Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 42: PHP 8.4.16 Major Fixes for Heap Overflow and Information Leak

fedora
Calendar Grey December 19, 2025
Dist Fedora Esm H88
Recent fixes in PHP 8.4.16 address critical issues, enhancing security in Fedora 42 with several bug corrections and updates.
PHP version 8.4.16 (18 Dec 2025) Core: Sync all boost.context files with release 1.86.0

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

Update Information:

PHP version 8.4.16 (18 Dec 2025) Core: Sync all boost.context files with release 1.86.0. (mvorisek) Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter). (ndossche) Fixed bug GH-20286 (use-after-destroy during userland stream_close()). (ndossche, David Carlier) Bz2: Fix assertion failures resulting in crashes with stream filter object parameters. (ndossche) Date: Fix crashes when trying to instantiate uninstantiable classes via date static constructors. (ndossche) DOM: Fix memory leak when edge case is hit when registering xpath callback. (ndossche) Fixed bug GH-20395 (querySelector and querySelectorAll requires elements in $selectors to be lowercase). (ndossche) Fix missing NUL byte check on C14NFile(). (ndossche) Fibers: Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value). (David Carlier) FTP: Fixed bug GH-20601 (ftp_connect overflow on timeout). (David Carlier) GD: Fixed bug GH-20...

Topics%20covered

Topics Covered

security advisory information leak fedora critical php heap overflow

Change Log

* Wed Dec 17 2025 Remi Collet - 8.4.16-1 - Update to 8.4.16 - http://www.php.net/releases/8_4_16.php

References

Fedora Update Notification FEDORA-2025-ce8a4096e7 2025-12-19 04:14:19.799982+00:00 Name : php Product : Fedora 42 Version : 8.4.16 Release : 1.fc42 URL : http://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-ce8a4096e7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php
Product: Fedora 42
Version: 8.4.16
Release: 1.fc42
URL: http://www.php.net/
Summary: PHP scripting language for creating dynamic web sites

Topics%20covered

Topics Covered

security advisory information leak fedora critical php heap overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here