FEDORA-2022-ec0491574d
Packages in this update:
php-8.1.8-1.fc36
Update description:
PHP version 8.1.8 (07 Jul 2022)
Core:
Fixed bug GH-8338 (Intel CET is disabled unintentionally). (Chen, Hu)
Fixed leak in Enum::from/tryFrom for internal enums when using JIT (ilutov)
Fixed calling internal methods with a static return type from extension code. (Sara)
Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1 references). (Nicolas Grekas)
Fixed potential use after free in php_binary_init(). (Heiko Weber)
CLI:
Fixed GH-8827 (Intentionally closing std handles no longer possible). (cmb)
Curl:
Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option. (Pierrick)
Date:
Fixed bug php#72963 (Null-byte injection in CreateFromFormat and related functions). (Derick)
Fixed bug php#74671 (DST timezone abbreviation has incorrect offset). (Derick)
Fixed bug php#77243 (Weekdays are calculated incorrectly for negative years). (Derick)
Fixed bug php#78139 (timezone_open accepts invalid timezone string argument). (Derick)
Fileinfo:
Fixed bug php#81723 (Heap buffer overflow in finfo_buffer). (CVE-2022-31627) (cmb)
FPM:
Fixed bug php#67764 (fpm: syslog.ident don’t work). (Jakub Zelenka)
GD:
Fixed imagecreatefromavif() memory leak. (cmb)
MBString:
mb_detect_encoding recognizes all letters in Czech alphabet (alexdowad)
mb_detect_encoding recognizes all letters in Hungarian alphabet (alexdowad)
Fixed bug GH-8685 (pcre not ready at mbstring startup). (Remi)
Backwards-compatible mappings for 0x5C/0x7E in Shift-JIS are restored, after they had been changed in 8.1.0. (Alex Dowad)
ODBC:
Fixed handling of single-key connection strings. (Calvin Buckley)
OPcache:
Fixed bug GH-8591 (tracing JIT crash after private instance method change). (Arnaud, Dmitry, Oleg Stepanischev)
OpenSSL:
Fixed bug php#50293 (Several openssl functions ignore the VCWD). (Jakub Zelenka, cmb)
Fixed bug php#81713 (NULL byte injection in several OpenSSL functions working with certificates). (Jakub Zelenka)
PDO_ODBC:
Fixed handling of single-key connection strings. (Calvin Buckley)
More Stories
icecat-flatpak-115.18.0-2
FEDORA-FLATPAK-2024-5ad8ccec67 Packages in this update: icecat-flatpak-115.18.0-2 Update description: Updated patchset for CVE-2024-11693 CVE-2024-11697 CVE-2024-11692 Read More
mupdf-1.24.6-2.fc40
FEDORA-2024-bfc5e25437 Packages in this update: mupdf-1.24.6-2.fc40 Update description: fix CVE-2024-46657 (rhbz#2331626) Read More
mupdf-1.21.1-6.el9
FEDORA-EPEL-2024-94a20f339a Packages in this update: mupdf-1.21.1-6.el9 Update description: fix CVE-2024-46657 (rhbz#2331625) Read More
DSA-5837-1 fastnetmon – security update
Two security issues have been discovered in FastNetMon, a fast DDoS analyzer: Malformed Netflow/sFlow traffic could result in denial of...
DSA-5836-1 xen – security update
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information...
DSA-5835-1 webkit2gtk – security update
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-54479 Seunghyun Lee discovered that processing maliciously crafted web...