MGASA-2022-0362

Advisory lineage Upstream: 2 Downstream: 0
Published: 08 Oct 2022, 20:22
Last modified:16 Apr 2026, 04:22

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

08 Oct 2022, 20:22
Published
Vulnerability first disclosed
16 Apr 2026, 04:22
Last Modified
Vulnerability information updated

Description

Updated php packages fix security vulnerability Core Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) Fixed bug GH-9361 (Segmentation fault on script exit #9379). Fixed bug GH-9407 (LSP error in eval'd code refers to wrong class for static type). Fixed bug #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629) DOM Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free). FPM Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload). Fixed bug #77780 ("Headers already sent..." when previous connection was aborted). GMP Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()). Intl Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter). Phar Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628) PDO_PGSQL Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed). Reflection Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure). Fixed bug GH-9409 (Private method is incorrectly dumped as "overwrites"). Streams Fixed bug GH-9316 ($http_response_header is wrong for long status line).

Affected Systems

  • mageiaphp

    < 8.0.24-1.mga8

References (3)