Lucene search
AmazonALAS-2017-924HistoryNov 15, 2017 - 8:05 p.m.
Important: php56, php70, php71
2017-11-1520:05:00
alas.aws.amazon.com
26
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.4%
Issue Overview:
pcre: heap buffer overflow in handling of duplicate named groups (8.39/14)
The pcre_compile2 function in pcre_compile.c mishandles the /((?:F?+(?:^(?®a+\"){99}-))(?J)(?‘R’(?‘R’<((?‘RR’(?‘R’\\){97)?J)?J)(?‘R’(?‘R’\\){99|(:(?|(?‘R’)(\\k’R’)|((?‘R’)))H’R’R)(H’R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. (CVE-2016-1283)
Affected Packages:
php56, php70, php71
Issue Correction:
Run yum update php56 to update your system.
Run yum update php70 to update your system.
Run yum update php71 to update your system.
New Packages:
i686:
php56-mbstring-5.6.32-1.135.amzn1.i686
php56-snmp-5.6.32-1.135.amzn1.i686
php56-opcache-5.6.32-1.135.amzn1.i686
php56-debuginfo-5.6.32-1.135.amzn1.i686
php56-fpm-5.6.32-1.135.amzn1.i686
php56-common-5.6.32-1.135.amzn1.i686
php56-odbc-5.6.32-1.135.amzn1.i686
php56-mssql-5.6.32-1.135.amzn1.i686
php56-embedded-5.6.32-1.135.amzn1.i686
php56-process-5.6.32-1.135.amzn1.i686
php56-xmlrpc-5.6.32-1.135.amzn1.i686
php56-bcmath-5.6.32-1.135.amzn1.i686
php56-pgsql-5.6.32-1.135.amzn1.i686
php56-pspell-5.6.32-1.135.amzn1.i686
php56-dba-5.6.32-1.135.amzn1.i686
php56-mysqlnd-5.6.32-1.135.amzn1.i686
php56-recode-5.6.32-1.135.amzn1.i686
php56-ldap-5.6.32-1.135.amzn1.i686
php56-cli-5.6.32-1.135.amzn1.i686
php56-intl-5.6.32-1.135.amzn1.i686
php56-xml-5.6.32-1.135.amzn1.i686
php56-pdo-5.6.32-1.135.amzn1.i686
php56-dbg-5.6.32-1.135.amzn1.i686
php56-imap-5.6.32-1.135.amzn1.i686
php56-soap-5.6.32-1.135.amzn1.i686
php56-gmp-5.6.32-1.135.amzn1.i686
php56-mcrypt-5.6.32-1.135.amzn1.i686
php56-gd-5.6.32-1.135.amzn1.i686
php56-enchant-5.6.32-1.135.amzn1.i686
php56-tidy-5.6.32-1.135.amzn1.i686
php56-5.6.32-1.135.amzn1.i686
php56-devel-5.6.32-1.135.amzn1.i686
php71-xmlrpc-7.1.11-1.28.amzn1.i686
php71-mysqlnd-7.1.11-1.28.amzn1.i686
php71-gd-7.1.11-1.28.amzn1.i686
php71-pspell-7.1.11-1.28.amzn1.i686
php71-fpm-7.1.11-1.28.amzn1.i686
php71-process-7.1.11-1.28.amzn1.i686
php71-bcmath-7.1.11-1.28.amzn1.i686
php71-odbc-7.1.11-1.28.amzn1.i686
php71-pgsql-7.1.11-1.28.amzn1.i686
php71-pdo-dblib-7.1.11-1.28.amzn1.i686
php71-xml-7.1.11-1.28.amzn1.i686
php71-opcache-7.1.11-1.28.amzn1.i686
php71-embedded-7.1.11-1.28.amzn1.i686
php71-json-7.1.11-1.28.amzn1.i686
php71-dbg-7.1.11-1.28.amzn1.i686
php71-intl-7.1.11-1.28.amzn1.i686
php71-7.1.11-1.28.amzn1.i686
php71-pdo-7.1.11-1.28.amzn1.i686
php71-common-7.1.11-1.28.amzn1.i686
php71-imap-7.1.11-1.28.amzn1.i686
php71-tidy-7.1.11-1.28.amzn1.i686
php71-snmp-7.1.11-1.28.amzn1.i686
php71-cli-7.1.11-1.28.amzn1.i686
php71-mcrypt-7.1.11-1.28.amzn1.i686
php71-ldap-7.1.11-1.28.amzn1.i686
php71-recode-7.1.11-1.28.amzn1.i686
php71-gmp-7.1.11-1.28.amzn1.i686
php71-soap-7.1.11-1.28.amzn1.i686
php71-devel-7.1.11-1.28.amzn1.i686
php71-enchant-7.1.11-1.28.amzn1.i686
php71-dba-7.1.11-1.28.amzn1.i686
php71-debuginfo-7.1.11-1.28.amzn1.i686
php71-mbstring-7.1.11-1.28.amzn1.i686
php70-opcache-7.0.25-1.25.amzn1.i686
php70-json-7.0.25-1.25.amzn1.i686
php70-xml-7.0.25-1.25.amzn1.i686
php70-process-7.0.25-1.25.amzn1.i686
php70-devel-7.0.25-1.25.amzn1.i686
php70-recode-7.0.25-1.25.amzn1.i686
php70-ldap-7.0.25-1.25.amzn1.i686
php70-odbc-7.0.25-1.25.amzn1.i686
php70-bcmath-7.0.25-1.25.amzn1.i686
php70-zip-7.0.25-1.25.amzn1.i686
php70-pspell-7.0.25-1.25.amzn1.i686
php70-dba-7.0.25-1.25.amzn1.i686
php70-intl-7.0.25-1.25.amzn1.i686
php70-gmp-7.0.25-1.25.amzn1.i686
php70-7.0.25-1.25.amzn1.i686
php70-soap-7.0.25-1.25.amzn1.i686
php70-dbg-7.0.25-1.25.amzn1.i686
php70-xmlrpc-7.0.25-1.25.amzn1.i686
php70-embedded-7.0.25-1.25.amzn1.i686
php70-mbstring-7.0.25-1.25.amzn1.i686
php70-pdo-dblib-7.0.25-1.25.amzn1.i686
php70-mcrypt-7.0.25-1.25.amzn1.i686
php70-cli-7.0.25-1.25.amzn1.i686
php70-pgsql-7.0.25-1.25.amzn1.i686
php70-fpm-7.0.25-1.25.amzn1.i686
php70-mysqlnd-7.0.25-1.25.amzn1.i686
php70-debuginfo-7.0.25-1.25.amzn1.i686
php70-pdo-7.0.25-1.25.amzn1.i686
php70-tidy-7.0.25-1.25.amzn1.i686
php70-gd-7.0.25-1.25.amzn1.i686
php70-enchant-7.0.25-1.25.amzn1.i686
php70-snmp-7.0.25-1.25.amzn1.i686
php70-common-7.0.25-1.25.amzn1.i686
php70-imap-7.0.25-1.25.amzn1.i686
src:
php56-5.6.32-1.135.amzn1.src
php71-7.1.11-1.28.amzn1.src
php70-7.0.25-1.25.amzn1.src
x86_64:
php56-ldap-5.6.32-1.135.amzn1.x86_64
php56-gmp-5.6.32-1.135.amzn1.x86_64
php56-common-5.6.32-1.135.amzn1.x86_64
php56-xml-5.6.32-1.135.amzn1.x86_64
php56-5.6.32-1.135.amzn1.x86_64
php56-snmp-5.6.32-1.135.amzn1.x86_64
php56-pgsql-5.6.32-1.135.amzn1.x86_64
php56-pspell-5.6.32-1.135.amzn1.x86_64
php56-cli-5.6.32-1.135.amzn1.x86_64
php56-fpm-5.6.32-1.135.amzn1.x86_64
php56-process-5.6.32-1.135.amzn1.x86_64
php56-mcrypt-5.6.32-1.135.amzn1.x86_64
php56-opcache-5.6.32-1.135.amzn1.x86_64
php56-enchant-5.6.32-1.135.amzn1.x86_64
php56-mssql-5.6.32-1.135.amzn1.x86_64
php56-dba-5.6.32-1.135.amzn1.x86_64
php56-dbg-5.6.32-1.135.amzn1.x86_64
php56-gd-5.6.32-1.135.amzn1.x86_64
php56-embedded-5.6.32-1.135.amzn1.x86_64
php56-recode-5.6.32-1.135.amzn1.x86_64
php56-tidy-5.6.32-1.135.amzn1.x86_64
php56-mbstring-5.6.32-1.135.amzn1.x86_64
php56-pdo-5.6.32-1.135.amzn1.x86_64
php56-xmlrpc-5.6.32-1.135.amzn1.x86_64
php56-devel-5.6.32-1.135.amzn1.x86_64
php56-intl-5.6.32-1.135.amzn1.x86_64
php56-bcmath-5.6.32-1.135.amzn1.x86_64
php56-debuginfo-5.6.32-1.135.amzn1.x86_64
php56-soap-5.6.32-1.135.amzn1.x86_64
php56-mysqlnd-5.6.32-1.135.amzn1.x86_64
php56-imap-5.6.32-1.135.amzn1.x86_64
php56-odbc-5.6.32-1.135.amzn1.x86_64
php71-intl-7.1.11-1.28.amzn1.x86_64
php71-snmp-7.1.11-1.28.amzn1.x86_64
php71-enchant-7.1.11-1.28.amzn1.x86_64
php71-embedded-7.1.11-1.28.amzn1.x86_64
php71-gd-7.1.11-1.28.amzn1.x86_64
php71-common-7.1.11-1.28.amzn1.x86_64
php71-mbstring-7.1.11-1.28.amzn1.x86_64
php71-pdo-dblib-7.1.11-1.28.amzn1.x86_64
php71-soap-7.1.11-1.28.amzn1.x86_64
php71-ldap-7.1.11-1.28.amzn1.x86_64
php71-imap-7.1.11-1.28.amzn1.x86_64
php71-dba-7.1.11-1.28.amzn1.x86_64
php71-json-7.1.11-1.28.amzn1.x86_64
php71-debuginfo-7.1.11-1.28.amzn1.x86_64
php71-7.1.11-1.28.amzn1.x86_64
php71-xmlrpc-7.1.11-1.28.amzn1.x86_64
php71-gmp-7.1.11-1.28.amzn1.x86_64
php71-recode-7.1.11-1.28.amzn1.x86_64
php71-opcache-7.1.11-1.28.amzn1.x86_64
php71-pspell-7.1.11-1.28.amzn1.x86_64
php71-mcrypt-7.1.11-1.28.amzn1.x86_64
php71-odbc-7.1.11-1.28.amzn1.x86_64
php71-xml-7.1.11-1.28.amzn1.x86_64
php71-fpm-7.1.11-1.28.amzn1.x86_64
php71-dbg-7.1.11-1.28.amzn1.x86_64
php71-process-7.1.11-1.28.amzn1.x86_64
php71-pgsql-7.1.11-1.28.amzn1.x86_64
php71-cli-7.1.11-1.28.amzn1.x86_64
php71-devel-7.1.11-1.28.amzn1.x86_64
php71-bcmath-7.1.11-1.28.amzn1.x86_64
php71-tidy-7.1.11-1.28.amzn1.x86_64
php71-mysqlnd-7.1.11-1.28.amzn1.x86_64
php71-pdo-7.1.11-1.28.amzn1.x86_64
php70-devel-7.0.25-1.25.amzn1.x86_64
php70-dba-7.0.25-1.25.amzn1.x86_64
php70-pgsql-7.0.25-1.25.amzn1.x86_64
php70-pdo-dblib-7.0.25-1.25.amzn1.x86_64
php70-zip-7.0.25-1.25.amzn1.x86_64
php70-tidy-7.0.25-1.25.amzn1.x86_64
php70-opcache-7.0.25-1.25.amzn1.x86_64
php70-xml-7.0.25-1.25.amzn1.x86_64
php70-7.0.25-1.25.amzn1.x86_64
php70-dbg-7.0.25-1.25.amzn1.x86_64
php70-mcrypt-7.0.25-1.25.amzn1.x86_64
php70-enchant-7.0.25-1.25.amzn1.x86_64
php70-odbc-7.0.25-1.25.amzn1.x86_64
php70-xmlrpc-7.0.25-1.25.amzn1.x86_64
php70-common-7.0.25-1.25.amzn1.x86_64
php70-gd-7.0.25-1.25.amzn1.x86_64
php70-gmp-7.0.25-1.25.amzn1.x86_64
php70-intl-7.0.25-1.25.amzn1.x86_64
php70-pspell-7.0.25-1.25.amzn1.x86_64
php70-mbstring-7.0.25-1.25.amzn1.x86_64
php70-fpm-7.0.25-1.25.amzn1.x86_64
php70-imap-7.0.25-1.25.amzn1.x86_64
php70-mysqlnd-7.0.25-1.25.amzn1.x86_64
php70-ldap-7.0.25-1.25.amzn1.x86_64
php70-snmp-7.0.25-1.25.amzn1.x86_64
php70-json-7.0.25-1.25.amzn1.x86_64
php70-cli-7.0.25-1.25.amzn1.x86_64
php70-soap-7.0.25-1.25.amzn1.x86_64
php70-pdo-7.0.25-1.25.amzn1.x86_64
php70-process-7.0.25-1.25.amzn1.x86_64
php70-bcmath-7.0.25-1.25.amzn1.x86_64
php70-debuginfo-7.0.25-1.25.amzn1.x86_64
php70-recode-7.0.25-1.25.amzn1.x86_64
php70-embedded-7.0.25-1.25.amzn1.x86_64
Additional References
Red Hat: CVE-2016-1283
Mitre: CVE-2016-1283
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | php56-mbstring | < 5.6.32-1.135.amzn1 | php56-mbstring-5.6.32-1.135.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-snmp | < 5.6.32-1.135.amzn1 | php56-snmp-5.6.32-1.135.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-opcache | < 5.6.32-1.135.amzn1 | php56-opcache-5.6.32-1.135.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-debuginfo | < 5.6.32-1.135.amzn1 | php56-debuginfo-5.6.32-1.135.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-fpm | < 5.6.32-1.135.amzn1 | php56-fpm-5.6.32-1.135.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-common | < 5.6.32-1.135.amzn1 | php56-common-5.6.32-1.135.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-odbc | < 5.6.32-1.135.amzn1 | php56-odbc-5.6.32-1.135.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-mssql | < 5.6.32-1.135.amzn1 | php56-mssql-5.6.32-1.135.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-embedded | < 5.6.32-1.135.amzn1 | php56-embedded-5.6.32-1.135.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-process | < 5.6.32-1.135.amzn1 | php56-process-5.6.32-1.135.amzn1.i686.rpm |
Related
fedora
fedora
[SECURITY] Fedora 26 Update: php-7.1.11-1.fc26
2017-11-07 22:21:20
[SECURITY] Fedora 23 Update: pcre-8.38-6.fc23
2016-03-02 01:52:19
[SECURITY] Fedora 27 Update: php-7.1.11-1.fc27
2017-11-15 17:57:08
nessus
nessus
Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2017-300-01)
2017-10-30 00:00:00
Fedora 23 : pcre-8.38-6.fc23 (2016-65833b5dbc)
2016-03-04 00:00:00
Fedora 26 : php (2017-0af85ae851)
2017-11-08 00:00:00
osv
osv
CVE-2016-1283
2016-01-03 00:59:00
f5
f5
SOL98009539 - PHP/PCRE vulnerability CVE-2016-1283
2016-10-07 00:00:00
K98009539 : PHP/PCRE vulnerability CVE-2016-1283
2016-10-07 00:00:00
slackware
slackware
[slackware-security] php
2017-10-27 20:55:24
[slackware-security] pcre
2016-06-20 21:53:15
cve
cve
CVE-2016-1283
2016-01-03 00:59:00
openvas
openvas
Fedora Update for php FEDORA-2017-0af85ae851
2017-11-08 00:00:00
Slackware: Security Advisory (SSA:2017-300-01)
2022-04-21 00:00:00
Slackware: Security Advisory (SSA:2016-172-02)
2022-04-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package php7 version 7.1.11-alt1
2017-11-03 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 7.1.11-alt1
2017-11-03 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 7.1.11-alt1
2017-11-03 00:00:00
debiancve
debiancve
CVE-2016-1283
2016-01-03 00:59:00
ibm
ibm
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:34:23
freebsd
freebsd
pcre -- heap overflow vulnerability
2016-02-27 00:00:00
PHP -- denial of service attack
2017-10-26 00:00:00
alpinelinux
alpinelinux
CVE-2016-1283
2016-01-03 00:59:00
archlinux
archlinux
pcre: arbitrary code execution
2016-03-13 00:00:00
prion
prion
Heap overflow
2016-01-03 00:59:00
ubuntucve
ubuntucve
CVE-2016-1283
2016-01-02 00:00:00
mageia
mageia
Updated pcre packages fix security vulnerabilities
2016-05-24 01:00:58
gentoo
gentoo
libpcre: Multiple Vulnerabilities
2016-07-09 00:00:00
symantec
symantec
SA128 : Multiple PCRE Vulnerabilities
2016-07-07 08:00:00
ubuntu
ubuntu
PCRE vulnerabilities
2016-03-29 00:00:00
redhat
redhat
(RHSA-2016:1132) Important: rh-mariadb100-mariadb security update
2016-05-26 08:10:09
suse
suse
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.4%
Related for ALAS-2017-924