ALAS-2013-264


Amazon Linux AMI Security Advisory: ALAS-2013-264
Advisory Release Date: 2014-09-16 22:11 Pacific
Severity: Critical
References: CVE-2013-6420 

Issue Overview:

A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.


Affected Packages:

php55


Issue Correction:
Run yum update php55 to update your system.

New Packages:
i686:
    php55-gd-5.5.7-1.61.amzn1.i686
    php55-pspell-5.5.7-1.61.amzn1.i686
    php55-ldap-5.5.7-1.61.amzn1.i686
    php55-cli-5.5.7-1.61.amzn1.i686
    php55-process-5.5.7-1.61.amzn1.i686
    php55-tidy-5.5.7-1.61.amzn1.i686
    php55-recode-5.5.7-1.61.amzn1.i686
    php55-snmp-5.5.7-1.61.amzn1.i686
    php55-pgsql-5.5.7-1.61.amzn1.i686
    php55-mysqlnd-5.5.7-1.61.amzn1.i686
    php55-imap-5.5.7-1.61.amzn1.i686
    php55-pdo-5.5.7-1.61.amzn1.i686
    php55-debuginfo-5.5.7-1.61.amzn1.i686
    php55-odbc-5.5.7-1.61.amzn1.i686
    php55-fpm-5.5.7-1.61.amzn1.i686
    php55-opcache-5.5.7-1.61.amzn1.i686
    php55-bcmath-5.5.7-1.61.amzn1.i686
    php55-soap-5.5.7-1.61.amzn1.i686
    php55-common-5.5.7-1.61.amzn1.i686
    php55-devel-5.5.7-1.61.amzn1.i686
    php55-xml-5.5.7-1.61.amzn1.i686
    php55-intl-5.5.7-1.61.amzn1.i686
    php55-embedded-5.5.7-1.61.amzn1.i686
    php55-gmp-5.5.7-1.61.amzn1.i686
    php55-enchant-5.5.7-1.61.amzn1.i686
    php55-mbstring-5.5.7-1.61.amzn1.i686
    php55-mcrypt-5.5.7-1.61.amzn1.i686
    php55-dba-5.5.7-1.61.amzn1.i686
    php55-mssql-5.5.7-1.61.amzn1.i686
    php55-xmlrpc-5.5.7-1.61.amzn1.i686
    php55-5.5.7-1.61.amzn1.i686

src:
    php55-5.5.7-1.61.amzn1.src

x86_64:
    php55-cli-5.5.7-1.61.amzn1.x86_64
    php55-5.5.7-1.61.amzn1.x86_64
    php55-gd-5.5.7-1.61.amzn1.x86_64
    php55-recode-5.5.7-1.61.amzn1.x86_64
    php55-fpm-5.5.7-1.61.amzn1.x86_64
    php55-mssql-5.5.7-1.61.amzn1.x86_64
    php55-dba-5.5.7-1.61.amzn1.x86_64
    php55-soap-5.5.7-1.61.amzn1.x86_64
    php55-snmp-5.5.7-1.61.amzn1.x86_64
    php55-embedded-5.5.7-1.61.amzn1.x86_64
    php55-imap-5.5.7-1.61.amzn1.x86_64
    php55-opcache-5.5.7-1.61.amzn1.x86_64
    php55-mcrypt-5.5.7-1.61.amzn1.x86_64
    php55-pspell-5.5.7-1.61.amzn1.x86_64
    php55-xml-5.5.7-1.61.amzn1.x86_64
    php55-pgsql-5.5.7-1.61.amzn1.x86_64
    php55-intl-5.5.7-1.61.amzn1.x86_64
    php55-gmp-5.5.7-1.61.amzn1.x86_64
    php55-process-5.5.7-1.61.amzn1.x86_64
    php55-odbc-5.5.7-1.61.amzn1.x86_64
    php55-tidy-5.5.7-1.61.amzn1.x86_64
    php55-ldap-5.5.7-1.61.amzn1.x86_64
    php55-mbstring-5.5.7-1.61.amzn1.x86_64
    php55-common-5.5.7-1.61.amzn1.x86_64
    php55-bcmath-5.5.7-1.61.amzn1.x86_64
    php55-devel-5.5.7-1.61.amzn1.x86_64
    php55-pdo-5.5.7-1.61.amzn1.x86_64
    php55-xmlrpc-5.5.7-1.61.amzn1.x86_64
    php55-mysqlnd-5.5.7-1.61.amzn1.x86_64
    php55-enchant-5.5.7-1.61.amzn1.x86_64
    php55-debuginfo-5.5.7-1.61.amzn1.x86_64