Amazon Linux 2022 Security Advisory: ALAS-2022-073
Advisory Release Date: 2022-05-18 00:30 Pacific
Advisory Updated Date: 2022-05-19 18:22 Pacific
Severity:
Medium
Issue Overview:
A flaw was found in php. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup Language(XML) entity. A special character could allow an attacker to traverse directories. The highest threat from this vulnerability is confidentiality. (CVE-2021-21707)
A flaw was found in PHP. The vulnerability occurs due to the malformed php_filter_float() function and leads to a use-after-free vulnerability. This flaw allows an attacker to inject a malicious file, leading to a crash or a Segmentation fault. (CVE-2021-21708)
Affected Packages:
php
Issue Correction:
Run dnf update --releasever=2022.0.20220518 php to update your system.
New Packages:
aarch64:
php-ffi-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-opcache-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-mysqlnd-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-intl-7.4.27-1.amzn2022.0.3.aarch64
php-xml-7.4.27-1.amzn2022.0.3.aarch64
php-intl-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-embedded-7.4.27-1.amzn2022.0.3.aarch64
php-process-7.4.27-1.amzn2022.0.3.aarch64
php-dba-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-gd-7.4.27-1.amzn2022.0.3.aarch64
php-process-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-cli-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-odbc-7.4.27-1.amzn2022.0.3.aarch64
php-dbg-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-soap-7.4.27-1.amzn2022.0.3.aarch64
php-odbc-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-soap-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-debugsource-7.4.27-1.amzn2022.0.3.aarch64
php-xmlrpc-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-pdo-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-opcache-7.4.27-1.amzn2022.0.3.aarch64
php-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-gmp-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-fpm-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-bcmath-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-xmlrpc-7.4.27-1.amzn2022.0.3.aarch64
php-devel-7.4.27-1.amzn2022.0.3.aarch64
php-sodium-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-ldap-7.4.27-1.amzn2022.0.3.aarch64
php-pdo-7.4.27-1.amzn2022.0.3.aarch64
php-embedded-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-json-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-dbg-7.4.27-1.amzn2022.0.3.aarch64
php-gd-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-sodium-7.4.27-1.amzn2022.0.3.aarch64
php-common-7.4.27-1.amzn2022.0.3.aarch64
php-ffi-7.4.27-1.amzn2022.0.3.aarch64
php-common-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-ldap-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-mbstring-7.4.27-1.amzn2022.0.3.aarch64
php-xml-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-cli-7.4.27-1.amzn2022.0.3.aarch64
php-mysqlnd-7.4.27-1.amzn2022.0.3.aarch64
php-pgsql-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-tidy-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-pgsql-7.4.27-1.amzn2022.0.3.aarch64
php-fpm-7.4.27-1.amzn2022.0.3.aarch64
php-mbstring-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-snmp-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-bcmath-7.4.27-1.amzn2022.0.3.aarch64
php-dba-7.4.27-1.amzn2022.0.3.aarch64
php-snmp-7.4.27-1.amzn2022.0.3.aarch64
php-tidy-7.4.27-1.amzn2022.0.3.aarch64
php-json-7.4.27-1.amzn2022.0.3.aarch64
php-gmp-7.4.27-1.amzn2022.0.3.aarch64
php-enchant-7.4.27-1.amzn2022.0.3.aarch64
php-enchant-debuginfo-7.4.27-1.amzn2022.0.3.aarch64
php-7.4.27-1.amzn2022.0.3.aarch64
src:
php-7.4.27-1.amzn2022.0.3.src
x86_64:
php-mbstring-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-dbg-7.4.27-1.amzn2022.0.3.x86_64
php-process-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-embedded-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-embedded-7.4.27-1.amzn2022.0.3.x86_64
php-dba-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-opcache-7.4.27-1.amzn2022.0.3.x86_64
php-opcache-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-pgsql-7.4.27-1.amzn2022.0.3.x86_64
php-ldap-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-cli-7.4.27-1.amzn2022.0.3.x86_64
php-pdo-7.4.27-1.amzn2022.0.3.x86_64
php-intl-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-devel-7.4.27-1.amzn2022.0.3.x86_64
php-common-7.4.27-1.amzn2022.0.3.x86_64
php-pdo-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-cli-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-soap-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-fpm-7.4.27-1.amzn2022.0.3.x86_64
php-pgsql-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-debugsource-7.4.27-1.amzn2022.0.3.x86_64
php-gd-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-xml-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-mysqlnd-7.4.27-1.amzn2022.0.3.x86_64
php-soap-7.4.27-1.amzn2022.0.3.x86_64
php-fpm-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-intl-7.4.27-1.amzn2022.0.3.x86_64
php-mysqlnd-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-dbg-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-ffi-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-common-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-xmlrpc-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-xml-7.4.27-1.amzn2022.0.3.x86_64
php-odbc-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-mbstring-7.4.27-1.amzn2022.0.3.x86_64
php-sodium-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-ffi-7.4.27-1.amzn2022.0.3.x86_64
php-json-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-tidy-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-gmp-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-bcmath-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-process-7.4.27-1.amzn2022.0.3.x86_64
php-gd-7.4.27-1.amzn2022.0.3.x86_64
php-snmp-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-odbc-7.4.27-1.amzn2022.0.3.x86_64
php-ldap-7.4.27-1.amzn2022.0.3.x86_64
php-xmlrpc-7.4.27-1.amzn2022.0.3.x86_64
php-sodium-7.4.27-1.amzn2022.0.3.x86_64
php-dba-7.4.27-1.amzn2022.0.3.x86_64
php-bcmath-7.4.27-1.amzn2022.0.3.x86_64
php-gmp-7.4.27-1.amzn2022.0.3.x86_64
php-tidy-7.4.27-1.amzn2022.0.3.x86_64
php-snmp-7.4.27-1.amzn2022.0.3.x86_64
php-enchant-debuginfo-7.4.27-1.amzn2022.0.3.x86_64
php-json-7.4.27-1.amzn2022.0.3.x86_64
php-enchant-7.4.27-1.amzn2022.0.3.x86_64
php-7.4.27-1.amzn2022.0.3.x86_64