Lucene search

K
amazonAmazonALAS-2013-263
HistoryDec 17, 2013 - 9:29 p.m.

Critical: php54

2013-12-1721:29:00
alas.aws.amazon.com
32

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.95 High

EPSS

Percentile

99.3%

Issue Overview:

A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.

Affected Packages:

php54

Issue Correction:
Run yum update php54 to update your system.

New Packages:

i686:  
    php54-recode-5.4.23-1.49.amzn1.i686  
    php54-mysqlnd-5.4.23-1.49.amzn1.i686  
    php54-enchant-5.4.23-1.49.amzn1.i686  
    php54-common-5.4.23-1.49.amzn1.i686  
    php54-xml-5.4.23-1.49.amzn1.i686  
    php54-imap-5.4.23-1.49.amzn1.i686  
    php54-tidy-5.4.23-1.49.amzn1.i686  
    php54-process-5.4.23-1.49.amzn1.i686  
    php54-snmp-5.4.23-1.49.amzn1.i686  
    php54-gd-5.4.23-1.49.amzn1.i686  
    php54-soap-5.4.23-1.49.amzn1.i686  
    php54-mssql-5.4.23-1.49.amzn1.i686  
    php54-embedded-5.4.23-1.49.amzn1.i686  
    php54-5.4.23-1.49.amzn1.i686  
    php54-ldap-5.4.23-1.49.amzn1.i686  
    php54-pgsql-5.4.23-1.49.amzn1.i686  
    php54-fpm-5.4.23-1.49.amzn1.i686  
    php54-odbc-5.4.23-1.49.amzn1.i686  
    php54-pspell-5.4.23-1.49.amzn1.i686  
    php54-devel-5.4.23-1.49.amzn1.i686  
    php54-intl-5.4.23-1.49.amzn1.i686  
    php54-pdo-5.4.23-1.49.amzn1.i686  
    php54-cli-5.4.23-1.49.amzn1.i686  
    php54-mbstring-5.4.23-1.49.amzn1.i686  
    php54-mcrypt-5.4.23-1.49.amzn1.i686  
    php54-xmlrpc-5.4.23-1.49.amzn1.i686  
    php54-dba-5.4.23-1.49.amzn1.i686  
    php54-bcmath-5.4.23-1.49.amzn1.i686  
    php54-mysql-5.4.23-1.49.amzn1.i686  
    php54-debuginfo-5.4.23-1.49.amzn1.i686  
  
src:  
    php54-5.4.23-1.49.amzn1.src  
  
x86_64:  
    php54-xml-5.4.23-1.49.amzn1.x86_64  
    php54-xmlrpc-5.4.23-1.49.amzn1.x86_64  
    php54-gd-5.4.23-1.49.amzn1.x86_64  
    php54-recode-5.4.23-1.49.amzn1.x86_64  
    php54-pgsql-5.4.23-1.49.amzn1.x86_64  
    php54-mssql-5.4.23-1.49.amzn1.x86_64  
    php54-mcrypt-5.4.23-1.49.amzn1.x86_64  
    php54-odbc-5.4.23-1.49.amzn1.x86_64  
    php54-fpm-5.4.23-1.49.amzn1.x86_64  
    php54-pspell-5.4.23-1.49.amzn1.x86_64  
    php54-soap-5.4.23-1.49.amzn1.x86_64  
    php54-enchant-5.4.23-1.49.amzn1.x86_64  
    php54-common-5.4.23-1.49.amzn1.x86_64  
    php54-bcmath-5.4.23-1.49.amzn1.x86_64  
    php54-cli-5.4.23-1.49.amzn1.x86_64  
    php54-5.4.23-1.49.amzn1.x86_64  
    php54-snmp-5.4.23-1.49.amzn1.x86_64  
    php54-pdo-5.4.23-1.49.amzn1.x86_64  
    php54-mysql-5.4.23-1.49.amzn1.x86_64  
    php54-embedded-5.4.23-1.49.amzn1.x86_64  
    php54-intl-5.4.23-1.49.amzn1.x86_64  
    php54-process-5.4.23-1.49.amzn1.x86_64  
    php54-imap-5.4.23-1.49.amzn1.x86_64  
    php54-ldap-5.4.23-1.49.amzn1.x86_64  
    php54-tidy-5.4.23-1.49.amzn1.x86_64  
    php54-devel-5.4.23-1.49.amzn1.x86_64  
    php54-dba-5.4.23-1.49.amzn1.x86_64  
    php54-debuginfo-5.4.23-1.49.amzn1.x86_64  
    php54-mysqlnd-5.4.23-1.49.amzn1.x86_64  
    php54-mbstring-5.4.23-1.49.amzn1.x86_64  

Additional References

Red Hat: CVE-2013-6420

Mitre: CVE-2013-6420

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.95 High

EPSS

Percentile

99.3%