ALASPHP8.2-2024-004

Amazon Linux 2 Security Advisory: ALASPHP8.2-2024-004
Advisory Release Date: 2024-05-23 23:02 Pacific
Advisory Updated Date: 2024-05-30 13:00 Pacific
Severity: Important
Issue Overview:

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

Note, the vulnerability exists due to incomplete fix for #VU67756 (CVE-2022-31629). (CVE-2024-2756)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in within the password_verify() function, which can erroneously return true. A remote attacker can bypass implemented authentication based on the vulnerable function and gain unauthorized access to the web application. (CVE-2024-3096)


Affected Packages:

php


Note:

This advisory is applicable to Amazon Linux 2 - Php8.2 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update php to update your system.

New Packages:
aarch64:
    php-8.2.19-1.amzn2.aarch64
    php-cli-8.2.19-1.amzn2.aarch64
    php-dbg-8.2.19-1.amzn2.aarch64
    php-fpm-8.2.19-1.amzn2.aarch64
    php-common-8.2.19-1.amzn2.aarch64
    php-devel-8.2.19-1.amzn2.aarch64
    php-opcache-8.2.19-1.amzn2.aarch64
    php-ldap-8.2.19-1.amzn2.aarch64
    php-pdo-8.2.19-1.amzn2.aarch64
    php-mysqlnd-8.2.19-1.amzn2.aarch64
    php-pgsql-8.2.19-1.amzn2.aarch64
    php-process-8.2.19-1.amzn2.aarch64
    php-odbc-8.2.19-1.amzn2.aarch64
    php-soap-8.2.19-1.amzn2.aarch64
    php-snmp-8.2.19-1.amzn2.aarch64
    php-xml-8.2.19-1.amzn2.aarch64
    php-mbstring-8.2.19-1.amzn2.aarch64
    php-gd-8.2.19-1.amzn2.aarch64
    php-bcmath-8.2.19-1.amzn2.aarch64
    php-gmp-8.2.19-1.amzn2.aarch64
    php-dba-8.2.19-1.amzn2.aarch64
    php-embedded-8.2.19-1.amzn2.aarch64
    php-pspell-8.2.19-1.amzn2.aarch64
    php-intl-8.2.19-1.amzn2.aarch64
    php-enchant-8.2.19-1.amzn2.aarch64
    php-sodium-8.2.19-1.amzn2.aarch64
    php-debuginfo-8.2.19-1.amzn2.aarch64

src:
    php-8.2.19-1.amzn2.src

x86_64:
    php-8.2.19-1.amzn2.x86_64
    php-cli-8.2.19-1.amzn2.x86_64
    php-dbg-8.2.19-1.amzn2.x86_64
    php-fpm-8.2.19-1.amzn2.x86_64
    php-common-8.2.19-1.amzn2.x86_64
    php-devel-8.2.19-1.amzn2.x86_64
    php-opcache-8.2.19-1.amzn2.x86_64
    php-ldap-8.2.19-1.amzn2.x86_64
    php-pdo-8.2.19-1.amzn2.x86_64
    php-mysqlnd-8.2.19-1.amzn2.x86_64
    php-pgsql-8.2.19-1.amzn2.x86_64
    php-process-8.2.19-1.amzn2.x86_64
    php-odbc-8.2.19-1.amzn2.x86_64
    php-soap-8.2.19-1.amzn2.x86_64
    php-snmp-8.2.19-1.amzn2.x86_64
    php-xml-8.2.19-1.amzn2.x86_64
    php-mbstring-8.2.19-1.amzn2.x86_64
    php-gd-8.2.19-1.amzn2.x86_64
    php-bcmath-8.2.19-1.amzn2.x86_64
    php-gmp-8.2.19-1.amzn2.x86_64
    php-dba-8.2.19-1.amzn2.x86_64
    php-embedded-8.2.19-1.amzn2.x86_64
    php-pspell-8.2.19-1.amzn2.x86_64
    php-intl-8.2.19-1.amzn2.x86_64
    php-enchant-8.2.19-1.amzn2.x86_64
    php-sodium-8.2.19-1.amzn2.x86_64
    php-debuginfo-8.2.19-1.amzn2.x86_64

Additional References

Red Hat: CVE-2024-2756, CVE-2024-3096

Mitre: CVE-2024-2756, CVE-2024-3096