Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2013-4113

A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113)

Source

ALAS-2013-211

Amazon Linux AMI Security Advisory: ALAS-2013-211
Advisory Release Date: 2013-07-12 15:56 Pacific
Advisory Updated Date: 2014-09-15 23:17 Pacific

Severity: Critical

References: CVE-2013-4113 RHSA-2013-1049

Issue Overview:

A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113)

Affected Packages:

php

Issue Correction:
Run yum update php to update your system.

New Packages:

i686:
    php-snmp-5.3.27-1.0.amzn1.i686
    php-mysql-5.3.27-1.0.amzn1.i686
    php-mssql-5.3.27-1.0.amzn1.i686
    php-xml-5.3.27-1.0.amzn1.i686
    php-intl-5.3.27-1.0.amzn1.i686
    php-mysqlnd-5.3.27-1.0.amzn1.i686
    php-pdo-5.3.27-1.0.amzn1.i686
    php-odbc-5.3.27-1.0.amzn1.i686
    php-embedded-5.3.27-1.0.amzn1.i686
    php-dba-5.3.27-1.0.amzn1.i686
    php-xmlrpc-5.3.27-1.0.amzn1.i686
    php-mbstring-5.3.27-1.0.amzn1.i686
    php-debuginfo-5.3.27-1.0.amzn1.i686
    php-ldap-5.3.27-1.0.amzn1.i686
    php-5.3.27-1.0.amzn1.i686
    php-enchant-5.3.27-1.0.amzn1.i686
    php-cli-5.3.27-1.0.amzn1.i686
    php-pgsql-5.3.27-1.0.amzn1.i686
    php-common-5.3.27-1.0.amzn1.i686
    php-bcmath-5.3.27-1.0.amzn1.i686
    php-soap-5.3.27-1.0.amzn1.i686
    php-imap-5.3.27-1.0.amzn1.i686
    php-devel-5.3.27-1.0.amzn1.i686
    php-gd-5.3.27-1.0.amzn1.i686
    php-process-5.3.27-1.0.amzn1.i686
    php-recode-5.3.27-1.0.amzn1.i686
    php-mcrypt-5.3.27-1.0.amzn1.i686
    php-fpm-5.3.27-1.0.amzn1.i686
    php-tidy-5.3.27-1.0.amzn1.i686
    php-pspell-5.3.27-1.0.amzn1.i686

src:
    php-5.3.27-1.0.amzn1.src

x86_64:
    php-fpm-5.3.27-1.0.amzn1.x86_64
    php-intl-5.3.27-1.0.amzn1.x86_64
    php-common-5.3.27-1.0.amzn1.x86_64
    php-snmp-5.3.27-1.0.amzn1.x86_64
    php-mbstring-5.3.27-1.0.amzn1.x86_64
    php-xml-5.3.27-1.0.amzn1.x86_64
    php-pdo-5.3.27-1.0.amzn1.x86_64
    php-process-5.3.27-1.0.amzn1.x86_64
    php-dba-5.3.27-1.0.amzn1.x86_64
    php-mysqlnd-5.3.27-1.0.amzn1.x86_64
    php-gd-5.3.27-1.0.amzn1.x86_64
    php-mssql-5.3.27-1.0.amzn1.x86_64
    php-recode-5.3.27-1.0.amzn1.x86_64
    php-mysql-5.3.27-1.0.amzn1.x86_64
    php-bcmath-5.3.27-1.0.amzn1.x86_64
    php-embedded-5.3.27-1.0.amzn1.x86_64
    php-devel-5.3.27-1.0.amzn1.x86_64
    php-imap-5.3.27-1.0.amzn1.x86_64
    php-xmlrpc-5.3.27-1.0.amzn1.x86_64
    php-pgsql-5.3.27-1.0.amzn1.x86_64
    php-tidy-5.3.27-1.0.amzn1.x86_64
    php-cli-5.3.27-1.0.amzn1.x86_64
    php-odbc-5.3.27-1.0.amzn1.x86_64
    php-debuginfo-5.3.27-1.0.amzn1.x86_64
    php-soap-5.3.27-1.0.amzn1.x86_64
    php-ldap-5.3.27-1.0.amzn1.x86_64
    php-mcrypt-5.3.27-1.0.amzn1.x86_64
    php-5.3.27-1.0.amzn1.x86_64
    php-pspell-5.3.27-1.0.amzn1.x86_64
    php-enchant-5.3.27-1.0.amzn1.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2013-211

ALAS-2013-211

Vulmon Search

About

Products

Connect