FEDORA-2024-39d50cc975
Packages in this update:
php-8.2.18-1.fc38
Update description:
PHP version 8.2.18 (11 Apr 2024)
Core:
Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)
DOM:
Add some missing ZPP checks. (nielsdos)
Fix potential memory leak in XPath evaluation results. (nielsdos)
Fix phpdoc for DOMDocument load methods. (VincentLanglet)
FPM
Fix incorrect check in fpm_shm_free(). (nielsdos)
GD:
Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)
Gettext:
Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)
MySQLnd:
Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)
Opcache:
Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)
PDO:
Fix various PDORow bugs. (Girgias)
Random:
Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)
Session:
Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)
Sockets:
Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name). (David Carlier)
SPL:
Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos)
Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)
Standard:
Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
Fixed GH-13402 (Added validation of n in $additional_headers of mail()). (SakiTakamachi)
Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
XML:
Fixed bug GH-13517 (Multiple test failures when building with –with-expat). (nielsdos)
More Stories
USN-6968-2: PostgreSQL vulnerability
USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS....
USN-7015-2: Python vulnerabilities
USN-7015-1 fixed several vulnerabilities in Python. This update provides one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS,...
USN-7027-1: Emacs vulnerabilities
It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands....
USN-7024-1: tgt vulnerability
It was discovered that tgt attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1,...
helix-24.07-2.fc42 rust-cargo-0.79.0-4.fc42 rust-cargo-deny-0.14.24-3.fc42 rust-dua-cli-2.29.2-1.fc42 rust-gix-0.66.0-1.fc42 rust-gix-actor-0.32.0-1.fc42 rust-gix-archive-0.15.0-1.fc42 rust-gix-attributes-0.22.5-1.fc42 rust-gix-command-0.3.9-1.fc42 rust-gix-commitgraph-0.24.3-1.fc42 rust-gix-config-0.40.0-1.fc42 rust-gix-config-value-0.14.8-1.fc42 rust-gix-credentials-0.24.5-1.fc42 rust-gix-date-0.9.0-1.fc42 rust-gix-diff-0.46.0-1.fc42 rust-gix-dir-0.8.0-1.fc42 rust-gix-discover-0.35.0-1.fc42 rust-gix-features-0.38.2-3.fc42 rust-gix-filter-0.13.0-1.fc42 rust-gix-fs-0.11.3-1.fc42 rust-gix-glob-0.16.5-1.fc42 rust-gix-ignore-0.11.4-1.fc42 rust-gix-index-0.35.0-1.fc42 rust-gix-mailmap-0.24.0-1.fc42 rust-gix-negotiate-0.15.0-1.fc42 rust-gix-object-0.44.0-1.fc42 rust-gix-odb-0.63.0-1.fc42 rust-gix-pack-0.53.0-1.fc42 rust-gix-packetline-0.17.6-1.fc42 rust-gix-packetline-blocking-0.17.5-1.fc42 rust-gix-path-0.10.11-1.fc42 rust-gix-pathspec-0.7.7-1.fc42 rust-gix-prompt-0.8.7-1.fc42 rust-gix-protocol-0.45.3-1.fc42 rust-gix-ref-0.47.0-1.fc42 rust-gix-refspec-0.25.0-1.fc42 rust-gix-revision-0.29.0-1.fc42 rust-gix-revwalk-0.15.0-1.fc42 rust-gix-sec-0.10.8-1.fc42 rust-gix-status-0.13.0-1.fc42 rust-gix-submodule-0.14.0-1.fc42 rust-gix-tempfile-14.0.2-1.fc42 rust-gix-trace-0.1.10-1.fc42 rust-gix-transport-0.42.3-1.fc42 rust-gix-traverse-0.41.0-1.fc42 rust-gix-url-0.27.5-1.fc42 rust-gix-validate-0.9.0-1.fc42 rust-gix-worktree-0.36.0-1.fc42 rust-gix-worktree-state-0.13.0-1.fc42 rust-gix-worktree-stream-0.15.0-1.fc42 rust-onefetch-2.21.0-4.fc42 rust-prodash-29.0.0-1.fc42 rust-rustsec-0.29.3-3.fc42 rust-tame-index-0.12.0-3.fc42 rust-vergen-8.3.1-4.fc42 stgit-2.4.12-1.fc42
FEDORA-2024-1b3089c689 Packages in this update: helix-24.07-2.fc42 rust-cargo-0.79.0-4.fc42 rust-cargo-deny-0.14.24-3.fc42 rust-dua-cli-2.29.2-1.fc42 rust-gix-0.66.0-1.fc42 rust-gix-actor-0.32.0-1.fc42 rust-gix-archive-0.15.0-1.fc42 rust-gix-attributes-0.22.5-1.fc42 rust-gix-command-0.3.9-1.fc42 rust-gix-commitgraph-0.24.3-1.fc42 rust-gix-config-0.40.0-1.fc42 rust-gix-config-value-0.14.8-1.fc42 rust-gix-credentials-0.24.5-1.fc42 rust-gix-date-0.9.0-1.fc42 rust-gix-diff-0.46.0-1.fc42...
USN-7025-1: LibreOffice vulnerability
It was discovered that LibreOffice would incorrectly handle digital signature verification after repairing a corrupted document. A remote attacker could...