ALAS-2012-037

Amazon Linux 1 Security Advisory: ALAS-2012-37
Advisory Release Date: 2012-01-19 20:10 Pacific
Advisory Updated Date: 2014-09-14 15:13 Pacific

Severity: Medium

References: CVE-2011-4566 CVE-2011-4885 RHSA-2012-0019
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by adding a new configuration directive, max_input_vars, that limits the maximum number of parameters processed per request. By default, max_input_vars is set to 1000. (CVE-2011-4885)

An integer overflow flaw was found in the PHP exif extension. On 32-bit systems, a specially-crafted image file could cause the PHP interpreter to crash or disclose portions of its memory when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-4566)

Affected Packages:

php

Issue Correction:
Run yum update php to update your system.

New Packages:

i686:
    php-dba-5.3.9-1.9.amzn1.i686
    php-odbc-5.3.9-1.9.amzn1.i686
    php-embedded-5.3.9-1.9.amzn1.i686
    php-mbstring-5.3.9-1.9.amzn1.i686
    php-pgsql-5.3.9-1.9.amzn1.i686
    php-common-5.3.9-1.9.amzn1.i686
    php-debuginfo-5.3.9-1.9.amzn1.i686
    php-ldap-5.3.9-1.9.amzn1.i686
    php-cli-5.3.9-1.9.amzn1.i686
    php-fpm-5.3.9-1.9.amzn1.i686
    php-5.3.9-1.9.amzn1.i686
    php-imap-5.3.9-1.9.amzn1.i686
    php-bcmath-5.3.9-1.9.amzn1.i686
    php-soap-5.3.9-1.9.amzn1.i686
    php-devel-5.3.9-1.9.amzn1.i686
    php-xml-5.3.9-1.9.amzn1.i686
    php-pdo-5.3.9-1.9.amzn1.i686
    php-mcrypt-5.3.9-1.9.amzn1.i686
    php-mysqlnd-5.3.9-1.9.amzn1.i686
    php-snmp-5.3.9-1.9.amzn1.i686
    php-mysql-5.3.9-1.9.amzn1.i686
    php-process-5.3.9-1.9.amzn1.i686
    php-tidy-5.3.9-1.9.amzn1.i686
    php-intl-5.3.9-1.9.amzn1.i686
    php-gd-5.3.9-1.9.amzn1.i686
    php-pspell-5.3.9-1.9.amzn1.i686
    php-mssql-5.3.9-1.9.amzn1.i686
    php-xmlrpc-5.3.9-1.9.amzn1.i686

src:
    php-5.3.9-1.9.amzn1.src

x86_64:
    php-embedded-5.3.9-1.9.amzn1.x86_64
    php-xml-5.3.9-1.9.amzn1.x86_64
    php-intl-5.3.9-1.9.amzn1.x86_64
    php-soap-5.3.9-1.9.amzn1.x86_64
    php-ldap-5.3.9-1.9.amzn1.x86_64
    php-mcrypt-5.3.9-1.9.amzn1.x86_64
    php-debuginfo-5.3.9-1.9.amzn1.x86_64
    php-pgsql-5.3.9-1.9.amzn1.x86_64
    php-mysqlnd-5.3.9-1.9.amzn1.x86_64
    php-odbc-5.3.9-1.9.amzn1.x86_64
    php-mbstring-5.3.9-1.9.amzn1.x86_64
    php-pspell-5.3.9-1.9.amzn1.x86_64
    php-pdo-5.3.9-1.9.amzn1.x86_64
    php-tidy-5.3.9-1.9.amzn1.x86_64
    php-dba-5.3.9-1.9.amzn1.x86_64
    php-gd-5.3.9-1.9.amzn1.x86_64
    php-fpm-5.3.9-1.9.amzn1.x86_64
    php-cli-5.3.9-1.9.amzn1.x86_64
    php-devel-5.3.9-1.9.amzn1.x86_64
    php-mysql-5.3.9-1.9.amzn1.x86_64
    php-mssql-5.3.9-1.9.amzn1.x86_64
    php-xmlrpc-5.3.9-1.9.amzn1.x86_64
    php-process-5.3.9-1.9.amzn1.x86_64
    php-bcmath-5.3.9-1.9.amzn1.x86_64
    php-snmp-5.3.9-1.9.amzn1.x86_64
    php-common-5.3.9-1.9.amzn1.x86_64
    php-5.3.9-1.9.amzn1.x86_64
    php-imap-5.3.9-1.9.amzn1.x86_64

Additional References

Red Hat: CVE-2011-4566, CVE-2011-4885

Mitre: CVE-2011-4566, CVE-2011-4885