Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 41: FEDORA-2024-3891a08c9e critical: PHP heap overflow issues

fedora
Calendar Grey November 23, 2024
Dist Fedora Esm H88
The recent Fedora advisory for Python 3.11.5 outlines severe issues and security threats. Check inside for update instructions.
PHP version 8.3.14 (21 Nov 2024) CLI: Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server started through shebang)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

Update Information:

PHP version 8.3.14 (21 Nov 2024) CLI: Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server started through shebang). (ilutov) Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface). (nielsdos) COM: Fixed out of bound writes to SafeArray data. (cmb) Core: Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled with Xcode 16 clang on macOS 15). (nielsdos) Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646). (Arnaud) Fixed bug GH-16515 (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline). (ilutov) Fixed bug GH-16509 (Incorrect line number in function redeclaration error). (ilutov) Fixed bug GH-16508 (Incorrect line number in inheritance errors of delayed early bound classes). (ilutov) Fixed bug GH-16648 (Use-after-free during array sorting). (ilutov) Curl: Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if curl_multi_add_...

Topics%20covered

Topics Covered

security advisory update Fedora php heap overflow bug report threat fix

Change Log

* Tue Nov 19 2024 Remi Collet - 8.3.14-1 - Update to 8.3.14 - http://www.php.net/releases/8_3_14.php

References


[ 1 ] Bug #2328036 - CVE-2024-8929 php: Leak partial content of the heap through heap buffer over-read in mysqlnd [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2328036

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-3891a08c9e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php
Product: Fedora 41
Version: 8.3.14
Release: 1.fc41
URL: http://www.php.net/
Summary: PHP scripting language for creating dynamic web sites

Topics%20covered

Topics Covered

security advisory update Fedora php heap overflow bug report threat fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here