Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora: FEDORA-2022-f204e1d0ed Critical: PHP Buffer Overflow

fedora
Calendar Grey November 10, 2022
Dist Fedora Esm H88
PHP 8.1.12 resolves severe vulnerabilities, such as buffer overflow and segmentation fault issues on FreeBSD. Enhance your system's protection immediately.
**PHP version 8.1.12** (27 Oct 2022) **Core:** * Fixes segfault with Fiber on FreeBSD i386 architecture

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

**PHP version 8.1.12** (27 Oct 2022) **Core:** * Fixes segfault with Fiber on

FreeBSD i386 architecture. (David Carlier) **Fileinfo:** * Fixed bug

[GH-8805](https://github.com/php/php-src/issues/8805) (finfo returns wrong mime

type for woff/woff2 files). (Anatol) **GD:** * Fixed bug php#81739: OOB read

due to insufficient input validation in imageloadfont(). (**CVE-2022-31630**)

(cmb) **Hash:** * Fixed bug php#81738: buffer overflow in hash_update() on

long parameter. (**CVE-2022-37454**) (nicky at mouha dot be) **MBString:** -Fixed bug [GH-9683](https://github.com/php/php-src/issues/9683) (Problem when

ISO-2022-JP-MS is specified in mb_ encode_mimeheader). (Alex Dowad)

**Opcache:** * Added indirect call reduction for jit on x86 architectures.

(wxue1) **Session:** * Fixed bug [GH-9583](https://github.com/php/php-src/issues/9583) (session_create_id() fails with user defined save handler that

doesn't have a validateId() method). (Girgias) **Streams:** * Fixed bug

[GH-9590](https://github.com/php/php-src/issues/9590) (stream_select does not

abort upon exception or empty valid fd set). (Arnaud) ---- **PHP version

8.1.11** (29 Sep 2022) **Core:** * Fixed bug php#81726: phar wrapper: DOS when

using quine gzip file. (**CVE-2022-31628**). (cmb) * Fixed bug php#81727: Don't

mangle HTTP variable names that clash with ones that have a specific semantic

meaning. (**CVE-2022-31629**). (Derick) * Fixed bug

[GH-9323](https://github.com/php/php-src/issues/9323) (Crash in

ZEND_RETURN/GC/zend_call_function) (Tim Starling) * Fixed bug

[GH-9361](https://github.com/php/php-src/issues/9361) (Segmentation fault on

script exit php#9379). (cmb, Christian Schneider) * Fixed bug

[GH-9447](https://github.com/php/php-src/issues/9447) (Invalid class FQN emitted

by AST dump for new and class constants in constant expressions). (ilutov)

**DOM:** * Fixed bug php#79451 (DOMDocument->replaceChild on doctype causes

double free). (Nathan Freeman) **FPM:** * Fixed bug

[GH-8885](https://github.com/php/php-src/issues/8885) (FPM access.log with

stderr begins to write logs to error_log after daemon reload). (Dmitry

Menshikov) * Fixed bug php#77780 ("Headers already sent..." when previous

connection was aborted). (Jakub Zelenka) **GMP** * Fixed bug

[GH-9308](https://github.com/php/php-src/issues/9308) (GMP throws the wrong

error when a GMP object is passed to gmp_init()). (Girgias) **Intl** * Fixed

bug [GH-9421](https://github.com/php/php-src/issues/9421) (Incorrect argument

number for ValueError in NumberFormatter). (Girgias) **PCRE:** * Fixed

pcre.jit on Apple Silicon. (Niklas Keller) **PDO_PGSQL:** * Fixed bug

[GH-9411](https://github.com/php/php-src/issues/9411) (PgSQL large object

resource is incorrectly closed). (Yurunsoft) **Reflection:** * Fixed bug

[GH-8932](https://github.com/php/php-src/issues/8932) (ReflectionFunction

provides no way to get the called class of a Closure). (cmb, Nicolas Grekas)

**Streams:** * Fixed bug [GH-9316](https://github.com/php/php-src/issues/9316)

($http_response_header is wrong for long status line). (cmb, timwolla)

* Wed Oct 26 2022 Remi Collet - 8.1.12-1

- Update to 8.1.12 - https://www.php.net/releases/8_1_12.php

* Wed Sep 28 2022 Remi Collet - 8.1.11-1

- Update to 8.1.11 - https://www.php.net/releases/8_1_11.php

su -c 'dnf upgrade --advisory FEDORA-2022-f204e1d0ed' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora PHP segmentation fault critical bug fix dynamic web pages

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 37
Version: 8.1.12
Release: 1.fc37
URL: https://www.php.net/
Summary: PHP scripting language for creating dynamic web sites

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora PHP segmentation fault critical bug fix dynamic web pages

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here