Fileinfo:** * Fixed bug php#79283 (Segfault in

libmagic patch contains a buffer overflow) (cmb) **FPM:** * Fixed bug

php#77653 (operator displayed instead of the real error message). (Jakub

Zelenka) * Fixed bug php#79014 (PHP-FPM & Primary script unknown). (Jakub

Zelenka) **MBstring:** * Fixed bug php#79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full) (**CVE-2020-7065**) (cmb)

**MySQLi:** * Fixed bug php#64032 (mysqli reports different client_version).

(cmb) **MySQLnd:** * Implemented FR php#79275 (Support

auth_plugin_caching_sha2_password on Windows). (cmb) **Opcache:** * Fixed bug

php#79252 (preloading causes php-fpm to segfault during exit). (Nikita)

**PCRE:** * Fixed bug php#79188 (Memory corruption in

preg_replace/preg_replace_callback and unicode). (Nikita) * Fixed bug php#79241

(Segmentation fault on preg_match()). (Nikita) * Fixed bug php#79257 (Duplicate

named groups (?J) prefer last alternative even if not matched). (Nikita)

**PDO_ODBC:** * Fixed bug php#79038 (PDOStatement::nextRowset() leaks column

values). (cmb) **Reflection:** * Fixed bug php#79062 (Property with heredoc

default value returns false for getDocComment). (Nikita) **SQLite3:** * Fixed

bug php#79294 (::columnType() may fail after SQLite3Stmt::reset()). (cmb)

**Standard:** * Fixed bug php#79254 (getenv() w/o arguments not showing

changes). (cmb) * Fixed bug php#79265 (Improper injection of Host header when

using fopen for http requests). (Miguel Xavier Penha Neto) **Zip:** * Fixed

bug php#79315 (ZipArchive::addFile doesn't honor start/length parameters).

(Remi)

* Tue Mar 17 2020 Remi Collet - 7.4.4-1

- Update to 7.4.4 - https://www.php.net/releases/7_4_4.php

su -c 'dnf upgrade --advisory FEDORA-2020-9aac6c76c4' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/