ALAS-2025-873

Amazon Linux 2023 Security Advisory: ALAS-2025-873
Advisory Release Date: 2025-02-26 23:14 Pacific
Advisory Updated Date: 2025-02-26 23:14 Pacific

Severity: Medium

References: CVE-2024-11233 CVE-2024-11234 CVE-2024-8925 CVE-2024-8927 CVE-2024-8929 CVE-2024-8932 CVE-2024-9026
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

The upstream advisory describes this issue as follows:

A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash. When exploited, it allows an attacker to extract a single byte of data from the heap or cause a DoS. (CVE-2024-11233)

The upstream advisory describes this issue as follows:

Configuring a proxy in a stream context might allow for CRLF injection in URIs, resulting in HTTP request smuggling attacks. (CVE-2024-11234)

Erroneous parsing of multipart form data

NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32
NOTE: https://github.com/php/php-src/commit/19b49258d0c5a61398d395d8afde1123e8d161e0 (PHP-8.2.24) (CVE-2024-8925)

cgi.force_redirect configuration is byppassible due to the environment variable collision

NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp
NOTE: https://github.com/php/php-src/commit/48808d98f4fc2a05193cdcc1aedd6c66816450f1 (PHP-8.2.24) (CVE-2024-8927)

The upstream advisory describes this issue as follows:

By connecting to a fake MySQL server or tampering with network packets and initiating a SQL Query, it is possible to abuse the function static enum_func_status php_mysqlnd_rset_field_read when parsing MySQL fields packets in order to include the rest of the heap content starting from the address of the cursor of the currently read buffer.

Using PHP-FPM which stays alive between request, and between two different SQL query requests, as the previous buffer used to store received data from MySQL is not emptied and malloc allocates a memory region which is very near the previous one, one is able to extract the response content of the previous MySQL request from the PHP-FPM worker. (CVE-2024-8929)

The upstream advisory describes this issue as follows:

Uncontrolled long string inputs to ldap_escape on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. (CVE-2024-8932)

Logs from childrens may be altered

NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5
NOTE: https://github.com/php/php-src/commit/1f8e16172c7961045c2b0f34ba7613e3f21cdee8 (PHP-8.2.24) (CVE-2024-9026)

Affected Packages:

php8.3

Issue Correction:
Run dnf update php8.3 --releasever 2023.6.20250303 to update your system.

New Packages:

aarch64:
    php8.3-fpm-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-xml-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-pgsql-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-embedded-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-pdo-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-xml-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-pdo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-mbstring-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-ffi-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-mbstring-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-dbg-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-soap-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-intl-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-debugsource-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-mysqlnd-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-opcache-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-intl-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-embedded-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-mysqlnd-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-cli-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-dbg-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-common-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-pgsql-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-cli-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-devel-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-modphp-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-common-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-opcache-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-process-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-fpm-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-modphp-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-odbc-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-soap-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-ffi-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-process-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-zip-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-sodium-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-ldap-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-odbc-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-bcmath-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-gd-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-gd-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-zip-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-dba-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-sodium-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-ldap-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-tidy-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-gmp-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-snmp-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-dba-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-pspell-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-enchant-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-snmp-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-tidy-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-gmp-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-bcmath-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-enchant-debuginfo-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-8.3.16-1.amzn2023.0.1.aarch64
    php8.3-pspell-debuginfo-8.3.16-1.amzn2023.0.1.aarch64

src:
    php8.3-8.3.16-1.amzn2023.0.1.src

x86_64:
    php8.3-dbg-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-xml-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-cli-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-zip-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-fpm-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-modphp-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-common-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-embedded-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-opcache-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-soap-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-common-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-debugsource-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-process-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-devel-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-mbstring-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-pgsql-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-soap-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-intl-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-mysqlnd-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-mysqlnd-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-intl-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-embedded-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-dbg-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-pdo-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-fpm-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-opcache-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-mbstring-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-ffi-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-xml-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-modphp-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-cli-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-sodium-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-pdo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-ldap-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-odbc-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-gd-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-pgsql-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-dba-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-snmp-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-ffi-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-tidy-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-gmp-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-bcmath-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-odbc-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-process-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-sodium-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-gd-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-zip-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-ldap-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-gmp-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-bcmath-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-dba-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-snmp-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-tidy-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-pspell-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-enchant-debuginfo-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-enchant-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-pspell-8.3.16-1.amzn2023.0.1.x86_64
    php8.3-8.3.16-1.amzn2023.0.1.x86_64

Additional References

Red Hat: CVE-2024-11233, CVE-2024-11234, CVE-2024-8925, CVE-2024-8927, CVE-2024-8929, CVE-2024-8932, CVE-2024-9026

Mitre: CVE-2024-11233, CVE-2024-11234, CVE-2024-8925, CVE-2024-8927, CVE-2024-8929, CVE-2024-8932, CVE-2024-9026

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS-2025-873

Additional References