ALAS-2017-812


Amazon Linux AMI Security Advisory: ALAS-2017-812
Advisory Release Date: 2017-03-29 22:49 Pacific
Severity: Medium

Issue Overview:

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. (CVE-2016-10168 )

In all versions of PHP 7, during the unserialization process, resizing the 'properties'; hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. (CVE-2016-7479 )

The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. (CVE-2016-10161 )

Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. (CVE-2016-10160 )

The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. (CVE-2016-10162 )

It was found that the exif_convert_any_to_int() function in PHP was vulnerable to floating point exceptions when parsing tags in image files. A remote attacker with the ability to upload a malicious image could crash PHP, causing a Denial of Service. (CVE-2016-10158 )

Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. (CVE-2016-10159 )

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file. (CVE-2016-10167 )

Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.(CVE-2017-5340 )


Affected Packages:

php70


Issue Correction:
Run yum update php70 to update your system.

New Packages:
i686:
    php70-common-7.0.16-1.21.amzn1.i686
    php70-7.0.16-1.21.amzn1.i686
    php70-bcmath-7.0.16-1.21.amzn1.i686
    php70-zip-7.0.16-1.21.amzn1.i686
    php70-xml-7.0.16-1.21.amzn1.i686
    php70-gmp-7.0.16-1.21.amzn1.i686
    php70-ldap-7.0.16-1.21.amzn1.i686
    php70-pdo-dblib-7.0.16-1.21.amzn1.i686
    php70-gd-7.0.16-1.21.amzn1.i686
    php70-mysqlnd-7.0.16-1.21.amzn1.i686
    php70-embedded-7.0.16-1.21.amzn1.i686
    php70-opcache-7.0.16-1.21.amzn1.i686
    php70-tidy-7.0.16-1.21.amzn1.i686
    php70-intl-7.0.16-1.21.amzn1.i686
    php70-process-7.0.16-1.21.amzn1.i686
    php70-soap-7.0.16-1.21.amzn1.i686
    php70-imap-7.0.16-1.21.amzn1.i686
    php70-pdo-7.0.16-1.21.amzn1.i686
    php70-mcrypt-7.0.16-1.21.amzn1.i686
    php70-mbstring-7.0.16-1.21.amzn1.i686
    php70-fpm-7.0.16-1.21.amzn1.i686
    php70-dba-7.0.16-1.21.amzn1.i686
    php70-cli-7.0.16-1.21.amzn1.i686
    php70-pspell-7.0.16-1.21.amzn1.i686
    php70-dbg-7.0.16-1.21.amzn1.i686
    php70-pgsql-7.0.16-1.21.amzn1.i686
    php70-recode-7.0.16-1.21.amzn1.i686
    php70-xmlrpc-7.0.16-1.21.amzn1.i686
    php70-debuginfo-7.0.16-1.21.amzn1.i686
    php70-enchant-7.0.16-1.21.amzn1.i686
    php70-devel-7.0.16-1.21.amzn1.i686
    php70-json-7.0.16-1.21.amzn1.i686
    php70-snmp-7.0.16-1.21.amzn1.i686
    php70-odbc-7.0.16-1.21.amzn1.i686

src:
    php70-7.0.16-1.21.amzn1.src

x86_64:
    php70-process-7.0.16-1.21.amzn1.x86_64
    php70-opcache-7.0.16-1.21.amzn1.x86_64
    php70-xml-7.0.16-1.21.amzn1.x86_64
    php70-xmlrpc-7.0.16-1.21.amzn1.x86_64
    php70-cli-7.0.16-1.21.amzn1.x86_64
    php70-intl-7.0.16-1.21.amzn1.x86_64
    php70-tidy-7.0.16-1.21.amzn1.x86_64
    php70-common-7.0.16-1.21.amzn1.x86_64
    php70-bcmath-7.0.16-1.21.amzn1.x86_64
    php70-zip-7.0.16-1.21.amzn1.x86_64
    php70-gd-7.0.16-1.21.amzn1.x86_64
    php70-pspell-7.0.16-1.21.amzn1.x86_64
    php70-ldap-7.0.16-1.21.amzn1.x86_64
    php70-pdo-7.0.16-1.21.amzn1.x86_64
    php70-snmp-7.0.16-1.21.amzn1.x86_64
    php70-mbstring-7.0.16-1.21.amzn1.x86_64
    php70-soap-7.0.16-1.21.amzn1.x86_64
    php70-mcrypt-7.0.16-1.21.amzn1.x86_64
    php70-recode-7.0.16-1.21.amzn1.x86_64
    php70-json-7.0.16-1.21.amzn1.x86_64
    php70-dbg-7.0.16-1.21.amzn1.x86_64
    php70-odbc-7.0.16-1.21.amzn1.x86_64
    php70-gmp-7.0.16-1.21.amzn1.x86_64
    php70-7.0.16-1.21.amzn1.x86_64
    php70-fpm-7.0.16-1.21.amzn1.x86_64
    php70-dba-7.0.16-1.21.amzn1.x86_64
    php70-pgsql-7.0.16-1.21.amzn1.x86_64
    php70-mysqlnd-7.0.16-1.21.amzn1.x86_64
    php70-pdo-dblib-7.0.16-1.21.amzn1.x86_64
    php70-debuginfo-7.0.16-1.21.amzn1.x86_64
    php70-imap-7.0.16-1.21.amzn1.x86_64
    php70-devel-7.0.16-1.21.amzn1.x86_64
    php70-enchant-7.0.16-1.21.amzn1.x86_64
    php70-embedded-7.0.16-1.21.amzn1.x86_64