ALAS-2012-096


Amazon Linux AMI Security Advisory: ALAS-2012-96
Advisory Release Date: 2014-09-14 16:26 Pacific
Severity: Low

Issue Overview:

A cross-site scripting (XSS) flaw was found in the "apc.php" script, which provides a detailed analysis of the internal workings of APC and is shipped as part of the APC extension documentation. A remote attacker could possibly use this flaw to conduct a cross-site scripting attack. (CVE-2010-3294 )


Affected Packages:

php-pecl-apc


Issue Correction:
Run yum update php-pecl-apc to update your system.

New Packages:
i686:
    php-pecl-apc-3.1.10-1.4.amzn1.i686
    php-pecl-apc-debuginfo-3.1.10-1.4.amzn1.i686
    php-pecl-apc-devel-3.1.10-1.4.amzn1.i686

src:
    php-pecl-apc-3.1.10-1.4.amzn1.src

x86_64:
    php-pecl-apc-devel-3.1.10-1.4.amzn1.x86_64
    php-pecl-apc-debuginfo-3.1.10-1.4.amzn1.x86_64
    php-pecl-apc-3.1.10-1.4.amzn1.x86_64