Alerts This Week
Warning Icon 1 1,123
Alerts This Week
Warning Icon 1 1,123

Fedora 40: 2024-e0d390d35b critical: PHP heap overflow fixes

fedora
Calendar Grey November 28, 2024
Dist Fedora Esm H88
Vital security enhancements for PHP 8.3.14 within Fedora 40 tackle various vulnerabilities, such as heap overflows.
PHP version 8.3.14 (21 Nov 2024) CLI: Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server started through shebang)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

Update Information:

PHP version 8.3.14 (21 Nov 2024) CLI: Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server started through shebang). (ilutov) Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface). (nielsdos) COM: Fixed out of bound writes to SafeArray data. (cmb) Core: Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled with Xcode 16 clang on macOS 15). (nielsdos) Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646). (Arnaud) Fixed bug GH-16515 (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline). (ilutov) Fixed bug GH-16509 (Incorrect line number in function redeclaration error). (ilutov) Fixed bug GH-16508 (Incorrect line number in inheritance errors of delayed early bound classes). (ilutov) Fixed bug GH-16648 (Use-after-free during array sorting). (ilutov) Curl: Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if curl_multi_add_...

Topics%20covered

Topics Covered

security advisory security update critical Fedora bug fix heap overflow PHP

Change Log

* Tue Nov 19 2024 Remi Collet - 8.3.14-1 - Update to 8.3.14 - http://www.php.net/releases/8_3_14.php

References


[ 1 ] Bug #2328035 - CVE-2024-8929 php: Leak partial content of the heap through heap buffer over-read in mysqlnd [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2328035 [ 2 ] Bug #2328614 - CVE-2024-11234 php: Configuring a proxy in a stream context might allow for CRLF injection in URIs [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2328614 [ 3 ] Bug #2328673 - CVE-2024-11236 php: Integer overflow in the firebird and dblib quoters causing OOB writes [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2328673 [ 4 ] Bug #2328738 - CVE-2024-11233 php: Single byte overread with convert.quoted-printable-decode filter [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2328738

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-e0d390d35b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php
Product: Fedora 40
Version: 8.3.14
Release: 1.fc40
URL: http://www.php.net/
Summary: PHP scripting language for creating dynamic web sites

Topics%20covered

Topics Covered

security advisory security update critical Fedora bug fix heap overflow PHP

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here