ALAS-2019-1225


Amazon Linux AMI Security Advisory: ALAS-2019-1225
Advisory Release Date: 2019-06-13 18:37 Pacific
Severity: Low

Issue Overview:

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. (CVE-2019-11035 )

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. (CVE-2019-11034 )

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. (CVE-2019-11036 )


Affected Packages:

php71,php72,php73


Issue Correction:
Run yum update php71 to update your system.
Run yum update php72 to update your system.
Run yum update php73 to update your system.

New Packages:
i686:
    php72-mbstring-7.2.18-1.13.amzn1.i686
    php72-devel-7.2.18-1.13.amzn1.i686
    php72-cli-7.2.18-1.13.amzn1.i686
    php72-soap-7.2.18-1.13.amzn1.i686
    php72-pdo-dblib-7.2.18-1.13.amzn1.i686
    php72-snmp-7.2.18-1.13.amzn1.i686
    php72-xmlrpc-7.2.18-1.13.amzn1.i686
    php72-ldap-7.2.18-1.13.amzn1.i686
    php72-imap-7.2.18-1.13.amzn1.i686
    php72-json-7.2.18-1.13.amzn1.i686
    php72-process-7.2.18-1.13.amzn1.i686
    php72-tidy-7.2.18-1.13.amzn1.i686
    php72-embedded-7.2.18-1.13.amzn1.i686
    php72-pspell-7.2.18-1.13.amzn1.i686
    php72-debuginfo-7.2.18-1.13.amzn1.i686
    php72-gd-7.2.18-1.13.amzn1.i686
    php72-intl-7.2.18-1.13.amzn1.i686
    php72-pgsql-7.2.18-1.13.amzn1.i686
    php72-xml-7.2.18-1.13.amzn1.i686
    php72-enchant-7.2.18-1.13.amzn1.i686
    php72-bcmath-7.2.18-1.13.amzn1.i686
    php72-7.2.18-1.13.amzn1.i686
    php72-dbg-7.2.18-1.13.amzn1.i686
    php72-fpm-7.2.18-1.13.amzn1.i686
    php72-common-7.2.18-1.13.amzn1.i686
    php72-gmp-7.2.18-1.13.amzn1.i686
    php72-mysqlnd-7.2.18-1.13.amzn1.i686
    php72-pdo-7.2.18-1.13.amzn1.i686
    php72-odbc-7.2.18-1.13.amzn1.i686
    php72-opcache-7.2.18-1.13.amzn1.i686
    php72-recode-7.2.18-1.13.amzn1.i686
    php72-dba-7.2.18-1.13.amzn1.i686
    php71-mbstring-7.1.29-1.39.amzn1.i686
    php71-soap-7.1.29-1.39.amzn1.i686
    php71-dba-7.1.29-1.39.amzn1.i686
    php71-json-7.1.29-1.39.amzn1.i686
    php71-7.1.29-1.39.amzn1.i686
    php71-opcache-7.1.29-1.39.amzn1.i686
    php71-pspell-7.1.29-1.39.amzn1.i686
    php71-bcmath-7.1.29-1.39.amzn1.i686
    php71-intl-7.1.29-1.39.amzn1.i686
    php71-cli-7.1.29-1.39.amzn1.i686
    php71-tidy-7.1.29-1.39.amzn1.i686
    php71-gd-7.1.29-1.39.amzn1.i686
    php71-xml-7.1.29-1.39.amzn1.i686
    php71-fpm-7.1.29-1.39.amzn1.i686
    php71-enchant-7.1.29-1.39.amzn1.i686
    php71-gmp-7.1.29-1.39.amzn1.i686
    php71-common-7.1.29-1.39.amzn1.i686
    php71-pgsql-7.1.29-1.39.amzn1.i686
    php71-pdo-dblib-7.1.29-1.39.amzn1.i686
    php71-devel-7.1.29-1.39.amzn1.i686
    php71-mcrypt-7.1.29-1.39.amzn1.i686
    php71-embedded-7.1.29-1.39.amzn1.i686
    php71-snmp-7.1.29-1.39.amzn1.i686
    php71-debuginfo-7.1.29-1.39.amzn1.i686
    php71-process-7.1.29-1.39.amzn1.i686
    php71-imap-7.1.29-1.39.amzn1.i686
    php71-mysqlnd-7.1.29-1.39.amzn1.i686
    php71-xmlrpc-7.1.29-1.39.amzn1.i686
    php71-pdo-7.1.29-1.39.amzn1.i686
    php71-ldap-7.1.29-1.39.amzn1.i686
    php71-recode-7.1.29-1.39.amzn1.i686
    php71-dbg-7.1.29-1.39.amzn1.i686
    php71-odbc-7.1.29-1.39.amzn1.i686
    php73-imap-7.3.5-1.15.amzn1.i686
    php73-process-7.3.5-1.15.amzn1.i686
    php73-json-7.3.5-1.15.amzn1.i686
    php73-dba-7.3.5-1.15.amzn1.i686
    php73-mysqlnd-7.3.5-1.15.amzn1.i686
    php73-enchant-7.3.5-1.15.amzn1.i686
    php73-odbc-7.3.5-1.15.amzn1.i686
    php73-xmlrpc-7.3.5-1.15.amzn1.i686
    php73-fpm-7.3.5-1.15.amzn1.i686
    php73-pdo-7.3.5-1.15.amzn1.i686
    php73-gd-7.3.5-1.15.amzn1.i686
    php73-pspell-7.3.5-1.15.amzn1.i686
    php73-cli-7.3.5-1.15.amzn1.i686
    php73-bcmath-7.3.5-1.15.amzn1.i686
    php73-embedded-7.3.5-1.15.amzn1.i686
    php73-pgsql-7.3.5-1.15.amzn1.i686
    php73-debuginfo-7.3.5-1.15.amzn1.i686
    php73-dbg-7.3.5-1.15.amzn1.i686
    php73-devel-7.3.5-1.15.amzn1.i686
    php73-snmp-7.3.5-1.15.amzn1.i686
    php73-xml-7.3.5-1.15.amzn1.i686
    php73-recode-7.3.5-1.15.amzn1.i686
    php73-gmp-7.3.5-1.15.amzn1.i686
    php73-intl-7.3.5-1.15.amzn1.i686
    php73-soap-7.3.5-1.15.amzn1.i686
    php73-7.3.5-1.15.amzn1.i686
    php73-pdo-dblib-7.3.5-1.15.amzn1.i686
    php73-ldap-7.3.5-1.15.amzn1.i686
    php73-tidy-7.3.5-1.15.amzn1.i686
    php73-mbstring-7.3.5-1.15.amzn1.i686
    php73-opcache-7.3.5-1.15.amzn1.i686
    php73-common-7.3.5-1.15.amzn1.i686

src:
    php72-7.2.18-1.13.amzn1.src
    php71-7.1.29-1.39.amzn1.src
    php73-7.3.5-1.15.amzn1.src

x86_64:
    php72-embedded-7.2.18-1.13.amzn1.x86_64
    php72-soap-7.2.18-1.13.amzn1.x86_64
    php72-dbg-7.2.18-1.13.amzn1.x86_64
    php72-7.2.18-1.13.amzn1.x86_64
    php72-pspell-7.2.18-1.13.amzn1.x86_64
    php72-xmlrpc-7.2.18-1.13.amzn1.x86_64
    php72-recode-7.2.18-1.13.amzn1.x86_64
    php72-devel-7.2.18-1.13.amzn1.x86_64
    php72-ldap-7.2.18-1.13.amzn1.x86_64
    php72-imap-7.2.18-1.13.amzn1.x86_64
    php72-odbc-7.2.18-1.13.amzn1.x86_64
    php72-intl-7.2.18-1.13.amzn1.x86_64
    php72-dba-7.2.18-1.13.amzn1.x86_64
    php72-opcache-7.2.18-1.13.amzn1.x86_64
    php72-cli-7.2.18-1.13.amzn1.x86_64
    php72-common-7.2.18-1.13.amzn1.x86_64
    php72-gmp-7.2.18-1.13.amzn1.x86_64
    php72-mysqlnd-7.2.18-1.13.amzn1.x86_64
    php72-pdo-7.2.18-1.13.amzn1.x86_64
    php72-fpm-7.2.18-1.13.amzn1.x86_64
    php72-debuginfo-7.2.18-1.13.amzn1.x86_64
    php72-tidy-7.2.18-1.13.amzn1.x86_64
    php72-json-7.2.18-1.13.amzn1.x86_64
    php72-snmp-7.2.18-1.13.amzn1.x86_64
    php72-xml-7.2.18-1.13.amzn1.x86_64
    php72-enchant-7.2.18-1.13.amzn1.x86_64
    php72-pdo-dblib-7.2.18-1.13.amzn1.x86_64
    php72-process-7.2.18-1.13.amzn1.x86_64
    php72-bcmath-7.2.18-1.13.amzn1.x86_64
    php72-mbstring-7.2.18-1.13.amzn1.x86_64
    php72-pgsql-7.2.18-1.13.amzn1.x86_64
    php72-gd-7.2.18-1.13.amzn1.x86_64
    php71-mbstring-7.1.29-1.39.amzn1.x86_64
    php71-enchant-7.1.29-1.39.amzn1.x86_64
    php71-imap-7.1.29-1.39.amzn1.x86_64
    php71-ldap-7.1.29-1.39.amzn1.x86_64
    php71-dbg-7.1.29-1.39.amzn1.x86_64
    php71-common-7.1.29-1.39.amzn1.x86_64
    php71-recode-7.1.29-1.39.amzn1.x86_64
    php71-cli-7.1.29-1.39.amzn1.x86_64
    php71-mysqlnd-7.1.29-1.39.amzn1.x86_64
    php71-embedded-7.1.29-1.39.amzn1.x86_64
    php71-odbc-7.1.29-1.39.amzn1.x86_64
    php71-tidy-7.1.29-1.39.amzn1.x86_64
    php71-xml-7.1.29-1.39.amzn1.x86_64
    php71-snmp-7.1.29-1.39.amzn1.x86_64
    php71-gmp-7.1.29-1.39.amzn1.x86_64
    php71-mcrypt-7.1.29-1.39.amzn1.x86_64
    php71-opcache-7.1.29-1.39.amzn1.x86_64
    php71-pdo-dblib-7.1.29-1.39.amzn1.x86_64
    php71-process-7.1.29-1.39.amzn1.x86_64
    php71-pgsql-7.1.29-1.39.amzn1.x86_64
    php71-pdo-7.1.29-1.39.amzn1.x86_64
    php71-soap-7.1.29-1.39.amzn1.x86_64
    php71-debuginfo-7.1.29-1.39.amzn1.x86_64
    php71-dba-7.1.29-1.39.amzn1.x86_64
    php71-gd-7.1.29-1.39.amzn1.x86_64
    php71-json-7.1.29-1.39.amzn1.x86_64
    php71-pspell-7.1.29-1.39.amzn1.x86_64
    php71-7.1.29-1.39.amzn1.x86_64
    php71-intl-7.1.29-1.39.amzn1.x86_64
    php71-xmlrpc-7.1.29-1.39.amzn1.x86_64
    php71-bcmath-7.1.29-1.39.amzn1.x86_64
    php71-fpm-7.1.29-1.39.amzn1.x86_64
    php71-devel-7.1.29-1.39.amzn1.x86_64
    php73-xmlrpc-7.3.5-1.15.amzn1.x86_64
    php73-intl-7.3.5-1.15.amzn1.x86_64
    php73-mbstring-7.3.5-1.15.amzn1.x86_64
    php73-json-7.3.5-1.15.amzn1.x86_64
    php73-common-7.3.5-1.15.amzn1.x86_64
    php73-tidy-7.3.5-1.15.amzn1.x86_64
    php73-devel-7.3.5-1.15.amzn1.x86_64
    php73-embedded-7.3.5-1.15.amzn1.x86_64
    php73-ldap-7.3.5-1.15.amzn1.x86_64
    php73-dba-7.3.5-1.15.amzn1.x86_64
    php73-soap-7.3.5-1.15.amzn1.x86_64
    php73-pspell-7.3.5-1.15.amzn1.x86_64
    php73-7.3.5-1.15.amzn1.x86_64
    php73-xml-7.3.5-1.15.amzn1.x86_64
    php73-dbg-7.3.5-1.15.amzn1.x86_64
    php73-opcache-7.3.5-1.15.amzn1.x86_64
    php73-pdo-7.3.5-1.15.amzn1.x86_64
    php73-process-7.3.5-1.15.amzn1.x86_64
    php73-cli-7.3.5-1.15.amzn1.x86_64
    php73-odbc-7.3.5-1.15.amzn1.x86_64
    php73-gd-7.3.5-1.15.amzn1.x86_64
    php73-pdo-dblib-7.3.5-1.15.amzn1.x86_64
    php73-debuginfo-7.3.5-1.15.amzn1.x86_64
    php73-enchant-7.3.5-1.15.amzn1.x86_64
    php73-pgsql-7.3.5-1.15.amzn1.x86_64
    php73-mysqlnd-7.3.5-1.15.amzn1.x86_64
    php73-snmp-7.3.5-1.15.amzn1.x86_64
    php73-fpm-7.3.5-1.15.amzn1.x86_64
    php73-bcmath-7.3.5-1.15.amzn1.x86_64
    php73-gmp-7.3.5-1.15.amzn1.x86_64
    php73-recode-7.3.5-1.15.amzn1.x86_64
    php73-imap-7.3.5-1.15.amzn1.x86_64