Mageia 9: 2024-0262 Critical: PHP 8.2 Code Logic Error in URL Validation
mageia
July 11, 2024
This update ships the latest version of php 8.2
Summary
This update ships the latest version of php 8.2. It brings fixed security issues and the usual bug fixes. Vulnerability: A code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly. (CVE-2024-5458) Notable fixes: DOM: Fixed bug GH-14343 (Memory leak in xml and dom). FPM: Fixed bug GH-13563 (Setting bool values via env in FPM config fails). MySQLnd: Fix bug GH-14255 (mysqli_fetch_assoc reports error from nested query). Posix: Fix usage of reentrant functions in ext/posix. Soap: Various memory issues SPL: Fixed bug GH-14290 (Member access within null pointer in extension spl). Streams: Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was not allocated and malloc: d...
References
- https://bugs.mageia.org/show_bug.cgi?id=33358
- https://www.php.net/ChangeLog-8.php#8.2.21
- https://www.php.net/ChangeLog-8.php#8.2.20
- https://www.php.net/ChangeLog-8.php#8.2.19
- https://www.cve.org/CVERecord?id=CVE-2024-5458
Topics Covered
Resolution
SRPMS
- 9/core/php-8.2.21-2.mga9
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 11 Jul 2024
URL: https://advisories.mageia.org/MGASA-2024-0262.html
Type: security
CVE: CVE-2024-5458
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!