Mageia 2022-0234: php security update | LinuxSecurity.com

Advisories

MGASA-2022-0234 - Updated php packages fix security vulnerability

Publication date: 18 Jun 2022
URL: https://advisories.mageia.org/MGASA-2022-0234.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-31625,
     CVE-2022-31626

CLI -Fixed bug #8575 (CLI closes standard streams too early).
Core -Fixed Haiku ZTS builds.
Date -Fixed bug #8471 (Segmentation fault when converting immutable and
mutable DateTime instances created using reflection).
php-fpm - Fixed bug #72185 writes empty fcgi record causing nginx 502.
Mysqlnd - Fixed bug #81719: mysqlnd/pdo password buffer overflow.
(CVE-2022-31626)
OPcache - Fixed bug #8466 (ini_get() is optimized out when the option does
not exist).
Pcntl - Fixed Haiku build.
Pgsql - Fixed bug #81720: Uninitialized array in pg_query_params().
(CVE-2022-31625)
Soap - Fixed bug #8578 (Error on wrong parameter on SoapHeader
constructor).
Fixed bug #8538 (SoapClient may strip parts of nmtokens).
SPL - Fixed bug #8235 (iterator_count() may run indefinitely).
Zip - Fixed type for index in ZipArchive::replaceFile.

References:
- https://bugs.mageia.org/show_bug.cgi?id=30533
- https://www.php.net/ChangeLog-8.php#8.0.20
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626

SRPMS:
- 8/core/php-8.0.20-3.mga8

Mageia 2022-0234: php security update

CLI -Fixed bug #8575 (CLI closes standard streams too early)

Summary

CLI -Fixed bug #8575 (CLI closes standard streams too early). Core -Fixed Haiku ZTS builds. Date -Fixed bug #8471 (Segmentation fault when converting immutable and mutable DateTime instances created using reflection). php-fpm - Fixed bug #72185 writes empty fcgi record causing nginx 502. Mysqlnd - Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) OPcache - Fixed bug #8466 (ini_get() is optimized out when the option does not exist). Pcntl - Fixed Haiku build. Pgsql - Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) Soap - Fixed bug #8578 (Error on wrong parameter on SoapHeader constructor). Fixed bug #8538 (SoapClient may strip parts of nmtokens). SPL - Fixed bug #8235 (iterator_count() may run indefinitely). Zip - Fixed type for index in ZipArchive::replaceFile.

References

- https://bugs.mageia.org/show_bug.cgi?id=30533

- https://www.php.net/ChangeLog-8.php#8.0.20

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626

Resolution

MGASA-2022-0234 - Updated php packages fix security vulnerability

SRPMS

- 8/core/php-8.0.20-3.mga8

Severity
Publication date: 18 Jun 2022
URL: https://advisories.mageia.org/MGASA-2022-0234.html
Type: security
CVE: CVE-2022-31625, CVE-2022-31626

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.