7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.95 High
EPSS
Percentile
99.3%
Issue Overview:
A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.
Affected Packages:
php54
Issue Correction:
Run yum update php54 to update your system.
New Packages:
i686:
php54-recode-5.4.23-1.49.amzn1.i686
php54-mysqlnd-5.4.23-1.49.amzn1.i686
php54-enchant-5.4.23-1.49.amzn1.i686
php54-common-5.4.23-1.49.amzn1.i686
php54-xml-5.4.23-1.49.amzn1.i686
php54-imap-5.4.23-1.49.amzn1.i686
php54-tidy-5.4.23-1.49.amzn1.i686
php54-process-5.4.23-1.49.amzn1.i686
php54-snmp-5.4.23-1.49.amzn1.i686
php54-gd-5.4.23-1.49.amzn1.i686
php54-soap-5.4.23-1.49.amzn1.i686
php54-mssql-5.4.23-1.49.amzn1.i686
php54-embedded-5.4.23-1.49.amzn1.i686
php54-5.4.23-1.49.amzn1.i686
php54-ldap-5.4.23-1.49.amzn1.i686
php54-pgsql-5.4.23-1.49.amzn1.i686
php54-fpm-5.4.23-1.49.amzn1.i686
php54-odbc-5.4.23-1.49.amzn1.i686
php54-pspell-5.4.23-1.49.amzn1.i686
php54-devel-5.4.23-1.49.amzn1.i686
php54-intl-5.4.23-1.49.amzn1.i686
php54-pdo-5.4.23-1.49.amzn1.i686
php54-cli-5.4.23-1.49.amzn1.i686
php54-mbstring-5.4.23-1.49.amzn1.i686
php54-mcrypt-5.4.23-1.49.amzn1.i686
php54-xmlrpc-5.4.23-1.49.amzn1.i686
php54-dba-5.4.23-1.49.amzn1.i686
php54-bcmath-5.4.23-1.49.amzn1.i686
php54-mysql-5.4.23-1.49.amzn1.i686
php54-debuginfo-5.4.23-1.49.amzn1.i686
src:
php54-5.4.23-1.49.amzn1.src
x86_64:
php54-xml-5.4.23-1.49.amzn1.x86_64
php54-xmlrpc-5.4.23-1.49.amzn1.x86_64
php54-gd-5.4.23-1.49.amzn1.x86_64
php54-recode-5.4.23-1.49.amzn1.x86_64
php54-pgsql-5.4.23-1.49.amzn1.x86_64
php54-mssql-5.4.23-1.49.amzn1.x86_64
php54-mcrypt-5.4.23-1.49.amzn1.x86_64
php54-odbc-5.4.23-1.49.amzn1.x86_64
php54-fpm-5.4.23-1.49.amzn1.x86_64
php54-pspell-5.4.23-1.49.amzn1.x86_64
php54-soap-5.4.23-1.49.amzn1.x86_64
php54-enchant-5.4.23-1.49.amzn1.x86_64
php54-common-5.4.23-1.49.amzn1.x86_64
php54-bcmath-5.4.23-1.49.amzn1.x86_64
php54-cli-5.4.23-1.49.amzn1.x86_64
php54-5.4.23-1.49.amzn1.x86_64
php54-snmp-5.4.23-1.49.amzn1.x86_64
php54-pdo-5.4.23-1.49.amzn1.x86_64
php54-mysql-5.4.23-1.49.amzn1.x86_64
php54-embedded-5.4.23-1.49.amzn1.x86_64
php54-intl-5.4.23-1.49.amzn1.x86_64
php54-process-5.4.23-1.49.amzn1.x86_64
php54-imap-5.4.23-1.49.amzn1.x86_64
php54-ldap-5.4.23-1.49.amzn1.x86_64
php54-tidy-5.4.23-1.49.amzn1.x86_64
php54-devel-5.4.23-1.49.amzn1.x86_64
php54-dba-5.4.23-1.49.amzn1.x86_64
php54-debuginfo-5.4.23-1.49.amzn1.x86_64
php54-mysqlnd-5.4.23-1.49.amzn1.x86_64
php54-mbstring-5.4.23-1.49.amzn1.x86_64
Red Hat: CVE-2013-6420
Mitre: CVE-2013-6420
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | php54-recode | < 5.4.23-1.49.amzn1 | php54-recode-5.4.23-1.49.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php54-mysqlnd | < 5.4.23-1.49.amzn1 | php54-mysqlnd-5.4.23-1.49.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php54-enchant | < 5.4.23-1.49.amzn1 | php54-enchant-5.4.23-1.49.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php54-common | < 5.4.23-1.49.amzn1 | php54-common-5.4.23-1.49.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php54-xml | < 5.4.23-1.49.amzn1 | php54-xml-5.4.23-1.49.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php54-imap | < 5.4.23-1.49.amzn1 | php54-imap-5.4.23-1.49.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php54-tidy | < 5.4.23-1.49.amzn1 | php54-tidy-5.4.23-1.49.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php54-process | < 5.4.23-1.49.amzn1 | php54-process-5.4.23-1.49.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php54-snmp | < 5.4.23-1.49.amzn1 | php54-snmp-5.4.23-1.49.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php54-gd | < 5.4.23-1.49.amzn1 | php54-gd-5.4.23-1.49.amzn1.i686.rpm |