Vulmon
Amazon Linux AMI Security Advisory: ALAS-2013-263
Advisory Release Date: 2013-12-17 21:29 Pacific
Advisory Updated Date: 2014-09-16 22:11 Pacific
Severity:
Critical
References:
CVE-2013-6420
Issue Overview:
A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.
Affected Packages:
php54
Issue Correction:
Run yum update php54 to update your system.
New Packages:
i686:
php54-recode-5.4.23-1.49.amzn1.i686
php54-mysqlnd-5.4.23-1.49.amzn1.i686
php54-enchant-5.4.23-1.49.amzn1.i686
php54-common-5.4.23-1.49.amzn1.i686
php54-xml-5.4.23-1.49.amzn1.i686
php54-imap-5.4.23-1.49.amzn1.i686
php54-tidy-5.4.23-1.49.amzn1.i686
php54-process-5.4.23-1.49.amzn1.i686
php54-snmp-5.4.23-1.49.amzn1.i686
php54-gd-5.4.23-1.49.amzn1.i686
php54-soap-5.4.23-1.49.amzn1.i686
php54-mssql-5.4.23-1.49.amzn1.i686
php54-embedded-5.4.23-1.49.amzn1.i686
php54-5.4.23-1.49.amzn1.i686
php54-ldap-5.4.23-1.49.amzn1.i686
php54-pgsql-5.4.23-1.49.amzn1.i686
php54-fpm-5.4.23-1.49.amzn1.i686
php54-odbc-5.4.23-1.49.amzn1.i686
php54-pspell-5.4.23-1.49.amzn1.i686
php54-devel-5.4.23-1.49.amzn1.i686
php54-intl-5.4.23-1.49.amzn1.i686
php54-pdo-5.4.23-1.49.amzn1.i686
php54-cli-5.4.23-1.49.amzn1.i686
php54-mbstring-5.4.23-1.49.amzn1.i686
php54-mcrypt-5.4.23-1.49.amzn1.i686
php54-xmlrpc-5.4.23-1.49.amzn1.i686
php54-dba-5.4.23-1.49.amzn1.i686
php54-bcmath-5.4.23-1.49.amzn1.i686
php54-mysql-5.4.23-1.49.amzn1.i686
php54-debuginfo-5.4.23-1.49.amzn1.i686
src:
php54-5.4.23-1.49.amzn1.src
x86_64:
php54-xml-5.4.23-1.49.amzn1.x86_64
php54-xmlrpc-5.4.23-1.49.amzn1.x86_64
php54-gd-5.4.23-1.49.amzn1.x86_64
php54-recode-5.4.23-1.49.amzn1.x86_64
php54-pgsql-5.4.23-1.49.amzn1.x86_64
php54-mssql-5.4.23-1.49.amzn1.x86_64
php54-mcrypt-5.4.23-1.49.amzn1.x86_64
php54-odbc-5.4.23-1.49.amzn1.x86_64
php54-fpm-5.4.23-1.49.amzn1.x86_64
php54-pspell-5.4.23-1.49.amzn1.x86_64
php54-soap-5.4.23-1.49.amzn1.x86_64
php54-enchant-5.4.23-1.49.amzn1.x86_64
php54-common-5.4.23-1.49.amzn1.x86_64
php54-bcmath-5.4.23-1.49.amzn1.x86_64
php54-cli-5.4.23-1.49.amzn1.x86_64
php54-5.4.23-1.49.amzn1.x86_64
php54-snmp-5.4.23-1.49.amzn1.x86_64
php54-pdo-5.4.23-1.49.amzn1.x86_64
php54-mysql-5.4.23-1.49.amzn1.x86_64
php54-embedded-5.4.23-1.49.amzn1.x86_64
php54-intl-5.4.23-1.49.amzn1.x86_64
php54-process-5.4.23-1.49.amzn1.x86_64
php54-imap-5.4.23-1.49.amzn1.x86_64
php54-ldap-5.4.23-1.49.amzn1.x86_64
php54-tidy-5.4.23-1.49.amzn1.x86_64
php54-devel-5.4.23-1.49.amzn1.x86_64
php54-dba-5.4.23-1.49.amzn1.x86_64
php54-debuginfo-5.4.23-1.49.amzn1.x86_64
php54-mysqlnd-5.4.23-1.49.amzn1.x86_64
php54-mbstring-5.4.23-1.49.amzn1.x86_64