Advisories » MGASA-2022-0234

Updated php packages fix security vulnerability

Publication date: 18 Jun 2022
Modification date: 18 Jun 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-31625 , CVE-2022-31626

Description

CLI -Fixed bug #8575 (CLI closes standard streams too early).
Core -Fixed Haiku ZTS builds.
Date -Fixed bug #8471 (Segmentation fault when converting immutable and
mutable DateTime instances created using reflection).
php-fpm - Fixed bug #72185 writes empty fcgi record causing nginx 502.
Mysqlnd - Fixed bug #81719: mysqlnd/pdo password buffer overflow.
(CVE-2022-31626)
OPcache - Fixed bug #8466 (ini_get() is optimized out when the option does
not exist).
Pcntl - Fixed Haiku build.
Pgsql - Fixed bug #81720: Uninitialized array in pg_query_params().
(CVE-2022-31625)
Soap - Fixed bug #8578 (Error on wrong parameter on SoapHeader
constructor).
Fixed bug #8538 (SoapClient may strip parts of nmtokens).
SPL - Fixed bug #8235 (iterator_count() may run indefinitely).
Zip - Fixed type for index in ZipArchive::replaceFile.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=30533
• https://www.php.net/ChangeLog-8.php#8.0.20
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626

SRPMS

8/core

• php-8.0.20-3.mga8