Fedora 42 phpunit9 Important Security Fix for Code Execution CVE-2026-24765
fedora
February 6, 2026
Version 9.6.34 - 2026-01-27 Fixed Regression introduced in PHPUnit 9.6.33 Version 9.6.33 - 2026-01-27 Changed
Summary
PHPUnit is a programmer-oriented testing framework for PHP.
It is an instance of the xUnit architecture for unit testing frameworks.
This package provides the version 9 of PHPUnit,
available using the phpunit9 command.
Documentation: https://phpunit.de/documentation.html
Update Information:
Version 9.6.34 - 2026-01-27 Fixed Regression introduced in PHPUnit 9.6.33 Version 9.6.33 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs Version 9.6.32 - 2026-01-24 Changed PHPUnit\Framework\MockObject exceptions are now subtypes of PHPUnit\Exception
Change Log
* Tue Jan 27 2026 Remi Collet
References
[ 1 ] Bug #2433678 - CVE-2026-24765 phpunit9: PHPUnit: Arbitrary code execution via unsafe deserialization of code coverage files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433678
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a1cb6b0f95' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Name: phpunit9
Product: Fedora 42
Version: 9.6.34
Release: 1.fc42
Summary: The PHP Unit Testing framework version 9
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!