PHP 8.1.14 – 8.2.1 und 8.0.27 Security Release

Die Programmiersprache PHP erhielt am 5.1.2023 ein Update. Das Sicherheitsupdate behebt einige Fehler und schließt eine Sicherhetislücken in PDO/SQLite die unter CVE-2022-31631 gelistet wird.

PHP 8.2.1 Release Notes

• Core:
  • Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
  • Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file).
  • Fixed bug GH-9890 (OpenSSL legacy providers not available on Windows).
  • Fixed bug GH-9650 (Can’t initialize heap: [0x000001e7]).
  • Fixed potentially undefined behavior in Windows ftok(3) emulation.
  • Fixed GH-9769 (Misleading error message for unpacking of objects).
• Apache:
  • Fixed bug GH-9949 (Partial content on incomplete POST request).
• FPM:
  • Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug #66694).
  • Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING).
  • Fixed bug #80669 (FPM numeric user fails to set groups).
  • Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said).
• Imap:
  • Fixed bug GH-10051 (IMAP: there’s no way to check if a IMAP\Connection is still open).
• MBString:
  • Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1).
• Opcache:
  • Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
• OpenSSL:
  • Fixed bug GH-9997 (OpenSSL engine clean up segfault).
  • Fixed bug GH-9064 (PHP fails to build if openssl was built with –no-ec).
  • Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa).
• Pcntl:
  • Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
• PDO_Firebird:
  • Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
• PDO/SQLite:
  • Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
• Session:
  • Fixed GH-9932 (session name silently fails with . and [).
• SPL:
  • Fixed GH-9883 (SplFileObject::__toString() reads next line).
  • Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered).
• SQLite3:
  • Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI).
• TSRM:
  • Fixed Windows shmget() wrt. IPC_PRIVATE.

PHP 8.1.14 Release Notes

• Core:
• Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
• Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file).
• Fixed bug GH-9650 (Can’t initialize heap: [0x000001e7]).
• Fixed potentially undefined behavior in Windows ftok(3) emulation.
• Date:
  • Fixed bug GH-9699 (DateTimeImmutable::diff differences in 8.1.10 onwards – timezone related).
  • Fixed bug GH-9700 (DateTime::createFromFormat: Parsing TZID string is too greedy).
  • Fixed bug GH-9866 (Time zone bug with \DateTimeInterface::diff()).
  • Fixed bug GH-9880 (DateTime diff returns wrong sign on day count when using a timezone).
• FPM:
  • Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug #66694).
  • Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING).
  • Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said).
• MBString:
  • Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1).
• Opcache:
  • Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
• OpenSSL:
  • Fixed bug GH-9064 (PHP fails to build if openssl was built with –no-ec).
  • Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa).
• Pcntl:
  • Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
• PDO_Firebird:
  • Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
• PDO/SQLite:
  • Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
• Session:
  • Fixed GH-9932 (session name silently fails with . and [).
• SPL:
  • Fixed GH-9883 (SplFileObject::__toString() reads next line).
  • Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered).
• SQLite3:
  • Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI).

PHP 8.0.27 Release Notes

• PDO/SQLite:
  • Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)

JARVIS

Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.