Fedora alert FEDORA-2025-8d0acf5a57 (php)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 41 Update: php-8.3.19-1.fc41 | |
| Date: | Fri, 21 Mar 2025 01:14:23 +0000 | |
| Message-ID: | <20250321011423.55DE5200A914@bastion01.iad2.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-8d0acf5a57 2025-03-21 01:13:34.113079+00:00 -------------------------------------------------------------------------------- Name : php Product : Fedora 41 Version : 8.3.19 Release : 1.fc41 URL : http://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. -------------------------------------------------------------------------------- Update Information: PHP version 8.3.19 (13 Mar 2025) BCMath: Fixed bug GH-17398 (bcmul memory leak). (SakiTakamachi) Core: Fixed bug GH-17623 (Broken stack overflow detection for variable compilation). (ilutov) Fixed bug GH-17618 (UnhandledMatchError does not take zend.exception_ignore_args=1 into account). (timwolla) Fix fallback paths in fast_long_{add,sub}_function. (nielsdos) Fixed bug GH-17718 (Calling static methods on an interface that has __callStatic is allowed). (timwolla) Fixed bug GH-17797 (zend_test_compile_string crash on invalid script path). (David Carlier) Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free). (CVE-2024-11235) (ilutov) DOM: Fixed bug GH-17847 (xinclude destroys live node). (nielsdos) FFI: Fix FFI Parsing of Pointer Declaration Lists. (davnotdev) FPM: Fixed bug GH-17643 (FPM with httpd ProxyPass encoded PATH_INFO env). (Jakub Zelenka) GD: Fixed bug GH-17772 (imagepalettetotruecolor crash with memory_limit=2M). (David Carlier) LDAP: Fixed bug GH-17704 (ldap_search fails when $attributes contains a non-packed array with numerical keys). (nielsdos, 7u83) LibXML: Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of php#72714). (nielsdos) Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong content-type header when requesting a redirected resource). (CVE-2025-1219) (timwolla) MBString: Fixed bug GH-17503 (Undefined float conversion in mb_convert_variables). (cmb) Opcache: Fixed bug GH-17654 (Multiple classes using same trait causes function JIT crash). (nielsdos) Fixed bug GH-17577 (JIT packed type guard crash). (nielsdos, Dmitry) Fixed bug GH-17899 (zend_test_compile_string with invalid path when opcache is enabled). (David Carlier) Fixed bug GH-17868 (Cannot allocate memory with tracing JIT). (nielsdos) PDO_SQLite: Fixed GH-17837 ()::getColumnMeta() on unexecuted statement segfaults). (cmb) Fix cycle leak in sqlite3 setAuthorizer(). (nielsdos) Phar: Fixed bug GH-17808: PharFileInfo refcount bug. (nielsdos) PHPDBG: Partially fixed bug GH-17387 (Trivial crash in phpdbg lexer). (nielsdos) Fix memory leak in phpdbg calling registered function. (nielsdos) Reflection: Fixed bug GH-15902 (Core dumped in ext/reflection/php_reflection.c). (DanielEScherzer) Standard: Fixed bug php#72666 (stat cache clearing inconsistent between file:// paths and plain paths). (Jakub Zelenka) Streams: Fixed bug GH-17650 (realloc with size 0 in user_filters.c). (nielsdos) Fix memory leak on overflow in _php_stream_scandir(). (nielsdos) Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). (CVE-2025-1736) (Jakub Zelenka) Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861) (Jakub Zelenka) Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734) (Jakub Zelenka) Fixed GHSA-v8xr-gpvj-cx9g (Header parser of http stream wrapper does not handle folded headers). (CVE-2025-1217) (Jakub Zelenka) Zlib: Fixed bug GH-17745 (zlib extension incorrectly handles object arguments). (nielsdos) Fix memory leak when encoding check fails. (nielsdos) Fix zlib support for large files. (nielsdos) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 12 2025 Remi Collet <remi@remirepo.net> - 8.3.19-1 - Update to 8.3.19 - http://www.php.net/releases/8_3_19.php * Wed Mar 12 2025 Remi Collet <remi@remirepo.net> - 8.3.18-1 - Update to 8.3.18 - http://www.php.net/releases/8_3_18.php -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8d0acf5a57' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue