Read Time:1 Minute, 36 Second

FEDORA-2022-ec0491574d

Packages in this update:

php-8.1.8-1.fc36

Update description:

PHP version 8.1.8 (07 Jul 2022)

Core:

Fixed bug GH-8338 (Intel CET is disabled unintentionally). (Chen, Hu)
Fixed leak in Enum::from/tryFrom for internal enums when using JIT (ilutov)
Fixed calling internal methods with a static return type from extension code. (Sara)
Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1 references). (Nicolas Grekas)
Fixed potential use after free in php_binary_init(). (Heiko Weber)

CLI:

Fixed GH-8827 (Intentionally closing std handles no longer possible). (cmb)

Curl:

Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option. (Pierrick)

Date:

Fixed bug php#72963 (Null-byte injection in CreateFromFormat and related functions). (Derick)
Fixed bug php#74671 (DST timezone abbreviation has incorrect offset). (Derick)
Fixed bug php#77243 (Weekdays are calculated incorrectly for negative years). (Derick)
Fixed bug php#78139 (timezone_open accepts invalid timezone string argument). (Derick)

Fileinfo:

Fixed bug php#81723 (Heap buffer overflow in finfo_buffer). (CVE-2022-31627) (cmb)

FPM:

Fixed bug php#67764 (fpm: syslog.ident don’t work). (Jakub Zelenka)

GD:

Fixed imagecreatefromavif() memory leak. (cmb)

MBString:

mb_detect_encoding recognizes all letters in Czech alphabet (alexdowad)
mb_detect_encoding recognizes all letters in Hungarian alphabet (alexdowad)
Fixed bug GH-8685 (pcre not ready at mbstring startup). (Remi)
Backwards-compatible mappings for 0x5C/0x7E in Shift-JIS are restored, after they had been changed in 8.1.0. (Alex Dowad)

ODBC:

Fixed handling of single-key connection strings. (Calvin Buckley)

OPcache:

Fixed bug GH-8591 (tracing JIT crash after private instance method change). (Arnaud, Dmitry, Oleg Stepanischev)

OpenSSL:

Fixed bug php#50293 (Several openssl functions ignore the VCWD). (Jakub Zelenka, cmb)
Fixed bug php#81713 (NULL byte injection in several OpenSSL functions working with certificates). (Jakub Zelenka)

PDO_ODBC:

Fixed handling of single-key connection strings. (Calvin Buckley)

Friday Squid Blogging: Squid Game Season Two Teaser

Clever Social Engineering Attack Using Captchas

US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities

Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable

Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions

This Windows PowerShell Phish Has Scary Potential

Infostealers Cause Surge in Ransomware Attacks, Just One in Three Recover Data

FBI Shuts Down Chinese Botnet

Western Agencies Warn Risk from Chinese-Controlled Botnet

php-8.1.8-1.fc36

FEDORA-2022-ec0491574d

Packages in this update:

Update description:

ZDI-CAN-25373: Microsoft

DSA-5774-1 ruby-saml – security update

USN-6968-2: PostgreSQL vulnerability

USN-7015-2: Python vulnerabilities

USN-7027-1: Emacs vulnerabilities

USN-7024-1: tgt vulnerability