Critical: php

2013-12-1721:29:00

alas.aws.amazon.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.95 High

EPSS

Percentile

99.3%

JSON

Issue Overview:

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

Affected Packages:

php

Issue Correction:
Run yum update php to update your system.

New Packages:

i686:  
    php-mysqlnd-5.3.28-1.2.amzn1.i686  
    php-snmp-5.3.28-1.2.amzn1.i686  
    php-debuginfo-5.3.28-1.2.amzn1.i686  
    php-common-5.3.28-1.2.amzn1.i686  
    php-imap-5.3.28-1.2.amzn1.i686  
    php-fpm-5.3.28-1.2.amzn1.i686  
    php-enchant-5.3.28-1.2.amzn1.i686  
    php-mcrypt-5.3.28-1.2.amzn1.i686  
    php-mbstring-5.3.28-1.2.amzn1.i686  
    php-dba-5.3.28-1.2.amzn1.i686  
    php-odbc-5.3.28-1.2.amzn1.i686  
    php-ldap-5.3.28-1.2.amzn1.i686  
    php-pgsql-5.3.28-1.2.amzn1.i686  
    php-5.3.28-1.2.amzn1.i686  
    php-soap-5.3.28-1.2.amzn1.i686  
    php-recode-5.3.28-1.2.amzn1.i686  
    php-mysql-5.3.28-1.2.amzn1.i686  
    php-xml-5.3.28-1.2.amzn1.i686  
    php-pspell-5.3.28-1.2.amzn1.i686  
    php-mssql-5.3.28-1.2.amzn1.i686  
    php-bcmath-5.3.28-1.2.amzn1.i686  
    php-cli-5.3.28-1.2.amzn1.i686  
    php-process-5.3.28-1.2.amzn1.i686  
    php-embedded-5.3.28-1.2.amzn1.i686  
    php-pdo-5.3.28-1.2.amzn1.i686  
    php-intl-5.3.28-1.2.amzn1.i686  
    php-xmlrpc-5.3.28-1.2.amzn1.i686  
    php-gd-5.3.28-1.2.amzn1.i686  
    php-tidy-5.3.28-1.2.amzn1.i686  
    php-devel-5.3.28-1.2.amzn1.i686  
  
src:  
    php-5.3.28-1.2.amzn1.src  
  
x86_64:  
    php-common-5.3.28-1.2.amzn1.x86_64  
    php-mssql-5.3.28-1.2.amzn1.x86_64  
    php-mysql-5.3.28-1.2.amzn1.x86_64  
    php-soap-5.3.28-1.2.amzn1.x86_64  
    php-odbc-5.3.28-1.2.amzn1.x86_64  
    php-recode-5.3.28-1.2.amzn1.x86_64  
    php-mysqlnd-5.3.28-1.2.amzn1.x86_64  
    php-xmlrpc-5.3.28-1.2.amzn1.x86_64  
    php-embedded-5.3.28-1.2.amzn1.x86_64  
    php-enchant-5.3.28-1.2.amzn1.x86_64  
    php-dba-5.3.28-1.2.amzn1.x86_64  
    php-cli-5.3.28-1.2.amzn1.x86_64  
    php-snmp-5.3.28-1.2.amzn1.x86_64  
    php-mcrypt-5.3.28-1.2.amzn1.x86_64  
    php-pgsql-5.3.28-1.2.amzn1.x86_64  
    php-imap-5.3.28-1.2.amzn1.x86_64  
    php-pspell-5.3.28-1.2.amzn1.x86_64  
    php-bcmath-5.3.28-1.2.amzn1.x86_64  
    php-devel-5.3.28-1.2.amzn1.x86_64  
    php-fpm-5.3.28-1.2.amzn1.x86_64  
    php-ldap-5.3.28-1.2.amzn1.x86_64  
    php-mbstring-5.3.28-1.2.amzn1.x86_64  
    php-gd-5.3.28-1.2.amzn1.x86_64  
    php-xml-5.3.28-1.2.amzn1.x86_64  
    php-5.3.28-1.2.amzn1.x86_64  
    php-debuginfo-5.3.28-1.2.amzn1.x86_64  
    php-tidy-5.3.28-1.2.amzn1.x86_64  
    php-pdo-5.3.28-1.2.amzn1.x86_64  
    php-intl-5.3.28-1.2.amzn1.x86_64  
    php-process-5.3.28-1.2.amzn1.x86_64

Additional References

Red Hat: CVE-2013-6420

Mitre: CVE-2013-6420

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686php-mysqlnd< 5.3.28-1.2.amzn1php-mysqlnd-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux1i686php-snmp< 5.3.28-1.2.amzn1php-snmp-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux1i686php-debuginfo< 5.3.28-1.2.amzn1php-debuginfo-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux1i686php-common< 5.3.28-1.2.amzn1php-common-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux1i686php-imap< 5.3.28-1.2.amzn1php-imap-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux1i686php-fpm< 5.3.28-1.2.amzn1php-fpm-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux1i686php-enchant< 5.3.28-1.2.amzn1php-enchant-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux1i686php-mcrypt< 5.3.28-1.2.amzn1php-mcrypt-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux1i686php-mbstring< 5.3.28-1.2.amzn1php-mbstring-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux1i686php-dba< 5.3.28-1.2.amzn1php-dba-5.3.28-1.2.amzn1.i686.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	i686	php-mysqlnd	< 5.3.28-1.2.amzn1	php-mysqlnd-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux	1	i686	php-snmp	< 5.3.28-1.2.amzn1	php-snmp-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux	1	i686	php-debuginfo	< 5.3.28-1.2.amzn1	php-debuginfo-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux	1	i686	php-common	< 5.3.28-1.2.amzn1	php-common-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux	1	i686	php-imap	< 5.3.28-1.2.amzn1	php-imap-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux	1	i686	php-fpm	< 5.3.28-1.2.amzn1	php-fpm-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux	1	i686	php-enchant	< 5.3.28-1.2.amzn1	php-enchant-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux	1	i686	php-mcrypt	< 5.3.28-1.2.amzn1	php-mcrypt-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux	1	i686	php-mbstring	< 5.3.28-1.2.amzn1	php-mbstring-5.3.28-1.2.amzn1.i686.rpm
Amazon Linux	1	i686	php-dba	< 5.3.28-1.2.amzn1	php-dba-5.3.28-1.2.amzn1.i686.rpm