ALAS-2019-1237


Amazon Linux AMI Security Advisory: ALAS-2019-1237
Advisory Release Date: 2019-07-25 18:37 Pacific
Severity: Medium
References: CVE-2019-11037 

Issue Overview:

In PHP imagick extension, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party. (CVE-2019-11037 )


Affected Packages:

php54-pecl-imagick,php55-pecl-imagick,php56-pecl-imagick,php70-pecl-imagick,php71-pecl-imagick,php72-pecl-imagick


Issue Correction:
Run yum update php54-pecl-imagick to update your system.
Run yum update php55-pecl-imagick to update your system.
Run yum update php56-pecl-imagick to update your system.
Run yum update php70-pecl-imagick to update your system.
Run yum update php71-pecl-imagick to update your system.
Run yum update php72-pecl-imagick to update your system.

New Packages:
i686:
    php54-pecl-imagick-debuginfo-3.4.4-1.10.amzn1.i686
    php54-pecl-imagick-3.4.4-1.10.amzn1.i686
    php56-pecl-imagick-3.4.4-1.15.amzn1.i686
    php56-pecl-imagick-debuginfo-3.4.4-1.15.amzn1.i686
    php55-pecl-imagick-3.4.4-1.14.amzn1.i686
    php55-pecl-imagick-debuginfo-3.4.4-1.14.amzn1.i686
    php71-pecl-imagick-debuginfo-3.4.4-1.7.amzn1.i686
    php71-pecl-imagick-3.4.4-1.7.amzn1.i686
    php71-pecl-imagick-devel-3.4.4-1.7.amzn1.i686
    php70-pecl-imagick-debuginfo-3.4.4-1.6.amzn1.i686
    php70-pecl-imagick-3.4.4-1.6.amzn1.i686
    php70-pecl-imagick-devel-3.4.4-1.6.amzn1.i686
    php72-pecl-imagick-3.4.4-1.9.amzn1.i686
    php72-pecl-imagick-debuginfo-3.4.4-1.9.amzn1.i686
    php72-pecl-imagick-devel-3.4.4-1.9.amzn1.i686

src:
    php54-pecl-imagick-3.4.4-1.10.amzn1.src
    php56-pecl-imagick-3.4.4-1.15.amzn1.src
    php55-pecl-imagick-3.4.4-1.14.amzn1.src
    php71-pecl-imagick-3.4.4-1.7.amzn1.src
    php70-pecl-imagick-3.4.4-1.6.amzn1.src
    php72-pecl-imagick-3.4.4-1.9.amzn1.src

x86_64:
    php54-pecl-imagick-3.4.4-1.10.amzn1.x86_64
    php54-pecl-imagick-debuginfo-3.4.4-1.10.amzn1.x86_64
    php56-pecl-imagick-3.4.4-1.15.amzn1.x86_64
    php56-pecl-imagick-debuginfo-3.4.4-1.15.amzn1.x86_64
    php55-pecl-imagick-3.4.4-1.14.amzn1.x86_64
    php55-pecl-imagick-debuginfo-3.4.4-1.14.amzn1.x86_64
    php71-pecl-imagick-devel-3.4.4-1.7.amzn1.x86_64
    php71-pecl-imagick-3.4.4-1.7.amzn1.x86_64
    php71-pecl-imagick-debuginfo-3.4.4-1.7.amzn1.x86_64
    php70-pecl-imagick-debuginfo-3.4.4-1.6.amzn1.x86_64
    php70-pecl-imagick-devel-3.4.4-1.6.amzn1.x86_64
    php70-pecl-imagick-3.4.4-1.6.amzn1.x86_64
    php72-pecl-imagick-devel-3.4.4-1.9.amzn1.x86_64
    php72-pecl-imagick-debuginfo-3.4.4-1.9.amzn1.x86_64
    php72-pecl-imagick-3.4.4-1.9.amzn1.x86_64