Vulmon
Amazon Linux 2 Security Advisory: ALASPHP8.0-2023-004
Advisory Release Date: 2023-08-21 21:00 Pacific
Advisory Updated Date: 2023-09-13 19:32 Pacific
Severity:
Important
Issue Overview:
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. (CVE-2022-31630)
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. (CVE-2022-37454)
Affected Packages:
php
Issue Correction:
Run yum update php to update your system.
New Packages:
aarch64:
php-8.0.25-1.amzn2.aarch64
php-cli-8.0.25-1.amzn2.aarch64
php-dbg-8.0.25-1.amzn2.aarch64
php-fpm-8.0.25-1.amzn2.aarch64
php-common-8.0.25-1.amzn2.aarch64
php-devel-8.0.25-1.amzn2.aarch64
php-opcache-8.0.25-1.amzn2.aarch64
php-ldap-8.0.25-1.amzn2.aarch64
php-pdo-8.0.25-1.amzn2.aarch64
php-mysqlnd-8.0.25-1.amzn2.aarch64
php-pgsql-8.0.25-1.amzn2.aarch64
php-process-8.0.25-1.amzn2.aarch64
php-odbc-8.0.25-1.amzn2.aarch64
php-soap-8.0.25-1.amzn2.aarch64
php-snmp-8.0.25-1.amzn2.aarch64
php-xml-8.0.25-1.amzn2.aarch64
php-mbstring-8.0.25-1.amzn2.aarch64
php-gd-8.0.25-1.amzn2.aarch64
php-bcmath-8.0.25-1.amzn2.aarch64
php-gmp-8.0.25-1.amzn2.aarch64
php-dba-8.0.25-1.amzn2.aarch64
php-embedded-8.0.25-1.amzn2.aarch64
php-pspell-8.0.25-1.amzn2.aarch64
php-intl-8.0.25-1.amzn2.aarch64
php-enchant-8.0.25-1.amzn2.aarch64
php-sodium-8.0.25-1.amzn2.aarch64
php-debuginfo-8.0.25-1.amzn2.aarch64
src:
php-8.0.25-1.amzn2.src
x86_64:
php-8.0.25-1.amzn2.x86_64
php-cli-8.0.25-1.amzn2.x86_64
php-dbg-8.0.25-1.amzn2.x86_64
php-fpm-8.0.25-1.amzn2.x86_64
php-common-8.0.25-1.amzn2.x86_64
php-devel-8.0.25-1.amzn2.x86_64
php-opcache-8.0.25-1.amzn2.x86_64
php-ldap-8.0.25-1.amzn2.x86_64
php-pdo-8.0.25-1.amzn2.x86_64
php-mysqlnd-8.0.25-1.amzn2.x86_64
php-pgsql-8.0.25-1.amzn2.x86_64
php-process-8.0.25-1.amzn2.x86_64
php-odbc-8.0.25-1.amzn2.x86_64
php-soap-8.0.25-1.amzn2.x86_64
php-snmp-8.0.25-1.amzn2.x86_64
php-xml-8.0.25-1.amzn2.x86_64
php-mbstring-8.0.25-1.amzn2.x86_64
php-gd-8.0.25-1.amzn2.x86_64
php-bcmath-8.0.25-1.amzn2.x86_64
php-gmp-8.0.25-1.amzn2.x86_64
php-dba-8.0.25-1.amzn2.x86_64
php-embedded-8.0.25-1.amzn2.x86_64
php-pspell-8.0.25-1.amzn2.x86_64
php-intl-8.0.25-1.amzn2.x86_64
php-enchant-8.0.25-1.amzn2.x86_64
php-sodium-8.0.25-1.amzn2.x86_64
php-debuginfo-8.0.25-1.amzn2.x86_64