[SECURITY] Fedora 40 Update: php-8.3.14-1.fc40

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e0d390d35b
2024-11-28 02:44:05.515315+00:00
--------------------------------------------------------------------------------

Name        : php
Product     : Fedora 40
Version     : 8.3.14
Release     : 1.fc40
URL         : http://www.php.net/
Summary     : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

--------------------------------------------------------------------------------
Update Information:

PHP version 8.3.14 (21 Nov 2024)
CLI:
Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server
started through shebang). (ilutov)
Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data
Processing in CLI SAPI Interface). (nielsdos)
COM:
Fixed out of bound writes to SafeArray data. (cmb)
Core:
Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled with
Xcode 16 clang on macOS 15). (nielsdos)
Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646). (Arnaud)
Fixed bug GH-16515 (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for call
trampoline). (ilutov)
Fixed bug GH-16509 (Incorrect line number in function redeclaration error).
(ilutov)
Fixed bug GH-16508 (Incorrect line number in inheritance errors of delayed early
bound classes). (ilutov)
Fixed bug GH-16648 (Use-after-free during array sorting). (ilutov)
Curl:
Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if
curl_multi_add_handle fails). (timwolla)
Date:
Fixed bug GH-16454 (Unhandled INF in date_sunset() with tiny $utcOffset). (cmb)
Fixed bug GH-14732 (date_sun_info() fails for non-finite values). (cmb)
DBA:
Fixed bug GH-16390 (dba_open() can segfault for "pathless" streams). (cmb)
DOM:
Fixed bug GH-16316 (DOMXPath breaks when not initialized properly). (nielsdos)
Add missing hierarchy checks to replaceChild. (nielsdos)
Fixed bug GH-16336 (Attribute intern document mismanagement). (nielsdos)
Fixed bug GH-16338 (Null-dereference in ext/dom/node.c). (nielsdos)
Fixed bug GH-16473 (dom_import_simplexml stub is wrong). (nielsdos)
Fixed bug GH-16533 (Segfault when adding attribute to parent that is not an
element). (nielsdos)
Fixed bug GH-16535 (UAF when using document as a child). (nielsdos)
Fixed bug GH-16593 (Assertion failure in DOM->replaceChild). (nielsdos)
Fixed bug GH-16595 (Another UAF in DOM -> cloneNode). (nielsdos)
EXIF:
Fixed bug GH-16409 (Segfault in exif_thumbnail when not dealing with a real
file). (nielsdos, cmb)
FFI:
Fixed bug GH-16397 (Segmentation fault when comparing FFI object). (nielsdos)
Filter:
Fixed bug GH-16523 (FILTER_FLAG_HOSTNAME accepts ending hyphen). (cmb)
FPM:
Fixed bug GH-16628 (FPM logs are getting corrupted with this log statement).
(nielsdos)
GD:
Fixed bug GH-16334 (imageaffine overflow on matrix elements). (David Carlier)
Fixed bug GH-16427 (Unchecked libavif return values). (cmb)
Fixed bug GH-16559 (UBSan abort in ext/gd/libgd/gd_interpolation.c:1007).
(nielsdos)
GMP:
Fixed floating point exception bug with gmp_pow when using large exposant
values. (David Carlier).
Fixed bug GH-16411 (gmp_export() can cause overflow). (cmb)
Fixed bug GH-16501 (gmp_random_bits() can cause overflow). (David Carlier)
Fixed gmp_pow() overflow bug with large base/exponents. (David Carlier)
Fixed segfaults and other issues related to operator overloading with GMP
objects. (Girgias)
LDAP:
Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932)
(nielsdos)
MBstring:
Fixed bug GH-16361 (mb_substr overflow on start/length arguments). (David
Carlier)
MySQLnd:
Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through heap
buffer over-read). (CVE-2024-8929) (Jakub Zelenka)
Opcache:
Fixed bug GH-16408 (Array to string conversion warning emitted in optimizer).
(ilutov)
OpenSSL:
Fixed bug GH-16357 (openssl may modify member types of certificate arrays).
(cmb)
Fixed bug GH-16433 (Large values for openssl_csr_sign() $days overflow). (cmb)
Fix various memory leaks on error conditions in openssl_x509_parse(). (nielsdos)
PDO DBLIB:
Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB
writes). (CVE-2024-11236) (nielsdos)
PDO Firebird:
Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter causing
OOB writes). (CVE-2024-11236) (nielsdos)
PDO ODBC:
Fixed bug GH-16450 (PDO_ODBC can inject garbage into field values). (cmb)
Phar:
Fixed bug GH-16406 (Assertion failure in ext/phar/phar.c:2808). (nielsdos)
PHPDBG:
Fixed bug GH-16174 (Empty string is an invalid expression for ev). (cmb)
Reflection:
Fixed bug GH-16601 (Memory leak in Reflection constructors). (nielsdos)
Session:
Fixed bug GH-16385 (Unexpected null returned by session_set_cookie_params).
(nielsdos)
Fixed bug GH-16290 (overflow on cookie_lifetime ini value). (David Carlier)
SOAP:
Fixed bug GH-16318 (Recursive array segfaults soap encoding). (nielsdos)
Fixed bug GH-16429 (Segmentation fault access null pointer in SoapClient).
(nielsdos)
Sockets:
Fixed bug with overflow socket_recvfrom $length argument. (David Carlier)
SPL:
Fixed bug GH-16337 (Use-after-free in SplHeap). (nielsdos)
Fixed bug GH-16464 (Use-after-free in SplDoublyLinkedList::offsetSet()).
(ilutov)
Fixed bug GH-16479 (Use-after-free in SplObjectStorage::setInfo()). (ilutov)
Fixed bug GH-16478 (Use-after-free in SplFixedArray::unset()). (ilutov)
Fixed bug GH-16588 (UAF in Observer->serialize). (nielsdos)
Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed
SplFileObject::__constructor). (Girgias)
Fixed bug GH-16589 (UAF in SplDoublyLinked->serialize()). (nielsdos)
Fixed bug GH-14687 (segfault on SplObjectIterator instance). (David Carlier)
Fixed bug GH-16604 (Memory leaks in SPL constructors). (nielsdos)
Fixed bug GH-16646 (UAF in ArrayObject::unset() and
ArrayObject::exchangeArray()). (ilutov)
Standard:
Fixed bug GH-16293 (Failed assertion when throwing in assert() callback with
bail enabled). (ilutov)
Streams:
Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might
allow for CRLF injection in URIs). (CVE-2024-11234) (Jakub Zelenka)
Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with convert.quoted-
printable-decode filter). (CVE-2024-11233) (nielsdos)
SysVMsg:
Fixed bug GH-16592 (msg_send() crashes when a type does not properly
serialized). (David Carlier / cmb)
SysVShm:
Fixed bug GH-16591 (Assertion error in shm_put_var). (nielsdos, cmb)
XMLReader:
Fixed bug GH-16292 (Segmentation fault in ext/xmlreader/php_xmlreader.c).
(nielsdos)
Zlib:
Fixed bug GH-16326 (Memory management is broken for bad dictionaries.) (cmb)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 19 2024 Remi Collet <remi@xxxxxxxxxxxx> - 8.3.14-1
- Update to 8.3.14 - http://www.php.net/releases/8_3_14.php
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2328035 - CVE-2024-8929 php: Leak partial content of the heap through heap buffer over-read in mysqlnd [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2328035
  [ 2 ] Bug #2328614 - CVE-2024-11234 php: Configuring a proxy in a stream context might allow for CRLF injection in URIs [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2328614
  [ 3 ] Bug #2328673 - CVE-2024-11236 php: Integer overflow in the firebird and dblib quoters causing OOB writes [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2328673
  [ 4 ] Bug #2328738 - CVE-2024-11233 php: Single byte overread with convert.quoted-printable-decode filter [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2328738
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e0d390d35b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

-- 
_______________________________________________
package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]

  Powered by Linux