Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 38: FEDORA-2024-39d50cc975 Critical: PHP Memory Leak Fixes

fedora
Calendar Grey April 19, 2024
Dist Fedora Esm H88
PHP edition 8.2.18 resolves numerous concerns such as memory leaks and enhancements in session management for Fedora 38.
PHP version 8.2.18 (11 Apr 2024) Core: Fixed bug GH-13612 (Corrupted memory in destructor with weak references)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

Update Information:

PHP version 8.2.18 (11 Apr 2024) Core: Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos) Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi) Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud) DOM: Add some missing ZPP checks. (nielsdos) Fix potential memory leak in XPath evaluation results. (nielsdos) Fix phpdoc for DOMDocument load methods. (VincentLanglet) FPM Fix incorrect check in fpm_shm_free(). (nielsdos) GD: Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky) Gettext: Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier) MySQLnd: Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi) Fix incorrect charset length in check_mb_eucjpms(). (nielsdos) Opcache: Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry) Fixed GH-13712 (Segmentat...

Topics%20covered

Topics Covered

security advisory critical Fedora bug fix memory leak PHP session handling

Change Log

* Wed Apr 10 2024 Remi Collet - 8.2.18-1 - Update to 8.2.18 - http://www.php.net/releases/8_2_18.php

References


[ 1 ] Bug #2275058 - CVE-2024-2756 php: host/secure cookie bypass due to partial CVE-2022-31629 fix https://bugzilla.redhat.com/show_bug.cgi?id=2275058 [ 2 ] Bug #2275061 - CVE-2024-3096 php: password_verify can erroneously return true, opening ATO risk https://bugzilla.redhat.com/show_bug.cgi?id=2275061

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-39d50cc975' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php
Product: Fedora 38
Version: 8.2.18
Release: 1.fc38
URL: http://www.php.net/
Summary: PHP scripting language for creating dynamic web sites

Topics%20covered

Topics Covered

security advisory critical Fedora bug fix memory leak PHP session handling

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here