Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 43 phpunit12 Important Arbitrary Code Exec Risk 2026-470a48f838

fedora
Calendar Grey February 5, 2026
Dist Fedora Esm H88
Update for Fedora 43 addresses a severe code execution risk in PHPUnit 12.5.8 to enhance security against attacks.
Version 12.5.8 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the t...

Summary

PHPUnit is a programmer-oriented testing framework for PHP.

It is an instance of the xUnit architecture for unit testing frameworks.

This package provides the version 12 of PHPUnit,

available using the phpunit12 command.

Documentation: https://phpunit.de/documentation.html

Update Information:

Version 12.5.8 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs Version 12.5.7 - 2026-01-24 Fixed #6362: Manually instantiated test doubles are broken since PHPUnit 11.2 #6470: Infinite recursion in Count::getCountOf() for unusal implementations of Iterator or IteratorAggregate Version 12.5.6 - 2026-01-16 Changed Reverted a change that caused a build failure for the PHP project's nightly community job Version 12.5.5 - 2026-01-15 Deprecated #6461: any() matcher (soft deprecation) Fixed #6470: Mocking a class with a property hook setter accepting more types than the property results in a fatal error

Topics%20covered

Topics Covered

security advisory fedora arbitrary code execution important poisoned pipeline phpunit12

Change Log

* Tue Jan 27 2026 Remi Collet - 12.5.8-1 - update to 12.5.8 * Mon Jan 26 2026 Remi Collet - 12.5.7-1 - update to 12.5.7 - raise dependency on sebastian/comparator 7.1.4 * Sat Jan 17 2026 Remi Collet - 12.5.6-1 - update to 12.5.6 * Thu Jan 15 2026 Remi Collet - 12.5.5-1 - update to 12.5.5 - raise dependency on phpunit/php-code-coverage 12.5.2

References


[ 1 ] Bug #2433676 - CVE-2026-24765 phpunit12: PHPUnit: Arbitrary code execution via unsafe deserialization of code coverage files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2433676

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-470a48f838' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: phpunit12
Product: Fedora 43
Version: 12.5.8
Release: 1.fc43
URL: https://github.com/sebastianbergmann/phpunit
Summary: The PHP Unit Testing framework version 12

Topics%20covered

Topics Covered

security advisory fedora arbitrary code execution important poisoned pipeline phpunit12

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here