Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2018-1090

Related Vulnerabilities: CVE-2018-17082  

The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. (CVE-2018-17082)

Source

ALAS-2018-1090

Amazon Linux AMI Security Advisory: ALAS-2018-1090
Advisory Release Date: 2018-10-17 21:56 Pacific
Advisory Updated Date: 2018-10-18 22:18 Pacific
Severity: Medium
References: CVE-2018-17082 
Issue Overview:

The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. (CVE-2018-17082)


Affected Packages:

php56, php70, php71, php72


Issue Correction:
Run yum update php56 to update your system.
Run yum update php70 to update your system.
Run yum update php71 to update your system.
Run yum update php72 to update your system.

New Packages:
i686:
    php56-soap-5.6.38-1.140.amzn1.i686
    php56-debuginfo-5.6.38-1.140.amzn1.i686
    php56-ldap-5.6.38-1.140.amzn1.i686
    php56-intl-5.6.38-1.140.amzn1.i686
    php56-opcache-5.6.38-1.140.amzn1.i686
    php56-enchant-5.6.38-1.140.amzn1.i686
    php56-recode-5.6.38-1.140.amzn1.i686
    php56-xmlrpc-5.6.38-1.140.amzn1.i686
    php56-mssql-5.6.38-1.140.amzn1.i686
    php56-fpm-5.6.38-1.140.amzn1.i686
    php56-pgsql-5.6.38-1.140.amzn1.i686
    php56-odbc-5.6.38-1.140.amzn1.i686
    php56-pspell-5.6.38-1.140.amzn1.i686
    php56-cli-5.6.38-1.140.amzn1.i686
    php56-common-5.6.38-1.140.amzn1.i686
    php56-dba-5.6.38-1.140.amzn1.i686
    php56-tidy-5.6.38-1.140.amzn1.i686
    php56-5.6.38-1.140.amzn1.i686
    php56-mbstring-5.6.38-1.140.amzn1.i686
    php56-pdo-5.6.38-1.140.amzn1.i686
    php56-mysqlnd-5.6.38-1.140.amzn1.i686
    php56-mcrypt-5.6.38-1.140.amzn1.i686
    php56-process-5.6.38-1.140.amzn1.i686
    php56-embedded-5.6.38-1.140.amzn1.i686
    php56-devel-5.6.38-1.140.amzn1.i686
    php56-dbg-5.6.38-1.140.amzn1.i686
    php56-gd-5.6.38-1.140.amzn1.i686
    php56-imap-5.6.38-1.140.amzn1.i686
    php56-xml-5.6.38-1.140.amzn1.i686
    php56-snmp-5.6.38-1.140.amzn1.i686
    php56-bcmath-5.6.38-1.140.amzn1.i686
    php56-gmp-5.6.38-1.140.amzn1.i686
    php71-debuginfo-7.1.23-1.34.amzn1.i686
    php71-pspell-7.1.23-1.34.amzn1.i686
    php71-pgsql-7.1.23-1.34.amzn1.i686
    php71-dba-7.1.23-1.34.amzn1.i686
    php71-snmp-7.1.23-1.34.amzn1.i686
    php71-recode-7.1.23-1.34.amzn1.i686
    php71-mbstring-7.1.23-1.34.amzn1.i686
    php71-dbg-7.1.23-1.34.amzn1.i686
    php71-opcache-7.1.23-1.34.amzn1.i686
    php71-xmlrpc-7.1.23-1.34.amzn1.i686
    php71-intl-7.1.23-1.34.amzn1.i686
    php71-devel-7.1.23-1.34.amzn1.i686
    php71-imap-7.1.23-1.34.amzn1.i686
    php71-common-7.1.23-1.34.amzn1.i686
    php71-soap-7.1.23-1.34.amzn1.i686
    php71-process-7.1.23-1.34.amzn1.i686
    php71-pdo-dblib-7.1.23-1.34.amzn1.i686
    php71-bcmath-7.1.23-1.34.amzn1.i686
    php71-xml-7.1.23-1.34.amzn1.i686
    php71-enchant-7.1.23-1.34.amzn1.i686
    php71-odbc-7.1.23-1.34.amzn1.i686
    php71-gd-7.1.23-1.34.amzn1.i686
    php71-gmp-7.1.23-1.34.amzn1.i686
    php71-fpm-7.1.23-1.34.amzn1.i686
    php71-pdo-7.1.23-1.34.amzn1.i686
    php71-ldap-7.1.23-1.34.amzn1.i686
    php71-mysqlnd-7.1.23-1.34.amzn1.i686
    php71-json-7.1.23-1.34.amzn1.i686
    php71-embedded-7.1.23-1.34.amzn1.i686
    php71-mcrypt-7.1.23-1.34.amzn1.i686
    php71-tidy-7.1.23-1.34.amzn1.i686
    php71-cli-7.1.23-1.34.amzn1.i686
    php71-7.1.23-1.34.amzn1.i686
    php70-dbg-7.0.32-1.31.amzn1.i686
    php70-gmp-7.0.32-1.31.amzn1.i686
    php70-common-7.0.32-1.31.amzn1.i686
    php70-snmp-7.0.32-1.31.amzn1.i686
    php70-mbstring-7.0.32-1.31.amzn1.i686
    php70-pdo-dblib-7.0.32-1.31.amzn1.i686
    php70-fpm-7.0.32-1.31.amzn1.i686
    php70-gd-7.0.32-1.31.amzn1.i686
    php70-ldap-7.0.32-1.31.amzn1.i686
    php70-xml-7.0.32-1.31.amzn1.i686
    php70-odbc-7.0.32-1.31.amzn1.i686
    php70-intl-7.0.32-1.31.amzn1.i686
    php70-process-7.0.32-1.31.amzn1.i686
    php70-enchant-7.0.32-1.31.amzn1.i686
    php70-pgsql-7.0.32-1.31.amzn1.i686
    php70-dba-7.0.32-1.31.amzn1.i686
    php70-bcmath-7.0.32-1.31.amzn1.i686
    php70-tidy-7.0.32-1.31.amzn1.i686
    php70-cli-7.0.32-1.31.amzn1.i686
    php70-pdo-7.0.32-1.31.amzn1.i686
    php70-7.0.32-1.31.amzn1.i686
    php70-json-7.0.32-1.31.amzn1.i686
    php70-mcrypt-7.0.32-1.31.amzn1.i686
    php70-mysqlnd-7.0.32-1.31.amzn1.i686
    php70-xmlrpc-7.0.32-1.31.amzn1.i686
    php70-zip-7.0.32-1.31.amzn1.i686
    php70-embedded-7.0.32-1.31.amzn1.i686
    php70-recode-7.0.32-1.31.amzn1.i686
    php70-opcache-7.0.32-1.31.amzn1.i686
    php70-soap-7.0.32-1.31.amzn1.i686
    php70-imap-7.0.32-1.31.amzn1.i686
    php70-debuginfo-7.0.32-1.31.amzn1.i686
    php70-devel-7.0.32-1.31.amzn1.i686
    php70-pspell-7.0.32-1.31.amzn1.i686
    php72-pdo-dblib-7.2.11-1.6.amzn1.i686
    php72-imap-7.2.11-1.6.amzn1.i686
    php72-opcache-7.2.11-1.6.amzn1.i686
    php72-devel-7.2.11-1.6.amzn1.i686
    php72-dbg-7.2.11-1.6.amzn1.i686
    php72-mbstring-7.2.11-1.6.amzn1.i686
    php72-bcmath-7.2.11-1.6.amzn1.i686
    php72-recode-7.2.11-1.6.amzn1.i686
    php72-dba-7.2.11-1.6.amzn1.i686
    php72-7.2.11-1.6.amzn1.i686
    php72-soap-7.2.11-1.6.amzn1.i686
    php72-enchant-7.2.11-1.6.amzn1.i686
    php72-snmp-7.2.11-1.6.amzn1.i686
    php72-debuginfo-7.2.11-1.6.amzn1.i686
    php72-gmp-7.2.11-1.6.amzn1.i686
    php72-mysqlnd-7.2.11-1.6.amzn1.i686
    php72-fpm-7.2.11-1.6.amzn1.i686
    php72-embedded-7.2.11-1.6.amzn1.i686
    php72-common-7.2.11-1.6.amzn1.i686
    php72-process-7.2.11-1.6.amzn1.i686
    php72-json-7.2.11-1.6.amzn1.i686
    php72-pgsql-7.2.11-1.6.amzn1.i686
    php72-pdo-7.2.11-1.6.amzn1.i686
    php72-xml-7.2.11-1.6.amzn1.i686
    php72-intl-7.2.11-1.6.amzn1.i686
    php72-cli-7.2.11-1.6.amzn1.i686
    php72-gd-7.2.11-1.6.amzn1.i686
    php72-ldap-7.2.11-1.6.amzn1.i686
    php72-odbc-7.2.11-1.6.amzn1.i686
    php72-pspell-7.2.11-1.6.amzn1.i686
    php72-xmlrpc-7.2.11-1.6.amzn1.i686
    php72-tidy-7.2.11-1.6.amzn1.i686

src:
    php56-5.6.38-1.140.amzn1.src
    php71-7.1.23-1.34.amzn1.src
    php70-7.0.32-1.31.amzn1.src
    php72-7.2.11-1.6.amzn1.src

x86_64:
    php56-recode-5.6.38-1.140.amzn1.x86_64
    php56-process-5.6.38-1.140.amzn1.x86_64
    php56-dba-5.6.38-1.140.amzn1.x86_64
    php56-opcache-5.6.38-1.140.amzn1.x86_64
    php56-odbc-5.6.38-1.140.amzn1.x86_64
    php56-debuginfo-5.6.38-1.140.amzn1.x86_64
    php56-mbstring-5.6.38-1.140.amzn1.x86_64
    php56-common-5.6.38-1.140.amzn1.x86_64
    php56-devel-5.6.38-1.140.amzn1.x86_64
    php56-xml-5.6.38-1.140.amzn1.x86_64
    php56-dbg-5.6.38-1.140.amzn1.x86_64
    php56-bcmath-5.6.38-1.140.amzn1.x86_64
    php56-mysqlnd-5.6.38-1.140.amzn1.x86_64
    php56-imap-5.6.38-1.140.amzn1.x86_64
    php56-pgsql-5.6.38-1.140.amzn1.x86_64
    php56-pspell-5.6.38-1.140.amzn1.x86_64
    php56-gmp-5.6.38-1.140.amzn1.x86_64
    php56-embedded-5.6.38-1.140.amzn1.x86_64
    php56-intl-5.6.38-1.140.amzn1.x86_64
    php56-tidy-5.6.38-1.140.amzn1.x86_64
    php56-5.6.38-1.140.amzn1.x86_64
    php56-snmp-5.6.38-1.140.amzn1.x86_64
    php56-ldap-5.6.38-1.140.amzn1.x86_64
    php56-gd-5.6.38-1.140.amzn1.x86_64
    php56-mcrypt-5.6.38-1.140.amzn1.x86_64
    php56-mssql-5.6.38-1.140.amzn1.x86_64
    php56-fpm-5.6.38-1.140.amzn1.x86_64
    php56-cli-5.6.38-1.140.amzn1.x86_64
    php56-enchant-5.6.38-1.140.amzn1.x86_64
    php56-xmlrpc-5.6.38-1.140.amzn1.x86_64
    php56-soap-5.6.38-1.140.amzn1.x86_64
    php56-pdo-5.6.38-1.140.amzn1.x86_64
    php71-mcrypt-7.1.23-1.34.amzn1.x86_64
    php71-devel-7.1.23-1.34.amzn1.x86_64
    php71-embedded-7.1.23-1.34.amzn1.x86_64
    php71-pdo-dblib-7.1.23-1.34.amzn1.x86_64
    php71-odbc-7.1.23-1.34.amzn1.x86_64
    php71-process-7.1.23-1.34.amzn1.x86_64
    php71-dbg-7.1.23-1.34.amzn1.x86_64
    php71-cli-7.1.23-1.34.amzn1.x86_64
    php71-pgsql-7.1.23-1.34.amzn1.x86_64
    php71-dba-7.1.23-1.34.amzn1.x86_64
    php71-pspell-7.1.23-1.34.amzn1.x86_64
    php71-recode-7.1.23-1.34.amzn1.x86_64
    php71-imap-7.1.23-1.34.amzn1.x86_64
    php71-7.1.23-1.34.amzn1.x86_64
    php71-bcmath-7.1.23-1.34.amzn1.x86_64
    php71-common-7.1.23-1.34.amzn1.x86_64
    php71-xmlrpc-7.1.23-1.34.amzn1.x86_64
    php71-fpm-7.1.23-1.34.amzn1.x86_64
    php71-debuginfo-7.1.23-1.34.amzn1.x86_64
    php71-json-7.1.23-1.34.amzn1.x86_64
    php71-mbstring-7.1.23-1.34.amzn1.x86_64
    php71-pdo-7.1.23-1.34.amzn1.x86_64
    php71-mysqlnd-7.1.23-1.34.amzn1.x86_64
    php71-ldap-7.1.23-1.34.amzn1.x86_64
    php71-tidy-7.1.23-1.34.amzn1.x86_64
    php71-soap-7.1.23-1.34.amzn1.x86_64
    php71-gmp-7.1.23-1.34.amzn1.x86_64
    php71-enchant-7.1.23-1.34.amzn1.x86_64
    php71-xml-7.1.23-1.34.amzn1.x86_64
    php71-opcache-7.1.23-1.34.amzn1.x86_64
    php71-gd-7.1.23-1.34.amzn1.x86_64
    php71-intl-7.1.23-1.34.amzn1.x86_64
    php71-snmp-7.1.23-1.34.amzn1.x86_64
    php70-dba-7.0.32-1.31.amzn1.x86_64
    php70-common-7.0.32-1.31.amzn1.x86_64
    php70-odbc-7.0.32-1.31.amzn1.x86_64
    php70-enchant-7.0.32-1.31.amzn1.x86_64
    php70-xmlrpc-7.0.32-1.31.amzn1.x86_64
    php70-7.0.32-1.31.amzn1.x86_64
    php70-opcache-7.0.32-1.31.amzn1.x86_64
    php70-mysqlnd-7.0.32-1.31.amzn1.x86_64
    php70-gmp-7.0.32-1.31.amzn1.x86_64
    php70-soap-7.0.32-1.31.amzn1.x86_64
    php70-bcmath-7.0.32-1.31.amzn1.x86_64
    php70-intl-7.0.32-1.31.amzn1.x86_64
    php70-debuginfo-7.0.32-1.31.amzn1.x86_64
    php70-zip-7.0.32-1.31.amzn1.x86_64
    php70-recode-7.0.32-1.31.amzn1.x86_64
    php70-embedded-7.0.32-1.31.amzn1.x86_64
    php70-mbstring-7.0.32-1.31.amzn1.x86_64
    php70-snmp-7.0.32-1.31.amzn1.x86_64
    php70-dbg-7.0.32-1.31.amzn1.x86_64
    php70-gd-7.0.32-1.31.amzn1.x86_64
    php70-tidy-7.0.32-1.31.amzn1.x86_64
    php70-pdo-dblib-7.0.32-1.31.amzn1.x86_64
    php70-process-7.0.32-1.31.amzn1.x86_64
    php70-json-7.0.32-1.31.amzn1.x86_64
    php70-imap-7.0.32-1.31.amzn1.x86_64
    php70-ldap-7.0.32-1.31.amzn1.x86_64
    php70-pdo-7.0.32-1.31.amzn1.x86_64
    php70-pspell-7.0.32-1.31.amzn1.x86_64
    php70-pgsql-7.0.32-1.31.amzn1.x86_64
    php70-devel-7.0.32-1.31.amzn1.x86_64
    php70-fpm-7.0.32-1.31.amzn1.x86_64
    php70-xml-7.0.32-1.31.amzn1.x86_64
    php70-mcrypt-7.0.32-1.31.amzn1.x86_64
    php70-cli-7.0.32-1.31.amzn1.x86_64
    php72-recode-7.2.11-1.6.amzn1.x86_64
    php72-tidy-7.2.11-1.6.amzn1.x86_64
    php72-dba-7.2.11-1.6.amzn1.x86_64
    php72-json-7.2.11-1.6.amzn1.x86_64
    php72-gd-7.2.11-1.6.amzn1.x86_64
    php72-devel-7.2.11-1.6.amzn1.x86_64
    php72-gmp-7.2.11-1.6.amzn1.x86_64
    php72-ldap-7.2.11-1.6.amzn1.x86_64
    php72-dbg-7.2.11-1.6.amzn1.x86_64
    php72-debuginfo-7.2.11-1.6.amzn1.x86_64
    php72-pgsql-7.2.11-1.6.amzn1.x86_64
    php72-odbc-7.2.11-1.6.amzn1.x86_64
    php72-xml-7.2.11-1.6.amzn1.x86_64
    php72-xmlrpc-7.2.11-1.6.amzn1.x86_64
    php72-pdo-7.2.11-1.6.amzn1.x86_64
    php72-7.2.11-1.6.amzn1.x86_64
    php72-snmp-7.2.11-1.6.amzn1.x86_64
    php72-bcmath-7.2.11-1.6.amzn1.x86_64
    php72-enchant-7.2.11-1.6.amzn1.x86_64
    php72-pdo-dblib-7.2.11-1.6.amzn1.x86_64
    php72-common-7.2.11-1.6.amzn1.x86_64
    php72-embedded-7.2.11-1.6.amzn1.x86_64
    php72-imap-7.2.11-1.6.amzn1.x86_64
    php72-mysqlnd-7.2.11-1.6.amzn1.x86_64
    php72-opcache-7.2.11-1.6.amzn1.x86_64
    php72-process-7.2.11-1.6.amzn1.x86_64
    php72-intl-7.2.11-1.6.amzn1.x86_64
    php72-pspell-7.2.11-1.6.amzn1.x86_64
    php72-mbstring-7.2.11-1.6.amzn1.x86_64
    php72-fpm-7.2.11-1.6.amzn1.x86_64
    php72-soap-7.2.11-1.6.amzn1.x86_64
    php72-cli-7.2.11-1.6.amzn1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started