FEDORA-2022-ec0491574d
Packages in this update:
php-8.1.8-1.fc36
Update description:
PHP version 8.1.8 (07 Jul 2022)
Core:
Fixed bug GH-8338 (Intel CET is disabled unintentionally). (Chen, Hu)
Fixed leak in Enum::from/tryFrom for internal enums when using JIT (ilutov)
Fixed calling internal methods with a static return type from extension code. (Sara)
Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1 references). (Nicolas Grekas)
Fixed potential use after free in php_binary_init(). (Heiko Weber)
CLI:
Fixed GH-8827 (Intentionally closing std handles no longer possible). (cmb)
Curl:
Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option. (Pierrick)
Date:
Fixed bug php#72963 (Null-byte injection in CreateFromFormat and related functions). (Derick)
Fixed bug php#74671 (DST timezone abbreviation has incorrect offset). (Derick)
Fixed bug php#77243 (Weekdays are calculated incorrectly for negative years). (Derick)
Fixed bug php#78139 (timezone_open accepts invalid timezone string argument). (Derick)
Fileinfo:
Fixed bug php#81723 (Heap buffer overflow in finfo_buffer). (CVE-2022-31627) (cmb)
FPM:
Fixed bug php#67764 (fpm: syslog.ident don’t work). (Jakub Zelenka)
GD:
Fixed imagecreatefromavif() memory leak. (cmb)
MBString:
mb_detect_encoding recognizes all letters in Czech alphabet (alexdowad)
mb_detect_encoding recognizes all letters in Hungarian alphabet (alexdowad)
Fixed bug GH-8685 (pcre not ready at mbstring startup). (Remi)
Backwards-compatible mappings for 0x5C/0x7E in Shift-JIS are restored, after they had been changed in 8.1.0. (Alex Dowad)
ODBC:
Fixed handling of single-key connection strings. (Calvin Buckley)
OPcache:
Fixed bug GH-8591 (tracing JIT crash after private instance method change). (Arnaud, Dmitry, Oleg Stepanischev)
OpenSSL:
Fixed bug php#50293 (Several openssl functions ignore the VCWD). (Jakub Zelenka, cmb)
Fixed bug php#81713 (NULL byte injection in several OpenSSL functions working with certificates). (Jakub Zelenka)
PDO_ODBC:
Fixed handling of single-key connection strings. (Calvin Buckley)
More Stories
ZDI-CAN-25373: Microsoft
A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus - Trend Micro Zero Day Initiative' was reported to...
DSA-5774-1 ruby-saml – security update
It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify...
USN-6968-2: PostgreSQL vulnerability
USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS....
USN-7015-2: Python vulnerabilities
USN-7015-1 fixed several vulnerabilities in Python. This update provides one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS,...
USN-7027-1: Emacs vulnerabilities
It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands....
USN-7024-1: tgt vulnerability
It was discovered that tgt attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1,...