{"id":"MGASA-2024-0262","summary":"Updated php packages fix security vulnerability","details":"This update ships the latest version of php 8.2. It brings fixed\nsecurity issues and the usual bug fixes.\nVulnerability:\n A code logic error, filtering functions such as filter_var when\nvalidating URLs (FILTER_VALIDATE_URL) for certain types of URLs the\nfunction will result in invalid user information (username + password\npart of URLs) being treated as valid user information. This may lead to\nthe downstream code accepting invalid URLs as valid and parsing them\nincorrectly. (CVE-2024-5458)\nNotable fixes:\nDOM:\n  Fixed bug GH-14343 (Memory leak in xml and dom).\nFPM:\n  Fixed bug GH-13563 (Setting bool values via env in FPM config fails).\nMySQLnd:\n  Fix bug GH-14255 (mysqli_fetch_assoc reports error from nested query).\nPosix:\n  Fix usage of reentrant functions in ext/posix.\nSoap:\n  Various memory issues\nSPL:\n  Fixed bug GH-14290 (Member access within null pointer in extension\nspl).\nStreams:\n  Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was\nnot allocated and malloc: double free for ptr errors).\n","modified":"2026-04-16T04:40:39.770667750Z","published":"2024-07-11T01:04:23Z","upstream":["CVE-2024-5458"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0262.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33358"},{"type":"WEB","url":"https://www.php.net/ChangeLog-8.php#8.2.21"},{"type":"WEB","url":"https://www.php.net/ChangeLog-8.php#8.2.20"},{"type":"WEB","url":"https://www.php.net/ChangeLog-8.php#8.2.19"}],"affected":[{"package":{"name":"php","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/php?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.2.21-2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0262.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}