Amazon Linux 1 Security Advisory: ALAS-2019-1225
Advisory Release Date: 2019-06-11 23:00 Pacific
Advisory Updated Date: 2019-06-13 18:37 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. (CVE-2019-11035)
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. (CVE-2019-11034)
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. (CVE-2019-11036)
Affected Packages:
php71, php72, php73
Issue Correction:
Run yum update php71 to update your system.
Run yum update php72 to update your system.
Run yum update php73 to update your system.
i686:
php72-mbstring-7.2.18-1.13.amzn1.i686
php72-devel-7.2.18-1.13.amzn1.i686
php72-cli-7.2.18-1.13.amzn1.i686
php72-soap-7.2.18-1.13.amzn1.i686
php72-pdo-dblib-7.2.18-1.13.amzn1.i686
php72-snmp-7.2.18-1.13.amzn1.i686
php72-xmlrpc-7.2.18-1.13.amzn1.i686
php72-ldap-7.2.18-1.13.amzn1.i686
php72-imap-7.2.18-1.13.amzn1.i686
php72-json-7.2.18-1.13.amzn1.i686
php72-process-7.2.18-1.13.amzn1.i686
php72-tidy-7.2.18-1.13.amzn1.i686
php72-embedded-7.2.18-1.13.amzn1.i686
php72-pspell-7.2.18-1.13.amzn1.i686
php72-debuginfo-7.2.18-1.13.amzn1.i686
php72-gd-7.2.18-1.13.amzn1.i686
php72-intl-7.2.18-1.13.amzn1.i686
php72-pgsql-7.2.18-1.13.amzn1.i686
php72-xml-7.2.18-1.13.amzn1.i686
php72-enchant-7.2.18-1.13.amzn1.i686
php72-bcmath-7.2.18-1.13.amzn1.i686
php72-7.2.18-1.13.amzn1.i686
php72-dbg-7.2.18-1.13.amzn1.i686
php72-fpm-7.2.18-1.13.amzn1.i686
php72-common-7.2.18-1.13.amzn1.i686
php72-gmp-7.2.18-1.13.amzn1.i686
php72-mysqlnd-7.2.18-1.13.amzn1.i686
php72-pdo-7.2.18-1.13.amzn1.i686
php72-odbc-7.2.18-1.13.amzn1.i686
php72-opcache-7.2.18-1.13.amzn1.i686
php72-recode-7.2.18-1.13.amzn1.i686
php72-dba-7.2.18-1.13.amzn1.i686
php71-mbstring-7.1.29-1.39.amzn1.i686
php71-soap-7.1.29-1.39.amzn1.i686
php71-dba-7.1.29-1.39.amzn1.i686
php71-json-7.1.29-1.39.amzn1.i686
php71-7.1.29-1.39.amzn1.i686
php71-opcache-7.1.29-1.39.amzn1.i686
php71-pspell-7.1.29-1.39.amzn1.i686
php71-bcmath-7.1.29-1.39.amzn1.i686
php71-intl-7.1.29-1.39.amzn1.i686
php71-cli-7.1.29-1.39.amzn1.i686
php71-tidy-7.1.29-1.39.amzn1.i686
php71-gd-7.1.29-1.39.amzn1.i686
php71-xml-7.1.29-1.39.amzn1.i686
php71-fpm-7.1.29-1.39.amzn1.i686
php71-enchant-7.1.29-1.39.amzn1.i686
php71-gmp-7.1.29-1.39.amzn1.i686
php71-common-7.1.29-1.39.amzn1.i686
php71-pgsql-7.1.29-1.39.amzn1.i686
php71-pdo-dblib-7.1.29-1.39.amzn1.i686
php71-devel-7.1.29-1.39.amzn1.i686
php71-mcrypt-7.1.29-1.39.amzn1.i686
php71-embedded-7.1.29-1.39.amzn1.i686
php71-snmp-7.1.29-1.39.amzn1.i686
php71-debuginfo-7.1.29-1.39.amzn1.i686
php71-process-7.1.29-1.39.amzn1.i686
php71-imap-7.1.29-1.39.amzn1.i686
php71-mysqlnd-7.1.29-1.39.amzn1.i686
php71-xmlrpc-7.1.29-1.39.amzn1.i686
php71-pdo-7.1.29-1.39.amzn1.i686
php71-ldap-7.1.29-1.39.amzn1.i686
php71-recode-7.1.29-1.39.amzn1.i686
php71-dbg-7.1.29-1.39.amzn1.i686
php71-odbc-7.1.29-1.39.amzn1.i686
php73-imap-7.3.5-1.15.amzn1.i686
php73-process-7.3.5-1.15.amzn1.i686
php73-json-7.3.5-1.15.amzn1.i686
php73-dba-7.3.5-1.15.amzn1.i686
php73-mysqlnd-7.3.5-1.15.amzn1.i686
php73-enchant-7.3.5-1.15.amzn1.i686
php73-odbc-7.3.5-1.15.amzn1.i686
php73-xmlrpc-7.3.5-1.15.amzn1.i686
php73-fpm-7.3.5-1.15.amzn1.i686
php73-pdo-7.3.5-1.15.amzn1.i686
php73-gd-7.3.5-1.15.amzn1.i686
php73-pspell-7.3.5-1.15.amzn1.i686
php73-cli-7.3.5-1.15.amzn1.i686
php73-bcmath-7.3.5-1.15.amzn1.i686
php73-embedded-7.3.5-1.15.amzn1.i686
php73-pgsql-7.3.5-1.15.amzn1.i686
php73-debuginfo-7.3.5-1.15.amzn1.i686
php73-dbg-7.3.5-1.15.amzn1.i686
php73-devel-7.3.5-1.15.amzn1.i686
php73-snmp-7.3.5-1.15.amzn1.i686
php73-xml-7.3.5-1.15.amzn1.i686
php73-recode-7.3.5-1.15.amzn1.i686
php73-gmp-7.3.5-1.15.amzn1.i686
php73-intl-7.3.5-1.15.amzn1.i686
php73-soap-7.3.5-1.15.amzn1.i686
php73-7.3.5-1.15.amzn1.i686
php73-pdo-dblib-7.3.5-1.15.amzn1.i686
php73-ldap-7.3.5-1.15.amzn1.i686
php73-tidy-7.3.5-1.15.amzn1.i686
php73-mbstring-7.3.5-1.15.amzn1.i686
php73-opcache-7.3.5-1.15.amzn1.i686
php73-common-7.3.5-1.15.amzn1.i686
src:
php72-7.2.18-1.13.amzn1.src
php71-7.1.29-1.39.amzn1.src
php73-7.3.5-1.15.amzn1.src
x86_64:
php72-embedded-7.2.18-1.13.amzn1.x86_64
php72-soap-7.2.18-1.13.amzn1.x86_64
php72-dbg-7.2.18-1.13.amzn1.x86_64
php72-7.2.18-1.13.amzn1.x86_64
php72-pspell-7.2.18-1.13.amzn1.x86_64
php72-xmlrpc-7.2.18-1.13.amzn1.x86_64
php72-recode-7.2.18-1.13.amzn1.x86_64
php72-devel-7.2.18-1.13.amzn1.x86_64
php72-ldap-7.2.18-1.13.amzn1.x86_64
php72-imap-7.2.18-1.13.amzn1.x86_64
php72-odbc-7.2.18-1.13.amzn1.x86_64
php72-intl-7.2.18-1.13.amzn1.x86_64
php72-dba-7.2.18-1.13.amzn1.x86_64
php72-opcache-7.2.18-1.13.amzn1.x86_64
php72-cli-7.2.18-1.13.amzn1.x86_64
php72-common-7.2.18-1.13.amzn1.x86_64
php72-gmp-7.2.18-1.13.amzn1.x86_64
php72-mysqlnd-7.2.18-1.13.amzn1.x86_64
php72-pdo-7.2.18-1.13.amzn1.x86_64
php72-fpm-7.2.18-1.13.amzn1.x86_64
php72-debuginfo-7.2.18-1.13.amzn1.x86_64
php72-tidy-7.2.18-1.13.amzn1.x86_64
php72-json-7.2.18-1.13.amzn1.x86_64
php72-snmp-7.2.18-1.13.amzn1.x86_64
php72-xml-7.2.18-1.13.amzn1.x86_64
php72-enchant-7.2.18-1.13.amzn1.x86_64
php72-pdo-dblib-7.2.18-1.13.amzn1.x86_64
php72-process-7.2.18-1.13.amzn1.x86_64
php72-bcmath-7.2.18-1.13.amzn1.x86_64
php72-mbstring-7.2.18-1.13.amzn1.x86_64
php72-pgsql-7.2.18-1.13.amzn1.x86_64
php72-gd-7.2.18-1.13.amzn1.x86_64
php71-mbstring-7.1.29-1.39.amzn1.x86_64
php71-enchant-7.1.29-1.39.amzn1.x86_64
php71-imap-7.1.29-1.39.amzn1.x86_64
php71-ldap-7.1.29-1.39.amzn1.x86_64
php71-dbg-7.1.29-1.39.amzn1.x86_64
php71-common-7.1.29-1.39.amzn1.x86_64
php71-recode-7.1.29-1.39.amzn1.x86_64
php71-cli-7.1.29-1.39.amzn1.x86_64
php71-mysqlnd-7.1.29-1.39.amzn1.x86_64
php71-embedded-7.1.29-1.39.amzn1.x86_64
php71-odbc-7.1.29-1.39.amzn1.x86_64
php71-tidy-7.1.29-1.39.amzn1.x86_64
php71-xml-7.1.29-1.39.amzn1.x86_64
php71-snmp-7.1.29-1.39.amzn1.x86_64
php71-gmp-7.1.29-1.39.amzn1.x86_64
php71-mcrypt-7.1.29-1.39.amzn1.x86_64
php71-opcache-7.1.29-1.39.amzn1.x86_64
php71-pdo-dblib-7.1.29-1.39.amzn1.x86_64
php71-process-7.1.29-1.39.amzn1.x86_64
php71-pgsql-7.1.29-1.39.amzn1.x86_64
php71-pdo-7.1.29-1.39.amzn1.x86_64
php71-soap-7.1.29-1.39.amzn1.x86_64
php71-debuginfo-7.1.29-1.39.amzn1.x86_64
php71-dba-7.1.29-1.39.amzn1.x86_64
php71-gd-7.1.29-1.39.amzn1.x86_64
php71-json-7.1.29-1.39.amzn1.x86_64
php71-pspell-7.1.29-1.39.amzn1.x86_64
php71-7.1.29-1.39.amzn1.x86_64
php71-intl-7.1.29-1.39.amzn1.x86_64
php71-xmlrpc-7.1.29-1.39.amzn1.x86_64
php71-bcmath-7.1.29-1.39.amzn1.x86_64
php71-fpm-7.1.29-1.39.amzn1.x86_64
php71-devel-7.1.29-1.39.amzn1.x86_64
php73-xmlrpc-7.3.5-1.15.amzn1.x86_64
php73-intl-7.3.5-1.15.amzn1.x86_64
php73-mbstring-7.3.5-1.15.amzn1.x86_64
php73-json-7.3.5-1.15.amzn1.x86_64
php73-common-7.3.5-1.15.amzn1.x86_64
php73-tidy-7.3.5-1.15.amzn1.x86_64
php73-devel-7.3.5-1.15.amzn1.x86_64
php73-embedded-7.3.5-1.15.amzn1.x86_64
php73-ldap-7.3.5-1.15.amzn1.x86_64
php73-dba-7.3.5-1.15.amzn1.x86_64
php73-soap-7.3.5-1.15.amzn1.x86_64
php73-pspell-7.3.5-1.15.amzn1.x86_64
php73-7.3.5-1.15.amzn1.x86_64
php73-xml-7.3.5-1.15.amzn1.x86_64
php73-dbg-7.3.5-1.15.amzn1.x86_64
php73-opcache-7.3.5-1.15.amzn1.x86_64
php73-pdo-7.3.5-1.15.amzn1.x86_64
php73-process-7.3.5-1.15.amzn1.x86_64
php73-cli-7.3.5-1.15.amzn1.x86_64
php73-odbc-7.3.5-1.15.amzn1.x86_64
php73-gd-7.3.5-1.15.amzn1.x86_64
php73-pdo-dblib-7.3.5-1.15.amzn1.x86_64
php73-debuginfo-7.3.5-1.15.amzn1.x86_64
php73-enchant-7.3.5-1.15.amzn1.x86_64
php73-pgsql-7.3.5-1.15.amzn1.x86_64
php73-mysqlnd-7.3.5-1.15.amzn1.x86_64
php73-snmp-7.3.5-1.15.amzn1.x86_64
php73-fpm-7.3.5-1.15.amzn1.x86_64
php73-bcmath-7.3.5-1.15.amzn1.x86_64
php73-gmp-7.3.5-1.15.amzn1.x86_64
php73-recode-7.3.5-1.15.amzn1.x86_64
php73-imap-7.3.5-1.15.amzn1.x86_64