SECURITY: Fedora 37 Update: php-8.1.12-1.fc37
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-f204e1d0ed
2022-11-10 22:04:44.634259
--------------------------------------------------------------------------------
Name : php
Product : Fedora 37
Version : 8.1.12
Release : 1.fc37
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
--------------------------------------------------------------------------------
Update Information:
**PHP version 8.1.12** (27 Oct 2022) **Core:** * Fixes segfault with Fiber on
FreeBSD i386 architecture. (David Carlier) **Fileinfo:** * Fixed bug
[GH-8805]( https://github.com/php/php-src/issues/8805) (finfo returns wrong mime
type for woff/woff2 files). (Anatol) **GD:** * Fixed bug php#81739: OOB read
due to insufficient input validation in imageloadfont(). (**CVE-2022-31630**)
(cmb) **Hash:** * Fixed bug php#81738: buffer overflow in hash_update() on
long parameter. (**CVE-2022-37454**) (nicky at mouha dot be) **MBString:** -
Fixed bug [GH-9683]( https://github.com/php/php-src/issues/9683) (Problem when
ISO-2022-JP-MS is specified in mb_ encode_mimeheader). (Alex Dowad)
**Opcache:** * Added indirect call reduction for jit on x86 architectures.
(wxue1) **Session:** * Fixed bug [GH-9583]( https://github.com/php/php-
src/issues/9583) (session_create_id() fails with user defined save handler that
doesn't have a validateId() method). (Girgias) **Streams:** * Fixed bug
[GH-9590]( https://github.com/php/php-src/issues/9590) (stream_select does not
abort upon exception or empty valid fd set). (Arnaud) ---- **PHP version
8.1.11** (29 Sep 2022) **Core:** * Fixed bug php#81726: phar wrapper: DOS when
using quine gzip file. (**CVE-2022-31628**). (cmb) * Fixed bug php#81727: Don't
mangle HTTP variable names that clash with ones that have a specific semantic
meaning. (**CVE-2022-31629**). (Derick) * Fixed bug
[GH-9323]( https://github.com/php/php-src/issues/9323) (Crash in
ZEND_RETURN/GC/zend_call_function) (Tim Starling) * Fixed bug
[GH-9361]( https://github.com/php/php-src/issues/9361) (Segmentation fault on
script exit php#9379). (cmb, Christian Schneider) * Fixed bug
[GH-9447]( https://github.com/php/php-src/issues/9447) (Invalid class FQN emitted
by AST dump for new and class constants in constant expressions). (ilutov)
**DOM:** * Fixed bug php#79451 (DOMDocument->replaceChild on doctype causes
double free). (Nathan Freeman) **FPM:** * Fixed bug
[GH-8885]( https://github.com/php/php-src/issues/8885) (FPM access.log with
stderr begins to write logs to error_log after daemon reload). (Dmitry
Menshikov) * Fixed bug php#77780 ("Headers already sent..." when previous
connection was aborted). (Jakub Zelenka) **GMP** * Fixed bug
[GH-9308]( https://github.com/php/php-src/issues/9308) (GMP throws the wrong
error when a GMP object is passed to gmp_init()). (Girgias) **Intl** * Fixed
bug [GH-9421]( https://github.com/php/php-src/issues/9421) (Incorrect argument
number for ValueError in NumberFormatter). (Girgias) **PCRE:** * Fixed
pcre.jit on Apple Silicon. (Niklas Keller) **PDO_PGSQL:** * Fixed bug
[GH-9411]( https://github.com/php/php-src/issues/9411) (PgSQL large object
resource is incorrectly closed). (Yurunsoft) **Reflection:** * Fixed bug
[GH-8932]( https://github.com/php/php-src/issues/8932) (ReflectionFunction
provides no way to get the called class of a Closure). (cmb, Nicolas Grekas)
**Streams:** * Fixed bug [GH-9316]( https://github.com/php/php-src/issues/9316)
($http_response_header is wrong for long status line). (cmb, timwolla)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 26 2022 Remi Collet - 8.1.12-1
- Update to 8.1.12 - http://www.php.net/releases/8_1_12.php
* Wed Sep 28 2022 Remi Collet - 8.1.11-1
- Update to 8.1.11 - http://www.php.net/releases/8_1_11.php
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-f204e1d0ed' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
A php security update has been released for Fedora 37.