MGASA-2024-0262

Description

Updated php packages fix security vulnerability This update ships the latest version of php 8.2. It brings fixed security issues and the usual bug fixes. Vulnerability: A code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly. (CVE-2024-5458) Notable fixes: DOM: Fixed bug GH-14343 (Memory leak in xml and dom). FPM: Fixed bug GH-13563 (Setting bool values via env in FPM config fails). MySQLnd: Fix bug GH-14255 (mysqli_fetch_assoc reports error from nested query). Posix: Fix usage of reentrant functions in ext/posix. Soap: Various memory issues SPL: Fixed bug GH-14290 (Member access within null pointer in extension spl). Streams: Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was not allocated and malloc: double free for ptr errors).

Affected Systems

• mageia•php

  < 8.2.21-2.mga9

References (5)

• https://advisories.mageia.org/MGASA-2024-0262.html
• https://bugs.mageia.org/show_bug.cgi?id=33358
• https://www.php.net/ChangeLog-8.php#8.2.21
• https://www.php.net/ChangeLog-8.php#8.2.20
• https://www.php.net/ChangeLog-8.php#8.2.19