Lucene search
AmazonALAS-2013-264HistoryDec 17, 2013 - 9:29 p.m.
Critical: php55
2013-12-1721:29:00
alas.aws.amazon.com
20
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.95 High
EPSS
Percentile
99.3%
Issue Overview:
A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.
Affected Packages:
php55
Issue Correction:
Run yum update php55 to update your system.
New Packages:
i686:
php55-gd-5.5.7-1.61.amzn1.i686
php55-pspell-5.5.7-1.61.amzn1.i686
php55-ldap-5.5.7-1.61.amzn1.i686
php55-cli-5.5.7-1.61.amzn1.i686
php55-process-5.5.7-1.61.amzn1.i686
php55-tidy-5.5.7-1.61.amzn1.i686
php55-recode-5.5.7-1.61.amzn1.i686
php55-snmp-5.5.7-1.61.amzn1.i686
php55-pgsql-5.5.7-1.61.amzn1.i686
php55-mysqlnd-5.5.7-1.61.amzn1.i686
php55-imap-5.5.7-1.61.amzn1.i686
php55-pdo-5.5.7-1.61.amzn1.i686
php55-debuginfo-5.5.7-1.61.amzn1.i686
php55-odbc-5.5.7-1.61.amzn1.i686
php55-fpm-5.5.7-1.61.amzn1.i686
php55-opcache-5.5.7-1.61.amzn1.i686
php55-bcmath-5.5.7-1.61.amzn1.i686
php55-soap-5.5.7-1.61.amzn1.i686
php55-common-5.5.7-1.61.amzn1.i686
php55-devel-5.5.7-1.61.amzn1.i686
php55-xml-5.5.7-1.61.amzn1.i686
php55-intl-5.5.7-1.61.amzn1.i686
php55-embedded-5.5.7-1.61.amzn1.i686
php55-gmp-5.5.7-1.61.amzn1.i686
php55-enchant-5.5.7-1.61.amzn1.i686
php55-mbstring-5.5.7-1.61.amzn1.i686
php55-mcrypt-5.5.7-1.61.amzn1.i686
php55-dba-5.5.7-1.61.amzn1.i686
php55-mssql-5.5.7-1.61.amzn1.i686
php55-xmlrpc-5.5.7-1.61.amzn1.i686
php55-5.5.7-1.61.amzn1.i686
src:
php55-5.5.7-1.61.amzn1.src
x86_64:
php55-cli-5.5.7-1.61.amzn1.x86_64
php55-5.5.7-1.61.amzn1.x86_64
php55-gd-5.5.7-1.61.amzn1.x86_64
php55-recode-5.5.7-1.61.amzn1.x86_64
php55-fpm-5.5.7-1.61.amzn1.x86_64
php55-mssql-5.5.7-1.61.amzn1.x86_64
php55-dba-5.5.7-1.61.amzn1.x86_64
php55-soap-5.5.7-1.61.amzn1.x86_64
php55-snmp-5.5.7-1.61.amzn1.x86_64
php55-embedded-5.5.7-1.61.amzn1.x86_64
php55-imap-5.5.7-1.61.amzn1.x86_64
php55-opcache-5.5.7-1.61.amzn1.x86_64
php55-mcrypt-5.5.7-1.61.amzn1.x86_64
php55-pspell-5.5.7-1.61.amzn1.x86_64
php55-xml-5.5.7-1.61.amzn1.x86_64
php55-pgsql-5.5.7-1.61.amzn1.x86_64
php55-intl-5.5.7-1.61.amzn1.x86_64
php55-gmp-5.5.7-1.61.amzn1.x86_64
php55-process-5.5.7-1.61.amzn1.x86_64
php55-odbc-5.5.7-1.61.amzn1.x86_64
php55-tidy-5.5.7-1.61.amzn1.x86_64
php55-ldap-5.5.7-1.61.amzn1.x86_64
php55-mbstring-5.5.7-1.61.amzn1.x86_64
php55-common-5.5.7-1.61.amzn1.x86_64
php55-bcmath-5.5.7-1.61.amzn1.x86_64
php55-devel-5.5.7-1.61.amzn1.x86_64
php55-pdo-5.5.7-1.61.amzn1.x86_64
php55-xmlrpc-5.5.7-1.61.amzn1.x86_64
php55-mysqlnd-5.5.7-1.61.amzn1.x86_64
php55-enchant-5.5.7-1.61.amzn1.x86_64
php55-debuginfo-5.5.7-1.61.amzn1.x86_64
Additional References
Red Hat: CVE-2013-6420
Mitre: CVE-2013-6420
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | php55-gd | < 5.5.7-1.61.amzn1 | php55-gd-5.5.7-1.61.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-pspell | < 5.5.7-1.61.amzn1 | php55-pspell-5.5.7-1.61.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-ldap | < 5.5.7-1.61.amzn1 | php55-ldap-5.5.7-1.61.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-cli | < 5.5.7-1.61.amzn1 | php55-cli-5.5.7-1.61.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-process | < 5.5.7-1.61.amzn1 | php55-process-5.5.7-1.61.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-tidy | < 5.5.7-1.61.amzn1 | php55-tidy-5.5.7-1.61.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-recode | < 5.5.7-1.61.amzn1 | php55-recode-5.5.7-1.61.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-snmp | < 5.5.7-1.61.amzn1 | php55-snmp-5.5.7-1.61.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-pgsql | < 5.5.7-1.61.amzn1 | php55-pgsql-5.5.7-1.61.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-mysqlnd | < 5.5.7-1.61.amzn1 | php55-mysqlnd-5.5.7-1.61.amzn1.i686.rpm |
Related
checkpoint_advisories
checkpoint_advisories
PHP OpenSSL Extension X.509 Certificate Memory Corruption (CVE-2013-6420)
2013-12-26 00:00:00
openvas
openvas
Oracle Linux Local Check: ELSA-2013-1813
2015-10-06 00:00:00
CentOS Update for php CESA-2013:1813 centos6
2013-12-17 00:00:00
CentOS Update for php53 CESA-2013:1813 centos5
2013-12-17 00:00:00
redhat
redhat
(RHSA-2013:1825) Critical: php53 security update
2013-12-11 00:00:00
(RHSA-2013:1813) Critical: php53 and php security update
2013-12-11 00:00:00
(RHSA-2013:1826) Critical: php security update
2013-12-12 00:00:00
nessus
nessus
CentOS 5 / 6 : php / php53 (CESA-2013:1813)
2013-12-12 00:00:00
Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20131211)
2013-12-12 00:00:00
Amazon Linux AMI : php (ALAS-2013-262)
2013-12-23 00:00:00
seebug
seebug
PHP OpenSSL Extension 'openssl_x509_parse()'内存破坏漏洞
2013-12-18 00:00:00
PHP openssl_x509_parse() - Memory Corruption Vulnerability
2014-07-01 00:00:00
packetstorm
packetstorm
PHP openssl_x509_parse() Memory Corruption
2013-12-15 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 08:53:15
cve
cve
CVE-2013-6420
2013-12-17 04:46:00
fedora
fedora
[SECURITY] Fedora 20 Update: php-5.5.7-1.fc20
2013-12-20 02:06:02
[SECURITY] Fedora 20 Update: php-5.5.12-1.fc20
2014-05-06 03:27:27
[SECURITY] Fedora 20 Update: php-5.5.11-1.fc20
2014-04-15 15:57:56
zdt
zdt
PHP openssl_x509_parse() Memory Corruption Vulnerability
2013-12-16 00:00:00
PHP openssl_x509_parse() Memory Corruption Vulnerability
2013-12-17 00:00:00
amazon
amazon
Critical: php54
2013-12-17 21:29:00
Critical: php
2013-12-17 21:29:00
slackware
slackware
php
2014-01-13 22:30:32
securityvulns
securityvulns
Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability
2013-12-30 00:00:00
[ MDVSA-2013:298 ] php
2013-12-24 00:00:00
PHP memory corruption
2013-12-30 00:00:00
hackerone
hackerone
centos
centos
php, php53 security update
2013-12-11 09:25:38
php security update
2013-12-11 09:34:01
ubuntucve
ubuntucve
CVE-2013-6420
2013-12-11 00:00:00
f5
f5
K15110 : PHP Vulnerability CVE-2013-6420
2014-05-23 00:00:00
SOL15110 - PHP Vulnerability CVE-2013-6420
2014-03-27 00:00:00
prion
prion
Memory corruption
2013-12-17 04:46:00
oraclelinux
oraclelinux
php53 and php security update
2013-12-10 00:00:00
php security update
2013-12-10 00:00:00
exploitpack
exploitpack
PHP - openssl_x509_parse() Memory Corruption
2013-12-17 00:00:00
freebsd
freebsd
PHP5 -- memory corruption in openssl_x509_parse()
2013-12-13 00:00:00
exploitdb
exploitdb
PHP - 'openssl_x509_parse()' Memory Corruption
2013-12-17 00:00:00
osv
osv
php5 - several
2013-12-12 00:00:00
mageia
mageia
Updated php packages fix multiple security vulnerabilities
2013-12-20 01:08:56
ubuntu
ubuntu
PHP vulnerabilities
2013-12-12 00:00:00
debian
debian
[SECURITY] [DSA 2816-1] php5 security update
2013-12-12 21:18:13
suse
suse
Security update for PHP5 (important)
2014-07-07 19:04:42
Security update for PHP5 (important)
2014-07-05 02:05:05
ibm
ibm
Security Bulletin: Vulnerabilities in PHP affect IBM Chassis Management Module (CMM) (CVE-2013-4248, CVE-2013-6420, CVE-2014-2497, CVE-2014-4049)
2019-01-31 01:55:01
kaspersky
kaspersky
KLA10458 Multiple vulnerabilities in HP SMH
2014-01-10 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2014-08-29 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.95 High
EPSS
Percentile
99.3%
Related for ALAS-2013-264