FEDORA-2023-2455981016
Packages in this update:
php-8.2.7-2.fc38
Update description:
PHP version 8.2.7 (08 Jun 2023)
Core:
Fixed bug GH-11152 (Unable to alias namespaces containing reserved class names). (ilutov)
Fixed bug GH-9068 (Conditional jump or move depends on uninitialised value(s)). (nielsdos)
Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state). (Bob)
Fixed bug GH-11063 (Compilation error on old GCC versions). (ingamedeo)
Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash). (Bob)
Date:
Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in offset). (nielsdos)
Exif:
Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper chunk sizes). (nielsdos)
FPM:
Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of child->ev_std(out|err)). (Jakub Zelenka)
Fixed bug php#64539 (FPM status page: query_string not properly JSON encoded). (Jakub Zelenka)
Fixed memory leak for invalid primary script file handle. (Jakub Zelenka)
Hash:
Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments). (nielsdos)
LibXML:
Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0). (nielsdos)
MBString:
Fix bug GH-11217 (Segfault in mb_strrpos / mb_strripos when using negative offset and ASCII encoding). (ilutov)
Opcache:
Fixed bug GH-11134 (Incorrect match default branch optimization). (ilutov)
Fixed too wide OR and AND range inference. (nielsdos)
Fixed missing class redeclaration error with OPcache enabled. (ilutov)
Fixed bug GH-11245 (In some specific cases SWITCH with one default statement will cause segfault). (nielsdos)
PCNTL:
Fixed maximum argument count of pcntl_forkx(). (nielsdos)
PGSQL:
Fixed parameter parsing of pg_lo_export(). (kocsismate)
Phar:
Fixed bug GH-11099 (Generating phar.php during cross-compile can’t be done). (peter279k)
Soap:
Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla)
Fixed bug GH-8426 (make test fail while soap extension build). (nielsdos)
SPL:
Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)). (nielsdos)
Standard:
Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for source file). (ilutov)
Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308 redirect). (nielsdos)
Streams:
Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data). (nielsdos)
Fixed bug GH-11175 (Stream Socket Timeout). (nielsdos)
Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client). (nielsdos)
More Stories
USN-7202-1: HPLIP vulnerability
Kevin Backhouse discovered that HPLIP incorrectly handled certain MDNS responses. A remote attacker could use this issue to cause HPLIP...
USN-7201-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a...
USN-7200-1: Roundcube vulnerability
It was discovered that Roundcube incorrectly handled certain file-based attachment plugins. An attacker could exploit this to gain unauthorized access...
USN-6940-2: snapd vulnerabilities
USN-6940-1 fixed vulnerabilities in snapd. This update provides the corresponding updates for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Original...
USN-7199-1: xmltok library vulnerabilities
It was discovered that Expat, contained within the xmltok library, incorrectly handled malformed XML data. If a user or application...
ZDI-25-027: (Pwn2Own) Google Chrome VideoFrame Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to...