Advisories » MGAA-2023-0155

Updated php packages fix some errors

Publication date: 29 Dec 2023
Modification date: 29 Dec 2023
Type: bugfix
Affected Mageia releases : 9

Description

Updated php package fix some errors:
- Core:
  . Fixed oss-fuzz #54325 (Use-after-free of name in var-var with
    malicious error handler).
  . Fixed oss-fuzz #64209 (In-place modification of filename in
    php_message_handler_for_zend).
  . Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within
    ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC).
  . Fix various missing NULL checks.
  . Fixed bug GH-12835 (Leak of call->extra_named_params on internal
    __call).
- Date:
  . Fixed improbably integer overflow while parsing really large (or
small)
    Unix timestamps.
- DOM:
  . Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in
    invalid default: prefix).
- FPM:
  . Fixed bug GH-12705 (Segmentation fault in
    fpm_status_export_to_zval).
- FTP:
  . Fixed bug GH-9348 (FTP & SSL session reuse).
- Intl:
  . Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1).
- LibXML:
  . Fixed bug GH-12702 (libxml2 2.12.0 issue building from src).
  . Fixed test failures for libxml2 2.12.0.
- MySQLnd:
  . Avoid using uninitialised struct.
  . Fixed bug GH-12791 (Possible dereference of NULL in MySQLnd debug
    code).
- Opcache:
  . Fixed JIT bug (Function JIT emits "Uninitialized string offset"
    warning at the same time as invalid offset Error).
  . Fixed JIT bug (JIT emits "Attempt to assign property of non-object"
    warning at the same time as Error is being thrown).
- OpenSSL:
  . Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs).
- PCRE:
  . Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux).
- PDO PGSQL:
  . Fixed the default value of $fetchMode in PDO::pgsqlGetNotify()
- PGSQL:
  . Fixed bug GH-12763 wrong argument type for pg_untrace.
- PHPDBG:
  . Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c).
- SOAP:
  . Fixed bug GH-12838 ([SOAP] Temporary WSDL cache files not being
    deleted).
- SPL:
  . Fixed bug GH-12721 (SplFileInfo::getFilename() segfault in
    combination with GlobIterator and no directory separator).
- SQLite3:
  . Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite
    3.44.0).
- Standard:
  . Fix memory leak in syslog device handling.
  . Fixed bug GH-12621 (browscap segmentation fault when configured in
    the vhost).
  . Fixed bug GH-12655 (proc_open() does not take into account
    references in the descriptor array).
- Streams:
  . Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes
    segfault).
- Zip:
  . Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path
    Option Behavior).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32645
• https://www.php.net/ChangeLog-8.php#8.2.14

SRPMS

9/core

• php-8.2.14-1.mga9