
Die Entwickler von PHP haben das Sicherheitsupdate 8.1.12 und 8.0.25 veröffentlicht. Geschlossen werden die 2 laut CVE-2022-31630 und CVE-2022-37454 Sicherheitslücken.
PHP 8.1.12 Release Notes
- Core:
- Fixes segfault with Fiber on FreeBSD i386 architecture.
- Fileinfo:
- Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files).
- GD:
- Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)
- Hash:
- Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)
- MBString:
- Fixed bug GH-9683 (Problem when ISO-2022-JP-MS is specified in mb_ encode_mimeheader).
- Opcache:
- Added indirect call reduction for jit on x86 architectures.
- Session:
- Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn’t have a validateId() method).
- Streams:
- Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set).
PHP 8.0.25 Release Notes
- GD:
- Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)
- Hash:
- Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)
- Session:
- Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn’t have a validateId() method).
- Streams:
- Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set).