Fedora Linux 8645 Published by

A php security update has been released for Fedora 37.

SECURITY: Fedora 37 Update: php-8.1.12-1.fc37

Fedora Update Notification
2022-11-10 22:04:44.634259

Name : php
Product : Fedora 37
Version : 8.1.12
Release : 1.fc37
URL :   http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

Update Information:

**PHP version 8.1.12** (27 Oct 2022) **Core:** * Fixes segfault with Fiber on
FreeBSD i386 architecture. (David Carlier) **Fileinfo:** * Fixed bug
[GH-8805](  https://github.com/php/php-src/issues/8805) (finfo returns wrong mime
type for woff/woff2 files). (Anatol) **GD:** * Fixed bug php#81739: OOB read
due to insufficient input validation in imageloadfont(). (**CVE-2022-31630**)
(cmb) **Hash:** * Fixed bug php#81738: buffer overflow in hash_update() on
long parameter. (**CVE-2022-37454**) (nicky at mouha dot be) **MBString:** -
Fixed bug [GH-9683](  https://github.com/php/php-src/issues/9683) (Problem when
ISO-2022-JP-MS is specified in mb_ encode_mimeheader). (Alex Dowad)
**Opcache:** * Added indirect call reduction for jit on x86 architectures.
(wxue1) **Session:** * Fixed bug [GH-9583](  https://github.com/php/php-
src/issues/9583) (session_create_id() fails with user defined save handler that
doesn't have a validateId() method). (Girgias) **Streams:** * Fixed bug
[GH-9590](  https://github.com/php/php-src/issues/9590) (stream_select does not
abort upon exception or empty valid fd set). (Arnaud) ---- **PHP version
8.1.11** (29 Sep 2022) **Core:** * Fixed bug php#81726: phar wrapper: DOS when
using quine gzip file. (**CVE-2022-31628**). (cmb) * Fixed bug php#81727: Don't
mangle HTTP variable names that clash with ones that have a specific semantic
meaning. (**CVE-2022-31629**). (Derick) * Fixed bug
[GH-9323](  https://github.com/php/php-src/issues/9323) (Crash in
ZEND_RETURN/GC/zend_call_function) (Tim Starling) * Fixed bug
[GH-9361](  https://github.com/php/php-src/issues/9361) (Segmentation fault on
script exit php#9379). (cmb, Christian Schneider) * Fixed bug
[GH-9447](  https://github.com/php/php-src/issues/9447) (Invalid class FQN emitted
by AST dump for new and class constants in constant expressions). (ilutov)
**DOM:** * Fixed bug php#79451 (DOMDocument->replaceChild on doctype causes
double free). (Nathan Freeman) **FPM:** * Fixed bug
[GH-8885](  https://github.com/php/php-src/issues/8885) (FPM access.log with
stderr begins to write logs to error_log after daemon reload). (Dmitry
Menshikov) * Fixed bug php#77780 ("Headers already sent..." when previous
connection was aborted). (Jakub Zelenka) **GMP** * Fixed bug
[GH-9308](  https://github.com/php/php-src/issues/9308) (GMP throws the wrong
error when a GMP object is passed to gmp_init()). (Girgias) **Intl** * Fixed
bug [GH-9421](  https://github.com/php/php-src/issues/9421) (Incorrect argument
number for ValueError in NumberFormatter). (Girgias) **PCRE:** * Fixed
pcre.jit on Apple Silicon. (Niklas Keller) **PDO_PGSQL:** * Fixed bug
[GH-9411](  https://github.com/php/php-src/issues/9411) (PgSQL large object
resource is incorrectly closed). (Yurunsoft) **Reflection:** * Fixed bug
[GH-8932](  https://github.com/php/php-src/issues/8932) (ReflectionFunction
provides no way to get the called class of a Closure). (cmb, Nicolas Grekas)
**Streams:** * Fixed bug [GH-9316](  https://github.com/php/php-src/issues/9316)
($http_response_header is wrong for long status line). (cmb, timwolla)

* Wed Oct 26 2022 Remi Collet - 8.1.12-1
- Update to 8.1.12 -   http://www.php.net/releases/8_1_12.php
* Wed Sep 28 2022 Remi Collet - 8.1.11-1
- Update to 8.1.11 -   http://www.php.net/releases/8_1_11.php

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-f204e1d0ed' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at