Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2018-5712 CVE-2018-5711 |
CWE-ID | CWE-79 CWE-835 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Amazon Linux AMI Operating systems & Components / Operating system |
Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU10389
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5712
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists on the PHAR 404 error page due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Update the affected packages.
i686:Vulnerable software versions
php71-soap-7.1.13-1.30.amzn1.i686
php71-intl-7.1.13-1.30.amzn1.i686
php71-ldap-7.1.13-1.30.amzn1.i686
php71-7.1.13-1.30.amzn1.i686
php71-pspell-7.1.13-1.30.amzn1.i686
php71-opcache-7.1.13-1.30.amzn1.i686
php71-gmp-7.1.13-1.30.amzn1.i686
php71-snmp-7.1.13-1.30.amzn1.i686
php71-odbc-7.1.13-1.30.amzn1.i686
php71-embedded-7.1.13-1.30.amzn1.i686
php71-pgsql-7.1.13-1.30.amzn1.i686
php71-tidy-7.1.13-1.30.amzn1.i686
php71-xmlrpc-7.1.13-1.30.amzn1.i686
php71-imap-7.1.13-1.30.amzn1.i686
php71-process-7.1.13-1.30.amzn1.i686
php71-bcmath-7.1.13-1.30.amzn1.i686
php71-debuginfo-7.1.13-1.30.amzn1.i686
php71-json-7.1.13-1.30.amzn1.i686
php71-pdo-dblib-7.1.13-1.30.amzn1.i686
php71-dba-7.1.13-1.30.amzn1.i686
php71-dbg-7.1.13-1.30.amzn1.i686
php71-mbstring-7.1.13-1.30.amzn1.i686
php71-fpm-7.1.13-1.30.amzn1.i686
php71-mysqlnd-7.1.13-1.30.amzn1.i686
php71-mcrypt-7.1.13-1.30.amzn1.i686
php71-cli-7.1.13-1.30.amzn1.i686
php71-common-7.1.13-1.30.amzn1.i686
php71-recode-7.1.13-1.30.amzn1.i686
php71-devel-7.1.13-1.30.amzn1.i686
php71-enchant-7.1.13-1.30.amzn1.i686
php71-gd-7.1.13-1.30.amzn1.i686
php71-pdo-7.1.13-1.30.amzn1.i686
php71-xml-7.1.13-1.30.amzn1.i686
php70-mysqlnd-7.0.27-1.27.amzn1.i686
php70-snmp-7.0.27-1.27.amzn1.i686
php70-pdo-7.0.27-1.27.amzn1.i686
php70-bcmath-7.0.27-1.27.amzn1.i686
php70-gmp-7.0.27-1.27.amzn1.i686
php70-dbg-7.0.27-1.27.amzn1.i686
php70-soap-7.0.27-1.27.amzn1.i686
php70-embedded-7.0.27-1.27.amzn1.i686
php70-pgsql-7.0.27-1.27.amzn1.i686
php70-ldap-7.0.27-1.27.amzn1.i686
php70-recode-7.0.27-1.27.amzn1.i686
php70-devel-7.0.27-1.27.amzn1.i686
php70-mbstring-7.0.27-1.27.amzn1.i686
php70-odbc-7.0.27-1.27.amzn1.i686
php70-opcache-7.0.27-1.27.amzn1.i686
php70-enchant-7.0.27-1.27.amzn1.i686
php70-common-7.0.27-1.27.amzn1.i686
php70-imap-7.0.27-1.27.amzn1.i686
php70-mcrypt-7.0.27-1.27.amzn1.i686
php70-tidy-7.0.27-1.27.amzn1.i686
php70-intl-7.0.27-1.27.amzn1.i686
php70-gd-7.0.27-1.27.amzn1.i686
php70-xml-7.0.27-1.27.amzn1.i686
php70-xmlrpc-7.0.27-1.27.amzn1.i686
php70-zip-7.0.27-1.27.amzn1.i686
php70-cli-7.0.27-1.27.amzn1.i686
php70-fpm-7.0.27-1.27.amzn1.i686
php70-process-7.0.27-1.27.amzn1.i686
php70-dba-7.0.27-1.27.amzn1.i686
php70-7.0.27-1.27.amzn1.i686
php70-pspell-7.0.27-1.27.amzn1.i686
php70-json-7.0.27-1.27.amzn1.i686
php70-pdo-dblib-7.0.27-1.27.amzn1.i686
php70-debuginfo-7.0.27-1.27.amzn1.i686
php56-mysqlnd-5.6.33-1.136.amzn1.i686
php56-tidy-5.6.33-1.136.amzn1.i686
php56-5.6.33-1.136.amzn1.i686
php56-soap-5.6.33-1.136.amzn1.i686
php56-mssql-5.6.33-1.136.amzn1.i686
php56-pspell-5.6.33-1.136.amzn1.i686
php56-enchant-5.6.33-1.136.amzn1.i686
php56-xmlrpc-5.6.33-1.136.amzn1.i686
php56-odbc-5.6.33-1.136.amzn1.i686
php56-process-5.6.33-1.136.amzn1.i686
php56-imap-5.6.33-1.136.amzn1.i686
php56-recode-5.6.33-1.136.amzn1.i686
php56-pgsql-5.6.33-1.136.amzn1.i686
php56-gmp-5.6.33-1.136.amzn1.i686
php56-cli-5.6.33-1.136.amzn1.i686
php56-snmp-5.6.33-1.136.amzn1.i686
php56-dbg-5.6.33-1.136.amzn1.i686
php56-embedded-5.6.33-1.136.amzn1.i686
php56-debuginfo-5.6.33-1.136.amzn1.i686
php56-intl-5.6.33-1.136.amzn1.i686
php56-bcmath-5.6.33-1.136.amzn1.i686
php56-xml-5.6.33-1.136.amzn1.i686
php56-ldap-5.6.33-1.136.amzn1.i686
php56-gd-5.6.33-1.136.amzn1.i686
php56-fpm-5.6.33-1.136.amzn1.i686
php56-pdo-5.6.33-1.136.amzn1.i686
php56-devel-5.6.33-1.136.amzn1.i686
php56-common-5.6.33-1.136.amzn1.i686
php56-opcache-5.6.33-1.136.amzn1.i686
php56-dba-5.6.33-1.136.amzn1.i686
php56-mbstring-5.6.33-1.136.amzn1.i686
php56-mcrypt-5.6.33-1.136.amzn1.i686
src:
php71-7.1.13-1.30.amzn1.src
php70-7.0.27-1.27.amzn1.src
php56-5.6.33-1.136.amzn1.src
x86_64:
php71-debuginfo-7.1.13-1.30.amzn1.x86_64
php71-gd-7.1.13-1.30.amzn1.x86_64
php71-odbc-7.1.13-1.30.amzn1.x86_64
php71-process-7.1.13-1.30.amzn1.x86_64
php71-imap-7.1.13-1.30.amzn1.x86_64
php71-mbstring-7.1.13-1.30.amzn1.x86_64
php71-mcrypt-7.1.13-1.30.amzn1.x86_64
php71-gmp-7.1.13-1.30.amzn1.x86_64
php71-soap-7.1.13-1.30.amzn1.x86_64
php71-ldap-7.1.13-1.30.amzn1.x86_64
php71-snmp-7.1.13-1.30.amzn1.x86_64
php71-enchant-7.1.13-1.30.amzn1.x86_64
php71-tidy-7.1.13-1.30.amzn1.x86_64
php71-pdo-dblib-7.1.13-1.30.amzn1.x86_64
php71-json-7.1.13-1.30.amzn1.x86_64
php71-embedded-7.1.13-1.30.amzn1.x86_64
php71-devel-7.1.13-1.30.amzn1.x86_64
php71-7.1.13-1.30.amzn1.x86_64
php71-pspell-7.1.13-1.30.amzn1.x86_64
php71-common-7.1.13-1.30.amzn1.x86_64
php71-recode-7.1.13-1.30.amzn1.x86_64
php71-xmlrpc-7.1.13-1.30.amzn1.x86_64
php71-pgsql-7.1.13-1.30.amzn1.x86_64
php71-cli-7.1.13-1.30.amzn1.x86_64
php71-dbg-7.1.13-1.30.amzn1.x86_64
php71-xml-7.1.13-1.30.amzn1.x86_64
php71-opcache-7.1.13-1.30.amzn1.x86_64
php71-fpm-7.1.13-1.30.amzn1.x86_64
php71-mysqlnd-7.1.13-1.30.amzn1.x86_64
php71-dba-7.1.13-1.30.amzn1.x86_64
php71-intl-7.1.13-1.30.amzn1.x86_64
php71-pdo-7.1.13-1.30.amzn1.x86_64
php71-bcmath-7.1.13-1.30.amzn1.x86_64
php70-debuginfo-7.0.27-1.27.amzn1.x86_64
php70-dba-7.0.27-1.27.amzn1.x86_64
php70-mcrypt-7.0.27-1.27.amzn1.x86_64
php70-7.0.27-1.27.amzn1.x86_64
php70-tidy-7.0.27-1.27.amzn1.x86_64
php70-bcmath-7.0.27-1.27.amzn1.x86_64
php70-opcache-7.0.27-1.27.amzn1.x86_64
php70-fpm-7.0.27-1.27.amzn1.x86_64
php70-pdo-7.0.27-1.27.amzn1.x86_64
php70-mysqlnd-7.0.27-1.27.amzn1.x86_64
php70-dbg-7.0.27-1.27.amzn1.x86_64
php70-gmp-7.0.27-1.27.amzn1.x86_64
php70-process-7.0.27-1.27.amzn1.x86_64
php70-imap-7.0.27-1.27.amzn1.x86_64
php70-snmp-7.0.27-1.27.amzn1.x86_64
php70-cli-7.0.27-1.27.amzn1.x86_64
php70-ldap-7.0.27-1.27.amzn1.x86_64
php70-enchant-7.0.27-1.27.amzn1.x86_64
php70-intl-7.0.27-1.27.amzn1.x86_64
php70-odbc-7.0.27-1.27.amzn1.x86_64
php70-json-7.0.27-1.27.amzn1.x86_64
php70-devel-7.0.27-1.27.amzn1.x86_64
php70-recode-7.0.27-1.27.amzn1.x86_64
php70-pspell-7.0.27-1.27.amzn1.x86_64
php70-common-7.0.27-1.27.amzn1.x86_64
php70-soap-7.0.27-1.27.amzn1.x86_64
php70-xml-7.0.27-1.27.amzn1.x86_64
php70-xmlrpc-7.0.27-1.27.amzn1.x86_64
php70-pdo-dblib-7.0.27-1.27.amzn1.x86_64
php70-pgsql-7.0.27-1.27.amzn1.x86_64
php70-gd-7.0.27-1.27.amzn1.x86_64
php70-zip-7.0.27-1.27.amzn1.x86_64
php70-embedded-7.0.27-1.27.amzn1.x86_64
php70-mbstring-7.0.27-1.27.amzn1.x86_64
php56-intl-5.6.33-1.136.amzn1.x86_64
php56-cli-5.6.33-1.136.amzn1.x86_64
php56-pspell-5.6.33-1.136.amzn1.x86_64
php56-gmp-5.6.33-1.136.amzn1.x86_64
php56-soap-5.6.33-1.136.amzn1.x86_64
php56-devel-5.6.33-1.136.amzn1.x86_64
php56-process-5.6.33-1.136.amzn1.x86_64
php56-enchant-5.6.33-1.136.amzn1.x86_64
php56-xml-5.6.33-1.136.amzn1.x86_64
php56-mssql-5.6.33-1.136.amzn1.x86_64
php56-snmp-5.6.33-1.136.amzn1.x86_64
php56-pdo-5.6.33-1.136.amzn1.x86_64
php56-debuginfo-5.6.33-1.136.amzn1.x86_64
php56-xmlrpc-5.6.33-1.136.amzn1.x86_64
php56-mcrypt-5.6.33-1.136.amzn1.x86_64
php56-dba-5.6.33-1.136.amzn1.x86_64
php56-bcmath-5.6.33-1.136.amzn1.x86_64
php56-opcache-5.6.33-1.136.amzn1.x86_64
php56-dbg-5.6.33-1.136.amzn1.x86_64
php56-pgsql-5.6.33-1.136.amzn1.x86_64
php56-common-5.6.33-1.136.amzn1.x86_64
php56-ldap-5.6.33-1.136.amzn1.x86_64
php56-odbc-5.6.33-1.136.amzn1.x86_64
php56-5.6.33-1.136.amzn1.x86_64
php56-recode-5.6.33-1.136.amzn1.x86_64
php56-mbstring-5.6.33-1.136.amzn1.x86_64
php56-fpm-5.6.33-1.136.amzn1.x86_64
php56-imap-5.6.33-1.136.amzn1.x86_64
php56-gd-5.6.33-1.136.amzn1.x86_64
php56-embedded-5.6.33-1.136.amzn1.x86_64
php56-mysqlnd-5.6.33-1.136.amzn1.x86_64
php56-tidy-5.6.33-1.136.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2018-946.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU10390
Risk: Low
CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5711
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a local unauthenticated attacker to cause DoS condition.
The vulnerability exists in PHP GD Graphics Library due to insufficient sanitization of user-supplied data. A local attacker can submit a specially crafted GIF, trigger an infinite loop and cause the service to crash.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
php71-soap-7.1.13-1.30.amzn1.i686
php71-intl-7.1.13-1.30.amzn1.i686
php71-ldap-7.1.13-1.30.amzn1.i686
php71-7.1.13-1.30.amzn1.i686
php71-pspell-7.1.13-1.30.amzn1.i686
php71-opcache-7.1.13-1.30.amzn1.i686
php71-gmp-7.1.13-1.30.amzn1.i686
php71-snmp-7.1.13-1.30.amzn1.i686
php71-odbc-7.1.13-1.30.amzn1.i686
php71-embedded-7.1.13-1.30.amzn1.i686
php71-pgsql-7.1.13-1.30.amzn1.i686
php71-tidy-7.1.13-1.30.amzn1.i686
php71-xmlrpc-7.1.13-1.30.amzn1.i686
php71-imap-7.1.13-1.30.amzn1.i686
php71-process-7.1.13-1.30.amzn1.i686
php71-bcmath-7.1.13-1.30.amzn1.i686
php71-debuginfo-7.1.13-1.30.amzn1.i686
php71-json-7.1.13-1.30.amzn1.i686
php71-pdo-dblib-7.1.13-1.30.amzn1.i686
php71-dba-7.1.13-1.30.amzn1.i686
php71-dbg-7.1.13-1.30.amzn1.i686
php71-mbstring-7.1.13-1.30.amzn1.i686
php71-fpm-7.1.13-1.30.amzn1.i686
php71-mysqlnd-7.1.13-1.30.amzn1.i686
php71-mcrypt-7.1.13-1.30.amzn1.i686
php71-cli-7.1.13-1.30.amzn1.i686
php71-common-7.1.13-1.30.amzn1.i686
php71-recode-7.1.13-1.30.amzn1.i686
php71-devel-7.1.13-1.30.amzn1.i686
php71-enchant-7.1.13-1.30.amzn1.i686
php71-gd-7.1.13-1.30.amzn1.i686
php71-pdo-7.1.13-1.30.amzn1.i686
php71-xml-7.1.13-1.30.amzn1.i686
php70-mysqlnd-7.0.27-1.27.amzn1.i686
php70-snmp-7.0.27-1.27.amzn1.i686
php70-pdo-7.0.27-1.27.amzn1.i686
php70-bcmath-7.0.27-1.27.amzn1.i686
php70-gmp-7.0.27-1.27.amzn1.i686
php70-dbg-7.0.27-1.27.amzn1.i686
php70-soap-7.0.27-1.27.amzn1.i686
php70-embedded-7.0.27-1.27.amzn1.i686
php70-pgsql-7.0.27-1.27.amzn1.i686
php70-ldap-7.0.27-1.27.amzn1.i686
php70-recode-7.0.27-1.27.amzn1.i686
php70-devel-7.0.27-1.27.amzn1.i686
php70-mbstring-7.0.27-1.27.amzn1.i686
php70-odbc-7.0.27-1.27.amzn1.i686
php70-opcache-7.0.27-1.27.amzn1.i686
php70-enchant-7.0.27-1.27.amzn1.i686
php70-common-7.0.27-1.27.amzn1.i686
php70-imap-7.0.27-1.27.amzn1.i686
php70-mcrypt-7.0.27-1.27.amzn1.i686
php70-tidy-7.0.27-1.27.amzn1.i686
php70-intl-7.0.27-1.27.amzn1.i686
php70-gd-7.0.27-1.27.amzn1.i686
php70-xml-7.0.27-1.27.amzn1.i686
php70-xmlrpc-7.0.27-1.27.amzn1.i686
php70-zip-7.0.27-1.27.amzn1.i686
php70-cli-7.0.27-1.27.amzn1.i686
php70-fpm-7.0.27-1.27.amzn1.i686
php70-process-7.0.27-1.27.amzn1.i686
php70-dba-7.0.27-1.27.amzn1.i686
php70-7.0.27-1.27.amzn1.i686
php70-pspell-7.0.27-1.27.amzn1.i686
php70-json-7.0.27-1.27.amzn1.i686
php70-pdo-dblib-7.0.27-1.27.amzn1.i686
php70-debuginfo-7.0.27-1.27.amzn1.i686
php56-mysqlnd-5.6.33-1.136.amzn1.i686
php56-tidy-5.6.33-1.136.amzn1.i686
php56-5.6.33-1.136.amzn1.i686
php56-soap-5.6.33-1.136.amzn1.i686
php56-mssql-5.6.33-1.136.amzn1.i686
php56-pspell-5.6.33-1.136.amzn1.i686
php56-enchant-5.6.33-1.136.amzn1.i686
php56-xmlrpc-5.6.33-1.136.amzn1.i686
php56-odbc-5.6.33-1.136.amzn1.i686
php56-process-5.6.33-1.136.amzn1.i686
php56-imap-5.6.33-1.136.amzn1.i686
php56-recode-5.6.33-1.136.amzn1.i686
php56-pgsql-5.6.33-1.136.amzn1.i686
php56-gmp-5.6.33-1.136.amzn1.i686
php56-cli-5.6.33-1.136.amzn1.i686
php56-snmp-5.6.33-1.136.amzn1.i686
php56-dbg-5.6.33-1.136.amzn1.i686
php56-embedded-5.6.33-1.136.amzn1.i686
php56-debuginfo-5.6.33-1.136.amzn1.i686
php56-intl-5.6.33-1.136.amzn1.i686
php56-bcmath-5.6.33-1.136.amzn1.i686
php56-xml-5.6.33-1.136.amzn1.i686
php56-ldap-5.6.33-1.136.amzn1.i686
php56-gd-5.6.33-1.136.amzn1.i686
php56-fpm-5.6.33-1.136.amzn1.i686
php56-pdo-5.6.33-1.136.amzn1.i686
php56-devel-5.6.33-1.136.amzn1.i686
php56-common-5.6.33-1.136.amzn1.i686
php56-opcache-5.6.33-1.136.amzn1.i686
php56-dba-5.6.33-1.136.amzn1.i686
php56-mbstring-5.6.33-1.136.amzn1.i686
php56-mcrypt-5.6.33-1.136.amzn1.i686
src:
php71-7.1.13-1.30.amzn1.src
php70-7.0.27-1.27.amzn1.src
php56-5.6.33-1.136.amzn1.src
x86_64:
php71-debuginfo-7.1.13-1.30.amzn1.x86_64
php71-gd-7.1.13-1.30.amzn1.x86_64
php71-odbc-7.1.13-1.30.amzn1.x86_64
php71-process-7.1.13-1.30.amzn1.x86_64
php71-imap-7.1.13-1.30.amzn1.x86_64
php71-mbstring-7.1.13-1.30.amzn1.x86_64
php71-mcrypt-7.1.13-1.30.amzn1.x86_64
php71-gmp-7.1.13-1.30.amzn1.x86_64
php71-soap-7.1.13-1.30.amzn1.x86_64
php71-ldap-7.1.13-1.30.amzn1.x86_64
php71-snmp-7.1.13-1.30.amzn1.x86_64
php71-enchant-7.1.13-1.30.amzn1.x86_64
php71-tidy-7.1.13-1.30.amzn1.x86_64
php71-pdo-dblib-7.1.13-1.30.amzn1.x86_64
php71-json-7.1.13-1.30.amzn1.x86_64
php71-embedded-7.1.13-1.30.amzn1.x86_64
php71-devel-7.1.13-1.30.amzn1.x86_64
php71-7.1.13-1.30.amzn1.x86_64
php71-pspell-7.1.13-1.30.amzn1.x86_64
php71-common-7.1.13-1.30.amzn1.x86_64
php71-recode-7.1.13-1.30.amzn1.x86_64
php71-xmlrpc-7.1.13-1.30.amzn1.x86_64
php71-pgsql-7.1.13-1.30.amzn1.x86_64
php71-cli-7.1.13-1.30.amzn1.x86_64
php71-dbg-7.1.13-1.30.amzn1.x86_64
php71-xml-7.1.13-1.30.amzn1.x86_64
php71-opcache-7.1.13-1.30.amzn1.x86_64
php71-fpm-7.1.13-1.30.amzn1.x86_64
php71-mysqlnd-7.1.13-1.30.amzn1.x86_64
php71-dba-7.1.13-1.30.amzn1.x86_64
php71-intl-7.1.13-1.30.amzn1.x86_64
php71-pdo-7.1.13-1.30.amzn1.x86_64
php71-bcmath-7.1.13-1.30.amzn1.x86_64
php70-debuginfo-7.0.27-1.27.amzn1.x86_64
php70-dba-7.0.27-1.27.amzn1.x86_64
php70-mcrypt-7.0.27-1.27.amzn1.x86_64
php70-7.0.27-1.27.amzn1.x86_64
php70-tidy-7.0.27-1.27.amzn1.x86_64
php70-bcmath-7.0.27-1.27.amzn1.x86_64
php70-opcache-7.0.27-1.27.amzn1.x86_64
php70-fpm-7.0.27-1.27.amzn1.x86_64
php70-pdo-7.0.27-1.27.amzn1.x86_64
php70-mysqlnd-7.0.27-1.27.amzn1.x86_64
php70-dbg-7.0.27-1.27.amzn1.x86_64
php70-gmp-7.0.27-1.27.amzn1.x86_64
php70-process-7.0.27-1.27.amzn1.x86_64
php70-imap-7.0.27-1.27.amzn1.x86_64
php70-snmp-7.0.27-1.27.amzn1.x86_64
php70-cli-7.0.27-1.27.amzn1.x86_64
php70-ldap-7.0.27-1.27.amzn1.x86_64
php70-enchant-7.0.27-1.27.amzn1.x86_64
php70-intl-7.0.27-1.27.amzn1.x86_64
php70-odbc-7.0.27-1.27.amzn1.x86_64
php70-json-7.0.27-1.27.amzn1.x86_64
php70-devel-7.0.27-1.27.amzn1.x86_64
php70-recode-7.0.27-1.27.amzn1.x86_64
php70-pspell-7.0.27-1.27.amzn1.x86_64
php70-common-7.0.27-1.27.amzn1.x86_64
php70-soap-7.0.27-1.27.amzn1.x86_64
php70-xml-7.0.27-1.27.amzn1.x86_64
php70-xmlrpc-7.0.27-1.27.amzn1.x86_64
php70-pdo-dblib-7.0.27-1.27.amzn1.x86_64
php70-pgsql-7.0.27-1.27.amzn1.x86_64
php70-gd-7.0.27-1.27.amzn1.x86_64
php70-zip-7.0.27-1.27.amzn1.x86_64
php70-embedded-7.0.27-1.27.amzn1.x86_64
php70-mbstring-7.0.27-1.27.amzn1.x86_64
php56-intl-5.6.33-1.136.amzn1.x86_64
php56-cli-5.6.33-1.136.amzn1.x86_64
php56-pspell-5.6.33-1.136.amzn1.x86_64
php56-gmp-5.6.33-1.136.amzn1.x86_64
php56-soap-5.6.33-1.136.amzn1.x86_64
php56-devel-5.6.33-1.136.amzn1.x86_64
php56-process-5.6.33-1.136.amzn1.x86_64
php56-enchant-5.6.33-1.136.amzn1.x86_64
php56-xml-5.6.33-1.136.amzn1.x86_64
php56-mssql-5.6.33-1.136.amzn1.x86_64
php56-snmp-5.6.33-1.136.amzn1.x86_64
php56-pdo-5.6.33-1.136.amzn1.x86_64
php56-debuginfo-5.6.33-1.136.amzn1.x86_64
php56-xmlrpc-5.6.33-1.136.amzn1.x86_64
php56-mcrypt-5.6.33-1.136.amzn1.x86_64
php56-dba-5.6.33-1.136.amzn1.x86_64
php56-bcmath-5.6.33-1.136.amzn1.x86_64
php56-opcache-5.6.33-1.136.amzn1.x86_64
php56-dbg-5.6.33-1.136.amzn1.x86_64
php56-pgsql-5.6.33-1.136.amzn1.x86_64
php56-common-5.6.33-1.136.amzn1.x86_64
php56-ldap-5.6.33-1.136.amzn1.x86_64
php56-odbc-5.6.33-1.136.amzn1.x86_64
php56-5.6.33-1.136.amzn1.x86_64
php56-recode-5.6.33-1.136.amzn1.x86_64
php56-mbstring-5.6.33-1.136.amzn1.x86_64
php56-fpm-5.6.33-1.136.amzn1.x86_64
php56-imap-5.6.33-1.136.amzn1.x86_64
php56-gd-5.6.33-1.136.amzn1.x86_64
php56-embedded-5.6.33-1.136.amzn1.x86_64
php56-mysqlnd-5.6.33-1.136.amzn1.x86_64
php56-tidy-5.6.33-1.136.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2018-946.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.