Fedora 40: 2024-49aba7b305 Moderate: PHP Buffer Overflow and Filter Bypass

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

PHP version 8.3.8 (06 Jun 2024) CGI: Fixed buffer limit on Windows, replacing read call usage by _read. (David Carlier) Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577) (nielsdos) CLI: Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles quoted heredoc literals.). (nielsdos) Core: Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for non- compile-time expressions). (ilutov) DOM: Fix crashes when entity declaration is removed while still having entity references. (nielsdos) Fix references not handled correctly in C14N. (nielsdos) Fix crash when calling childNodes next() when iterator is exhausted. (nielsdos) Fix crash in ParentNode::append() when dealing with a fragment containing text nodes. (nielsdos) Filter: Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458) (nielsdos) FPM: Fix bug GH-14175 (Show decimal number instead o...