Amazon Linux AMI update for php71, php73
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2019-11042 CVE-2019-13224 CVE-2019-11041 |
| CWE-ID | CWE-125 CWE-416 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU21217
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11042
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the exif_read_data() function in PHP EXIF extention. A remote attacker can create a specially crafted image file, pass it to the application, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
php71-ldap-7.1.31-1.41.amzn1.i686
php71-mbstring-7.1.31-1.41.amzn1.i686
php71-devel-7.1.31-1.41.amzn1.i686
php71-cli-7.1.31-1.41.amzn1.i686
php71-mcrypt-7.1.31-1.41.amzn1.i686
php71-dba-7.1.31-1.41.amzn1.i686
php71-mysqlnd-7.1.31-1.41.amzn1.i686
php71-fpm-7.1.31-1.41.amzn1.i686
php71-embedded-7.1.31-1.41.amzn1.i686
php71-recode-7.1.31-1.41.amzn1.i686
php71-7.1.31-1.41.amzn1.i686
php71-opcache-7.1.31-1.41.amzn1.i686
php71-intl-7.1.31-1.41.amzn1.i686
php71-bcmath-7.1.31-1.41.amzn1.i686
php71-enchant-7.1.31-1.41.amzn1.i686
php71-tidy-7.1.31-1.41.amzn1.i686
php71-dbg-7.1.31-1.41.amzn1.i686
php71-debuginfo-7.1.31-1.41.amzn1.i686
php71-pspell-7.1.31-1.41.amzn1.i686
php71-gd-7.1.31-1.41.amzn1.i686
php71-xml-7.1.31-1.41.amzn1.i686
php71-pgsql-7.1.31-1.41.amzn1.i686
php71-snmp-7.1.31-1.41.amzn1.i686
php71-pdo-7.1.31-1.41.amzn1.i686
php71-odbc-7.1.31-1.41.amzn1.i686
php71-pdo-dblib-7.1.31-1.41.amzn1.i686
php71-common-7.1.31-1.41.amzn1.i686
php71-json-7.1.31-1.41.amzn1.i686
php71-imap-7.1.31-1.41.amzn1.i686
php71-gmp-7.1.31-1.41.amzn1.i686
php71-process-7.1.31-1.41.amzn1.i686
php71-xmlrpc-7.1.31-1.41.amzn1.i686
php71-soap-7.1.31-1.41.amzn1.i686
php73-xmlrpc-7.3.8-1.18.amzn1.i686
php73-bcmath-7.3.8-1.18.amzn1.i686
php73-pdo-7.3.8-1.18.amzn1.i686
php73-tidy-7.3.8-1.18.amzn1.i686
php73-gd-7.3.8-1.18.amzn1.i686
php73-common-7.3.8-1.18.amzn1.i686
php73-pdo-dblib-7.3.8-1.18.amzn1.i686
php73-dbg-7.3.8-1.18.amzn1.i686
php73-opcache-7.3.8-1.18.amzn1.i686
php73-process-7.3.8-1.18.amzn1.i686
php73-recode-7.3.8-1.18.amzn1.i686
php73-snmp-7.3.8-1.18.amzn1.i686
php73-gmp-7.3.8-1.18.amzn1.i686
php73-enchant-7.3.8-1.18.amzn1.i686
php73-cli-7.3.8-1.18.amzn1.i686
php73-7.3.8-1.18.amzn1.i686
php73-odbc-7.3.8-1.18.amzn1.i686
php73-embedded-7.3.8-1.18.amzn1.i686
php73-dba-7.3.8-1.18.amzn1.i686
php73-mysqlnd-7.3.8-1.18.amzn1.i686
php73-debuginfo-7.3.8-1.18.amzn1.i686
php73-devel-7.3.8-1.18.amzn1.i686
php73-mbstring-7.3.8-1.18.amzn1.i686
php73-pgsql-7.3.8-1.18.amzn1.i686
php73-xml-7.3.8-1.18.amzn1.i686
php73-fpm-7.3.8-1.18.amzn1.i686
php73-ldap-7.3.8-1.18.amzn1.i686
php73-imap-7.3.8-1.18.amzn1.i686
php73-pspell-7.3.8-1.18.amzn1.i686
php73-json-7.3.8-1.18.amzn1.i686
php73-intl-7.3.8-1.18.amzn1.i686
php73-soap-7.3.8-1.18.amzn1.i686
src:
php71-7.1.31-1.41.amzn1.src
php73-7.3.8-1.18.amzn1.src
x86_64:
php71-embedded-7.1.31-1.41.amzn1.x86_64
php71-dbg-7.1.31-1.41.amzn1.x86_64
php71-pspell-7.1.31-1.41.amzn1.x86_64
php71-devel-7.1.31-1.41.amzn1.x86_64
php71-dba-7.1.31-1.41.amzn1.x86_64
php71-process-7.1.31-1.41.amzn1.x86_64
php71-mcrypt-7.1.31-1.41.amzn1.x86_64
php71-xml-7.1.31-1.41.amzn1.x86_64
php71-bcmath-7.1.31-1.41.amzn1.x86_64
php71-mysqlnd-7.1.31-1.41.amzn1.x86_64
php71-common-7.1.31-1.41.amzn1.x86_64
php71-enchant-7.1.31-1.41.amzn1.x86_64
php71-intl-7.1.31-1.41.amzn1.x86_64
php71-7.1.31-1.41.amzn1.x86_64
php71-pdo-7.1.31-1.41.amzn1.x86_64
php71-debuginfo-7.1.31-1.41.amzn1.x86_64
php71-snmp-7.1.31-1.41.amzn1.x86_64
php71-xmlrpc-7.1.31-1.41.amzn1.x86_64
php71-mbstring-7.1.31-1.41.amzn1.x86_64
php71-pdo-dblib-7.1.31-1.41.amzn1.x86_64
php71-gmp-7.1.31-1.41.amzn1.x86_64
php71-json-7.1.31-1.41.amzn1.x86_64
php71-imap-7.1.31-1.41.amzn1.x86_64
php71-ldap-7.1.31-1.41.amzn1.x86_64
php71-tidy-7.1.31-1.41.amzn1.x86_64
php71-odbc-7.1.31-1.41.amzn1.x86_64
php71-fpm-7.1.31-1.41.amzn1.x86_64
php71-opcache-7.1.31-1.41.amzn1.x86_64
php71-soap-7.1.31-1.41.amzn1.x86_64
php71-recode-7.1.31-1.41.amzn1.x86_64
php71-pgsql-7.1.31-1.41.amzn1.x86_64
php71-cli-7.1.31-1.41.amzn1.x86_64
php71-gd-7.1.31-1.41.amzn1.x86_64
php73-odbc-7.3.8-1.18.amzn1.x86_64
php73-xml-7.3.8-1.18.amzn1.x86_64
php73-mysqlnd-7.3.8-1.18.amzn1.x86_64
php73-mbstring-7.3.8-1.18.amzn1.x86_64
php73-ldap-7.3.8-1.18.amzn1.x86_64
php73-recode-7.3.8-1.18.amzn1.x86_64
php73-devel-7.3.8-1.18.amzn1.x86_64
php73-embedded-7.3.8-1.18.amzn1.x86_64
php73-opcache-7.3.8-1.18.amzn1.x86_64
php73-7.3.8-1.18.amzn1.x86_64
php73-dbg-7.3.8-1.18.amzn1.x86_64
php73-common-7.3.8-1.18.amzn1.x86_64
php73-gd-7.3.8-1.18.amzn1.x86_64
php73-snmp-7.3.8-1.18.amzn1.x86_64
php73-enchant-7.3.8-1.18.amzn1.x86_64
php73-bcmath-7.3.8-1.18.amzn1.x86_64
php73-xmlrpc-7.3.8-1.18.amzn1.x86_64
php73-gmp-7.3.8-1.18.amzn1.x86_64
php73-tidy-7.3.8-1.18.amzn1.x86_64
php73-dba-7.3.8-1.18.amzn1.x86_64
php73-fpm-7.3.8-1.18.amzn1.x86_64
php73-pgsql-7.3.8-1.18.amzn1.x86_64
php73-cli-7.3.8-1.18.amzn1.x86_64
php73-pdo-dblib-7.3.8-1.18.amzn1.x86_64
php73-debuginfo-7.3.8-1.18.amzn1.x86_64
php73-process-7.3.8-1.18.amzn1.x86_64
php73-imap-7.3.8-1.18.amzn1.x86_64
php73-soap-7.3.8-1.18.amzn1.x86_64
php73-json-7.3.8-1.18.amzn1.x86_64
php73-pspell-7.3.8-1.18.amzn1.x86_64
php73-intl-7.3.8-1.18.amzn1.x86_64
php73-pdo-7.3.8-1.18.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2019-1283.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU20904
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13224
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the onig_new_deluxe() function in regext.c in Oniguruma library when processing regular expressions. A remote attacker can pass specially crafted input to the application using the vulnerable library version, trigger use-after-free error and perform denial of service attack or execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
php71-ldap-7.1.31-1.41.amzn1.i686
php71-mbstring-7.1.31-1.41.amzn1.i686
php71-devel-7.1.31-1.41.amzn1.i686
php71-cli-7.1.31-1.41.amzn1.i686
php71-mcrypt-7.1.31-1.41.amzn1.i686
php71-dba-7.1.31-1.41.amzn1.i686
php71-mysqlnd-7.1.31-1.41.amzn1.i686
php71-fpm-7.1.31-1.41.amzn1.i686
php71-embedded-7.1.31-1.41.amzn1.i686
php71-recode-7.1.31-1.41.amzn1.i686
php71-7.1.31-1.41.amzn1.i686
php71-opcache-7.1.31-1.41.amzn1.i686
php71-intl-7.1.31-1.41.amzn1.i686
php71-bcmath-7.1.31-1.41.amzn1.i686
php71-enchant-7.1.31-1.41.amzn1.i686
php71-tidy-7.1.31-1.41.amzn1.i686
php71-dbg-7.1.31-1.41.amzn1.i686
php71-debuginfo-7.1.31-1.41.amzn1.i686
php71-pspell-7.1.31-1.41.amzn1.i686
php71-gd-7.1.31-1.41.amzn1.i686
php71-xml-7.1.31-1.41.amzn1.i686
php71-pgsql-7.1.31-1.41.amzn1.i686
php71-snmp-7.1.31-1.41.amzn1.i686
php71-pdo-7.1.31-1.41.amzn1.i686
php71-odbc-7.1.31-1.41.amzn1.i686
php71-pdo-dblib-7.1.31-1.41.amzn1.i686
php71-common-7.1.31-1.41.amzn1.i686
php71-json-7.1.31-1.41.amzn1.i686
php71-imap-7.1.31-1.41.amzn1.i686
php71-gmp-7.1.31-1.41.amzn1.i686
php71-process-7.1.31-1.41.amzn1.i686
php71-xmlrpc-7.1.31-1.41.amzn1.i686
php71-soap-7.1.31-1.41.amzn1.i686
php73-xmlrpc-7.3.8-1.18.amzn1.i686
php73-bcmath-7.3.8-1.18.amzn1.i686
php73-pdo-7.3.8-1.18.amzn1.i686
php73-tidy-7.3.8-1.18.amzn1.i686
php73-gd-7.3.8-1.18.amzn1.i686
php73-common-7.3.8-1.18.amzn1.i686
php73-pdo-dblib-7.3.8-1.18.amzn1.i686
php73-dbg-7.3.8-1.18.amzn1.i686
php73-opcache-7.3.8-1.18.amzn1.i686
php73-process-7.3.8-1.18.amzn1.i686
php73-recode-7.3.8-1.18.amzn1.i686
php73-snmp-7.3.8-1.18.amzn1.i686
php73-gmp-7.3.8-1.18.amzn1.i686
php73-enchant-7.3.8-1.18.amzn1.i686
php73-cli-7.3.8-1.18.amzn1.i686
php73-7.3.8-1.18.amzn1.i686
php73-odbc-7.3.8-1.18.amzn1.i686
php73-embedded-7.3.8-1.18.amzn1.i686
php73-dba-7.3.8-1.18.amzn1.i686
php73-mysqlnd-7.3.8-1.18.amzn1.i686
php73-debuginfo-7.3.8-1.18.amzn1.i686
php73-devel-7.3.8-1.18.amzn1.i686
php73-mbstring-7.3.8-1.18.amzn1.i686
php73-pgsql-7.3.8-1.18.amzn1.i686
php73-xml-7.3.8-1.18.amzn1.i686
php73-fpm-7.3.8-1.18.amzn1.i686
php73-ldap-7.3.8-1.18.amzn1.i686
php73-imap-7.3.8-1.18.amzn1.i686
php73-pspell-7.3.8-1.18.amzn1.i686
php73-json-7.3.8-1.18.amzn1.i686
php73-intl-7.3.8-1.18.amzn1.i686
php73-soap-7.3.8-1.18.amzn1.i686
src:
php71-7.1.31-1.41.amzn1.src
php73-7.3.8-1.18.amzn1.src
x86_64:
php71-embedded-7.1.31-1.41.amzn1.x86_64
php71-dbg-7.1.31-1.41.amzn1.x86_64
php71-pspell-7.1.31-1.41.amzn1.x86_64
php71-devel-7.1.31-1.41.amzn1.x86_64
php71-dba-7.1.31-1.41.amzn1.x86_64
php71-process-7.1.31-1.41.amzn1.x86_64
php71-mcrypt-7.1.31-1.41.amzn1.x86_64
php71-xml-7.1.31-1.41.amzn1.x86_64
php71-bcmath-7.1.31-1.41.amzn1.x86_64
php71-mysqlnd-7.1.31-1.41.amzn1.x86_64
php71-common-7.1.31-1.41.amzn1.x86_64
php71-enchant-7.1.31-1.41.amzn1.x86_64
php71-intl-7.1.31-1.41.amzn1.x86_64
php71-7.1.31-1.41.amzn1.x86_64
php71-pdo-7.1.31-1.41.amzn1.x86_64
php71-debuginfo-7.1.31-1.41.amzn1.x86_64
php71-snmp-7.1.31-1.41.amzn1.x86_64
php71-xmlrpc-7.1.31-1.41.amzn1.x86_64
php71-mbstring-7.1.31-1.41.amzn1.x86_64
php71-pdo-dblib-7.1.31-1.41.amzn1.x86_64
php71-gmp-7.1.31-1.41.amzn1.x86_64
php71-json-7.1.31-1.41.amzn1.x86_64
php71-imap-7.1.31-1.41.amzn1.x86_64
php71-ldap-7.1.31-1.41.amzn1.x86_64
php71-tidy-7.1.31-1.41.amzn1.x86_64
php71-odbc-7.1.31-1.41.amzn1.x86_64
php71-fpm-7.1.31-1.41.amzn1.x86_64
php71-opcache-7.1.31-1.41.amzn1.x86_64
php71-soap-7.1.31-1.41.amzn1.x86_64
php71-recode-7.1.31-1.41.amzn1.x86_64
php71-pgsql-7.1.31-1.41.amzn1.x86_64
php71-cli-7.1.31-1.41.amzn1.x86_64
php71-gd-7.1.31-1.41.amzn1.x86_64
php73-odbc-7.3.8-1.18.amzn1.x86_64
php73-xml-7.3.8-1.18.amzn1.x86_64
php73-mysqlnd-7.3.8-1.18.amzn1.x86_64
php73-mbstring-7.3.8-1.18.amzn1.x86_64
php73-ldap-7.3.8-1.18.amzn1.x86_64
php73-recode-7.3.8-1.18.amzn1.x86_64
php73-devel-7.3.8-1.18.amzn1.x86_64
php73-embedded-7.3.8-1.18.amzn1.x86_64
php73-opcache-7.3.8-1.18.amzn1.x86_64
php73-7.3.8-1.18.amzn1.x86_64
php73-dbg-7.3.8-1.18.amzn1.x86_64
php73-common-7.3.8-1.18.amzn1.x86_64
php73-gd-7.3.8-1.18.amzn1.x86_64
php73-snmp-7.3.8-1.18.amzn1.x86_64
php73-enchant-7.3.8-1.18.amzn1.x86_64
php73-bcmath-7.3.8-1.18.amzn1.x86_64
php73-xmlrpc-7.3.8-1.18.amzn1.x86_64
php73-gmp-7.3.8-1.18.amzn1.x86_64
php73-tidy-7.3.8-1.18.amzn1.x86_64
php73-dba-7.3.8-1.18.amzn1.x86_64
php73-fpm-7.3.8-1.18.amzn1.x86_64
php73-pgsql-7.3.8-1.18.amzn1.x86_64
php73-cli-7.3.8-1.18.amzn1.x86_64
php73-pdo-dblib-7.3.8-1.18.amzn1.x86_64
php73-debuginfo-7.3.8-1.18.amzn1.x86_64
php73-process-7.3.8-1.18.amzn1.x86_64
php73-imap-7.3.8-1.18.amzn1.x86_64
php73-soap-7.3.8-1.18.amzn1.x86_64
php73-json-7.3.8-1.18.amzn1.x86_64
php73-pspell-7.3.8-1.18.amzn1.x86_64
php73-intl-7.3.8-1.18.amzn1.x86_64
php73-pdo-7.3.8-1.18.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2019-1283.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU21218
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11041
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the exif_read_data() function. A remote attacker can create a specially crafted image file, pass it to the application, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
php71-ldap-7.1.31-1.41.amzn1.i686
php71-mbstring-7.1.31-1.41.amzn1.i686
php71-devel-7.1.31-1.41.amzn1.i686
php71-cli-7.1.31-1.41.amzn1.i686
php71-mcrypt-7.1.31-1.41.amzn1.i686
php71-dba-7.1.31-1.41.amzn1.i686
php71-mysqlnd-7.1.31-1.41.amzn1.i686
php71-fpm-7.1.31-1.41.amzn1.i686
php71-embedded-7.1.31-1.41.amzn1.i686
php71-recode-7.1.31-1.41.amzn1.i686
php71-7.1.31-1.41.amzn1.i686
php71-opcache-7.1.31-1.41.amzn1.i686
php71-intl-7.1.31-1.41.amzn1.i686
php71-bcmath-7.1.31-1.41.amzn1.i686
php71-enchant-7.1.31-1.41.amzn1.i686
php71-tidy-7.1.31-1.41.amzn1.i686
php71-dbg-7.1.31-1.41.amzn1.i686
php71-debuginfo-7.1.31-1.41.amzn1.i686
php71-pspell-7.1.31-1.41.amzn1.i686
php71-gd-7.1.31-1.41.amzn1.i686
php71-xml-7.1.31-1.41.amzn1.i686
php71-pgsql-7.1.31-1.41.amzn1.i686
php71-snmp-7.1.31-1.41.amzn1.i686
php71-pdo-7.1.31-1.41.amzn1.i686
php71-odbc-7.1.31-1.41.amzn1.i686
php71-pdo-dblib-7.1.31-1.41.amzn1.i686
php71-common-7.1.31-1.41.amzn1.i686
php71-json-7.1.31-1.41.amzn1.i686
php71-imap-7.1.31-1.41.amzn1.i686
php71-gmp-7.1.31-1.41.amzn1.i686
php71-process-7.1.31-1.41.amzn1.i686
php71-xmlrpc-7.1.31-1.41.amzn1.i686
php71-soap-7.1.31-1.41.amzn1.i686
php73-xmlrpc-7.3.8-1.18.amzn1.i686
php73-bcmath-7.3.8-1.18.amzn1.i686
php73-pdo-7.3.8-1.18.amzn1.i686
php73-tidy-7.3.8-1.18.amzn1.i686
php73-gd-7.3.8-1.18.amzn1.i686
php73-common-7.3.8-1.18.amzn1.i686
php73-pdo-dblib-7.3.8-1.18.amzn1.i686
php73-dbg-7.3.8-1.18.amzn1.i686
php73-opcache-7.3.8-1.18.amzn1.i686
php73-process-7.3.8-1.18.amzn1.i686
php73-recode-7.3.8-1.18.amzn1.i686
php73-snmp-7.3.8-1.18.amzn1.i686
php73-gmp-7.3.8-1.18.amzn1.i686
php73-enchant-7.3.8-1.18.amzn1.i686
php73-cli-7.3.8-1.18.amzn1.i686
php73-7.3.8-1.18.amzn1.i686
php73-odbc-7.3.8-1.18.amzn1.i686
php73-embedded-7.3.8-1.18.amzn1.i686
php73-dba-7.3.8-1.18.amzn1.i686
php73-mysqlnd-7.3.8-1.18.amzn1.i686
php73-debuginfo-7.3.8-1.18.amzn1.i686
php73-devel-7.3.8-1.18.amzn1.i686
php73-mbstring-7.3.8-1.18.amzn1.i686
php73-pgsql-7.3.8-1.18.amzn1.i686
php73-xml-7.3.8-1.18.amzn1.i686
php73-fpm-7.3.8-1.18.amzn1.i686
php73-ldap-7.3.8-1.18.amzn1.i686
php73-imap-7.3.8-1.18.amzn1.i686
php73-pspell-7.3.8-1.18.amzn1.i686
php73-json-7.3.8-1.18.amzn1.i686
php73-intl-7.3.8-1.18.amzn1.i686
php73-soap-7.3.8-1.18.amzn1.i686
src:
php71-7.1.31-1.41.amzn1.src
php73-7.3.8-1.18.amzn1.src
x86_64:
php71-embedded-7.1.31-1.41.amzn1.x86_64
php71-dbg-7.1.31-1.41.amzn1.x86_64
php71-pspell-7.1.31-1.41.amzn1.x86_64
php71-devel-7.1.31-1.41.amzn1.x86_64
php71-dba-7.1.31-1.41.amzn1.x86_64
php71-process-7.1.31-1.41.amzn1.x86_64
php71-mcrypt-7.1.31-1.41.amzn1.x86_64
php71-xml-7.1.31-1.41.amzn1.x86_64
php71-bcmath-7.1.31-1.41.amzn1.x86_64
php71-mysqlnd-7.1.31-1.41.amzn1.x86_64
php71-common-7.1.31-1.41.amzn1.x86_64
php71-enchant-7.1.31-1.41.amzn1.x86_64
php71-intl-7.1.31-1.41.amzn1.x86_64
php71-7.1.31-1.41.amzn1.x86_64
php71-pdo-7.1.31-1.41.amzn1.x86_64
php71-debuginfo-7.1.31-1.41.amzn1.x86_64
php71-snmp-7.1.31-1.41.amzn1.x86_64
php71-xmlrpc-7.1.31-1.41.amzn1.x86_64
php71-mbstring-7.1.31-1.41.amzn1.x86_64
php71-pdo-dblib-7.1.31-1.41.amzn1.x86_64
php71-gmp-7.1.31-1.41.amzn1.x86_64
php71-json-7.1.31-1.41.amzn1.x86_64
php71-imap-7.1.31-1.41.amzn1.x86_64
php71-ldap-7.1.31-1.41.amzn1.x86_64
php71-tidy-7.1.31-1.41.amzn1.x86_64
php71-odbc-7.1.31-1.41.amzn1.x86_64
php71-fpm-7.1.31-1.41.amzn1.x86_64
php71-opcache-7.1.31-1.41.amzn1.x86_64
php71-soap-7.1.31-1.41.amzn1.x86_64
php71-recode-7.1.31-1.41.amzn1.x86_64
php71-pgsql-7.1.31-1.41.amzn1.x86_64
php71-cli-7.1.31-1.41.amzn1.x86_64
php71-gd-7.1.31-1.41.amzn1.x86_64
php73-odbc-7.3.8-1.18.amzn1.x86_64
php73-xml-7.3.8-1.18.amzn1.x86_64
php73-mysqlnd-7.3.8-1.18.amzn1.x86_64
php73-mbstring-7.3.8-1.18.amzn1.x86_64
php73-ldap-7.3.8-1.18.amzn1.x86_64
php73-recode-7.3.8-1.18.amzn1.x86_64
php73-devel-7.3.8-1.18.amzn1.x86_64
php73-embedded-7.3.8-1.18.amzn1.x86_64
php73-opcache-7.3.8-1.18.amzn1.x86_64
php73-7.3.8-1.18.amzn1.x86_64
php73-dbg-7.3.8-1.18.amzn1.x86_64
php73-common-7.3.8-1.18.amzn1.x86_64
php73-gd-7.3.8-1.18.amzn1.x86_64
php73-snmp-7.3.8-1.18.amzn1.x86_64
php73-enchant-7.3.8-1.18.amzn1.x86_64
php73-bcmath-7.3.8-1.18.amzn1.x86_64
php73-xmlrpc-7.3.8-1.18.amzn1.x86_64
php73-gmp-7.3.8-1.18.amzn1.x86_64
php73-tidy-7.3.8-1.18.amzn1.x86_64
php73-dba-7.3.8-1.18.amzn1.x86_64
php73-fpm-7.3.8-1.18.amzn1.x86_64
php73-pgsql-7.3.8-1.18.amzn1.x86_64
php73-cli-7.3.8-1.18.amzn1.x86_64
php73-pdo-dblib-7.3.8-1.18.amzn1.x86_64
php73-debuginfo-7.3.8-1.18.amzn1.x86_64
php73-process-7.3.8-1.18.amzn1.x86_64
php73-imap-7.3.8-1.18.amzn1.x86_64
php73-soap-7.3.8-1.18.amzn1.x86_64
php73-json-7.3.8-1.18.amzn1.x86_64
php73-pspell-7.3.8-1.18.amzn1.x86_64
php73-intl-7.3.8-1.18.amzn1.x86_64
php73-pdo-7.3.8-1.18.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2019-1283.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
