Amazon Linux 2023 Security Advisory: ALAS-2025-845
Advisory Release Date: 2025-02-12 22:57 Pacific
Advisory Updated Date: 2025-02-21 13:45 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
The upstream advisory describes this issue as follows:
A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash. When exploited, it allows an attacker to extract a single byte of data from the heap or cause a DoS. (CVE-2024-11233)
The upstream advisory describes this issue as follows:
Configuring a proxy in a stream context might allow for CRLF injection in URIs, resulting in HTTP request smuggling attacks. (CVE-2024-11234)
Erroneous parsing of multipart form data
NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32
NOTE: https://github.com/php/php-src/commit/19b49258d0c5a61398d395d8afde1123e8d161e0 (PHP-8.2.24) (CVE-2024-8925)
cgi.force_redirect configuration is byppassible due to the environment variable collision
NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp
NOTE: https://github.com/php/php-src/commit/48808d98f4fc2a05193cdcc1aedd6c66816450f1 (PHP-8.2.24) (CVE-2024-8927)
php: Erroneous parsing of multipart form data (CVE-2024-8928)
The upstream advisory describes this issue as follows:
By connecting to a fake MySQL server or tampering with network packets and initiating a SQL Query, it is possible to abuse the function static enum_func_status php_mysqlnd_rset_field_read when parsing MySQL fields packets in order to include the rest of the heap content starting from the address of the cursor of the currently read buffer.
Using PHP-FPM which stays alive between request, and between two different SQL query requests, as the previous buffer used to store received data from MySQL is not emptied and malloc allocates a memory region which is very near the previous one, one is able to extract the response content of the previous MySQL request from the PHP-FPM worker. (CVE-2024-8929)
The upstream advisory describes this issue as follows:
Uncontrolled long string inputs to ldap_escape on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. (CVE-2024-8932)
Logs from childrens may be altered
NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5
NOTE: https://github.com/php/php-src/commit/1f8e16172c7961045c2b0f34ba7613e3f21cdee8 (PHP-8.2.24) (CVE-2024-9026)
Affected Packages:
php8.1
Issue Correction:
Run dnf update php8.1 --releasever 2023.6.20250218 to update your system.
aarch64:
php8.1-soap-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-common-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-fpm-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-mbstring-8.1.31-1.amzn2023.0.1.aarch64
php8.1-pdo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-common-8.1.31-1.amzn2023.0.1.aarch64
php8.1-devel-8.1.31-1.amzn2023.0.1.aarch64
php8.1-intl-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-pgsql-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-opcache-8.1.31-1.amzn2023.0.1.aarch64
php8.1-cli-8.1.31-1.amzn2023.0.1.aarch64
php8.1-xml-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-opcache-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-xml-8.1.31-1.amzn2023.0.1.aarch64
php8.1-intl-8.1.31-1.amzn2023.0.1.aarch64
php8.1-odbc-8.1.31-1.amzn2023.0.1.aarch64
php8.1-fpm-8.1.31-1.amzn2023.0.1.aarch64
php8.1-pdo-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-soap-8.1.31-1.amzn2023.0.1.aarch64
php8.1-mysqlnd-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-debugsource-8.1.31-1.amzn2023.0.1.aarch64
php8.1-ffi-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-pgsql-8.1.31-1.amzn2023.0.1.aarch64
php8.1-cli-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-dbg-8.1.31-1.amzn2023.0.1.aarch64
php8.1-mbstring-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-embedded-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-mysqlnd-8.1.31-1.amzn2023.0.1.aarch64
php8.1-embedded-8.1.31-1.amzn2023.0.1.aarch64
php8.1-process-8.1.31-1.amzn2023.0.1.aarch64
php8.1-dbg-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-ffi-8.1.31-1.amzn2023.0.1.aarch64
php8.1-process-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-bcmath-8.1.31-1.amzn2023.0.1.aarch64
php8.1-odbc-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-ldap-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-dba-8.1.31-1.amzn2023.0.1.aarch64
php8.1-gd-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-gd-8.1.31-1.amzn2023.0.1.aarch64
php8.1-zip-8.1.31-1.amzn2023.0.1.aarch64
php8.1-ldap-8.1.31-1.amzn2023.0.1.aarch64
php8.1-tidy-8.1.31-1.amzn2023.0.1.aarch64
php8.1-snmp-8.1.31-1.amzn2023.0.1.aarch64
php8.1-gmp-8.1.31-1.amzn2023.0.1.aarch64
php8.1-pspell-8.1.31-1.amzn2023.0.1.aarch64
php8.1-enchant-8.1.31-1.amzn2023.0.1.aarch64
php8.1-zip-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-snmp-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-dba-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-tidy-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-gmp-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-bcmath-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-enchant-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-pspell-debuginfo-8.1.31-1.amzn2023.0.1.aarch64
php8.1-8.1.31-1.amzn2023.0.1.aarch64
src:
php8.1-8.1.31-1.amzn2023.0.1.src
x86_64:
php8.1-fpm-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-ffi-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-odbc-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-pdo-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-mbstring-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-mbstring-8.1.31-1.amzn2023.0.1.x86_64
php8.1-mysqlnd-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-cli-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-ldap-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-cli-8.1.31-1.amzn2023.0.1.x86_64
php8.1-opcache-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-dbg-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-debugsource-8.1.31-1.amzn2023.0.1.x86_64
php8.1-mysqlnd-8.1.31-1.amzn2023.0.1.x86_64
php8.1-embedded-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-intl-8.1.31-1.amzn2023.0.1.x86_64
php8.1-pgsql-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-soap-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-soap-8.1.31-1.amzn2023.0.1.x86_64
php8.1-process-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-common-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-common-8.1.31-1.amzn2023.0.1.x86_64
php8.1-pdo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-devel-8.1.31-1.amzn2023.0.1.x86_64
php8.1-intl-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-xml-8.1.31-1.amzn2023.0.1.x86_64
php8.1-xml-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-embedded-8.1.31-1.amzn2023.0.1.x86_64
php8.1-dbg-8.1.31-1.amzn2023.0.1.x86_64
php8.1-opcache-8.1.31-1.amzn2023.0.1.x86_64
php8.1-fpm-8.1.31-1.amzn2023.0.1.x86_64
php8.1-pgsql-8.1.31-1.amzn2023.0.1.x86_64
php8.1-gd-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-zip-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-snmp-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-dba-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-ffi-8.1.31-1.amzn2023.0.1.x86_64
php8.1-tidy-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-gmp-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-bcmath-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-process-8.1.31-1.amzn2023.0.1.x86_64
php8.1-gd-8.1.31-1.amzn2023.0.1.x86_64
php8.1-ldap-8.1.31-1.amzn2023.0.1.x86_64
php8.1-odbc-8.1.31-1.amzn2023.0.1.x86_64
php8.1-zip-8.1.31-1.amzn2023.0.1.x86_64
php8.1-gmp-8.1.31-1.amzn2023.0.1.x86_64
php8.1-bcmath-8.1.31-1.amzn2023.0.1.x86_64
php8.1-dba-8.1.31-1.amzn2023.0.1.x86_64
php8.1-tidy-8.1.31-1.amzn2023.0.1.x86_64
php8.1-snmp-8.1.31-1.amzn2023.0.1.x86_64
php8.1-enchant-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-pspell-debuginfo-8.1.31-1.amzn2023.0.1.x86_64
php8.1-enchant-8.1.31-1.amzn2023.0.1.x86_64
php8.1-8.1.31-1.amzn2023.0.1.x86_64
php8.1-pspell-8.1.31-1.amzn2023.0.1.x86_64