Amazon Linux AMI update for php54
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2014-9709 CVE-2015-1352 CVE-2015-2301 CVE-2015-2783 CVE-2015-3329 |
| CWE-ID | CWE-125 CWE-476 CWE-416 CWE-126 CWE-121 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU31834
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-9709
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5,. A remote attacker can perform a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
php54-mysqlnd-5.4.40-1.68.amzn1.i686
php54-xmlrpc-5.4.40-1.68.amzn1.i686
php54-devel-5.4.40-1.68.amzn1.i686
php54-pgsql-5.4.40-1.68.amzn1.i686
php54-enchant-5.4.40-1.68.amzn1.i686
php54-cli-5.4.40-1.68.amzn1.i686
php54-soap-5.4.40-1.68.amzn1.i686
php54-dba-5.4.40-1.68.amzn1.i686
php54-mysql-5.4.40-1.68.amzn1.i686
php54-ldap-5.4.40-1.68.amzn1.i686
php54-pdo-5.4.40-1.68.amzn1.i686
php54-recode-5.4.40-1.68.amzn1.i686
php54-tidy-5.4.40-1.68.amzn1.i686
php54-common-5.4.40-1.68.amzn1.i686
php54-process-5.4.40-1.68.amzn1.i686
php54-intl-5.4.40-1.68.amzn1.i686
php54-fpm-5.4.40-1.68.amzn1.i686
php54-snmp-5.4.40-1.68.amzn1.i686
php54-debuginfo-5.4.40-1.68.amzn1.i686
php54-5.4.40-1.68.amzn1.i686
php54-odbc-5.4.40-1.68.amzn1.i686
php54-embedded-5.4.40-1.68.amzn1.i686
php54-xml-5.4.40-1.68.amzn1.i686
php54-gd-5.4.40-1.68.amzn1.i686
php54-mcrypt-5.4.40-1.68.amzn1.i686
php54-mssql-5.4.40-1.68.amzn1.i686
php54-mbstring-5.4.40-1.68.amzn1.i686
php54-imap-5.4.40-1.68.amzn1.i686
php54-pspell-5.4.40-1.68.amzn1.i686
php54-bcmath-5.4.40-1.68.amzn1.i686
src:
php54-5.4.40-1.68.amzn1.src
x86_64:
php54-mbstring-5.4.40-1.68.amzn1.x86_64
php54-dba-5.4.40-1.68.amzn1.x86_64
php54-soap-5.4.40-1.68.amzn1.x86_64
php54-pgsql-5.4.40-1.68.amzn1.x86_64
php54-xml-5.4.40-1.68.amzn1.x86_64
php54-devel-5.4.40-1.68.amzn1.x86_64
php54-tidy-5.4.40-1.68.amzn1.x86_64
php54-enchant-5.4.40-1.68.amzn1.x86_64
php54-common-5.4.40-1.68.amzn1.x86_64
php54-mysqlnd-5.4.40-1.68.amzn1.x86_64
php54-gd-5.4.40-1.68.amzn1.x86_64
php54-snmp-5.4.40-1.68.amzn1.x86_64
php54-odbc-5.4.40-1.68.amzn1.x86_64
php54-intl-5.4.40-1.68.amzn1.x86_64
php54-5.4.40-1.68.amzn1.x86_64
php54-debuginfo-5.4.40-1.68.amzn1.x86_64
php54-pdo-5.4.40-1.68.amzn1.x86_64
php54-process-5.4.40-1.68.amzn1.x86_64
php54-bcmath-5.4.40-1.68.amzn1.x86_64
php54-pspell-5.4.40-1.68.amzn1.x86_64
php54-xmlrpc-5.4.40-1.68.amzn1.x86_64
php54-fpm-5.4.40-1.68.amzn1.x86_64
php54-embedded-5.4.40-1.68.amzn1.x86_64
php54-recode-5.4.40-1.68.amzn1.x86_64
php54-mssql-5.4.40-1.68.amzn1.x86_64
php54-mcrypt-5.4.40-1.68.amzn1.x86_64
php54-ldap-5.4.40-1.68.amzn1.x86_64
php54-cli-5.4.40-1.68.amzn1.x86_64
php54-mysql-5.4.40-1.68.amzn1.x86_64
php54-imap-5.4.40-1.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttp://alas.aws.amazon.com/ALAS-2015-509.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU16105
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-1352
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a specially crafted name. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
php54-mysqlnd-5.4.40-1.68.amzn1.i686
php54-xmlrpc-5.4.40-1.68.amzn1.i686
php54-devel-5.4.40-1.68.amzn1.i686
php54-pgsql-5.4.40-1.68.amzn1.i686
php54-enchant-5.4.40-1.68.amzn1.i686
php54-cli-5.4.40-1.68.amzn1.i686
php54-soap-5.4.40-1.68.amzn1.i686
php54-dba-5.4.40-1.68.amzn1.i686
php54-mysql-5.4.40-1.68.amzn1.i686
php54-ldap-5.4.40-1.68.amzn1.i686
php54-pdo-5.4.40-1.68.amzn1.i686
php54-recode-5.4.40-1.68.amzn1.i686
php54-tidy-5.4.40-1.68.amzn1.i686
php54-common-5.4.40-1.68.amzn1.i686
php54-process-5.4.40-1.68.amzn1.i686
php54-intl-5.4.40-1.68.amzn1.i686
php54-fpm-5.4.40-1.68.amzn1.i686
php54-snmp-5.4.40-1.68.amzn1.i686
php54-debuginfo-5.4.40-1.68.amzn1.i686
php54-5.4.40-1.68.amzn1.i686
php54-odbc-5.4.40-1.68.amzn1.i686
php54-embedded-5.4.40-1.68.amzn1.i686
php54-xml-5.4.40-1.68.amzn1.i686
php54-gd-5.4.40-1.68.amzn1.i686
php54-mcrypt-5.4.40-1.68.amzn1.i686
php54-mssql-5.4.40-1.68.amzn1.i686
php54-mbstring-5.4.40-1.68.amzn1.i686
php54-imap-5.4.40-1.68.amzn1.i686
php54-pspell-5.4.40-1.68.amzn1.i686
php54-bcmath-5.4.40-1.68.amzn1.i686
src:
php54-5.4.40-1.68.amzn1.src
x86_64:
php54-mbstring-5.4.40-1.68.amzn1.x86_64
php54-dba-5.4.40-1.68.amzn1.x86_64
php54-soap-5.4.40-1.68.amzn1.x86_64
php54-pgsql-5.4.40-1.68.amzn1.x86_64
php54-xml-5.4.40-1.68.amzn1.x86_64
php54-devel-5.4.40-1.68.amzn1.x86_64
php54-tidy-5.4.40-1.68.amzn1.x86_64
php54-enchant-5.4.40-1.68.amzn1.x86_64
php54-common-5.4.40-1.68.amzn1.x86_64
php54-mysqlnd-5.4.40-1.68.amzn1.x86_64
php54-gd-5.4.40-1.68.amzn1.x86_64
php54-snmp-5.4.40-1.68.amzn1.x86_64
php54-odbc-5.4.40-1.68.amzn1.x86_64
php54-intl-5.4.40-1.68.amzn1.x86_64
php54-5.4.40-1.68.amzn1.x86_64
php54-debuginfo-5.4.40-1.68.amzn1.x86_64
php54-pdo-5.4.40-1.68.amzn1.x86_64
php54-process-5.4.40-1.68.amzn1.x86_64
php54-bcmath-5.4.40-1.68.amzn1.x86_64
php54-pspell-5.4.40-1.68.amzn1.x86_64
php54-xmlrpc-5.4.40-1.68.amzn1.x86_64
php54-fpm-5.4.40-1.68.amzn1.x86_64
php54-embedded-5.4.40-1.68.amzn1.x86_64
php54-recode-5.4.40-1.68.amzn1.x86_64
php54-mssql-5.4.40-1.68.amzn1.x86_64
php54-mcrypt-5.4.40-1.68.amzn1.x86_64
php54-ldap-5.4.40-1.68.amzn1.x86_64
php54-cli-5.4.40-1.68.amzn1.x86_64
php54-mysql-5.4.40-1.68.amzn1.x86_64
php54-imap-5.4.40-1.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttp://alas.aws.amazon.com/ALAS-2015-509.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free error
EUVDB-ID: #VU16108
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2301
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6. A remote attacker can trigger memory corruption via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file and cause the service to crash.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
php54-mysqlnd-5.4.40-1.68.amzn1.i686
php54-xmlrpc-5.4.40-1.68.amzn1.i686
php54-devel-5.4.40-1.68.amzn1.i686
php54-pgsql-5.4.40-1.68.amzn1.i686
php54-enchant-5.4.40-1.68.amzn1.i686
php54-cli-5.4.40-1.68.amzn1.i686
php54-soap-5.4.40-1.68.amzn1.i686
php54-dba-5.4.40-1.68.amzn1.i686
php54-mysql-5.4.40-1.68.amzn1.i686
php54-ldap-5.4.40-1.68.amzn1.i686
php54-pdo-5.4.40-1.68.amzn1.i686
php54-recode-5.4.40-1.68.amzn1.i686
php54-tidy-5.4.40-1.68.amzn1.i686
php54-common-5.4.40-1.68.amzn1.i686
php54-process-5.4.40-1.68.amzn1.i686
php54-intl-5.4.40-1.68.amzn1.i686
php54-fpm-5.4.40-1.68.amzn1.i686
php54-snmp-5.4.40-1.68.amzn1.i686
php54-debuginfo-5.4.40-1.68.amzn1.i686
php54-5.4.40-1.68.amzn1.i686
php54-odbc-5.4.40-1.68.amzn1.i686
php54-embedded-5.4.40-1.68.amzn1.i686
php54-xml-5.4.40-1.68.amzn1.i686
php54-gd-5.4.40-1.68.amzn1.i686
php54-mcrypt-5.4.40-1.68.amzn1.i686
php54-mssql-5.4.40-1.68.amzn1.i686
php54-mbstring-5.4.40-1.68.amzn1.i686
php54-imap-5.4.40-1.68.amzn1.i686
php54-pspell-5.4.40-1.68.amzn1.i686
php54-bcmath-5.4.40-1.68.amzn1.i686
src:
php54-5.4.40-1.68.amzn1.src
x86_64:
php54-mbstring-5.4.40-1.68.amzn1.x86_64
php54-dba-5.4.40-1.68.amzn1.x86_64
php54-soap-5.4.40-1.68.amzn1.x86_64
php54-pgsql-5.4.40-1.68.amzn1.x86_64
php54-xml-5.4.40-1.68.amzn1.x86_64
php54-devel-5.4.40-1.68.amzn1.x86_64
php54-tidy-5.4.40-1.68.amzn1.x86_64
php54-enchant-5.4.40-1.68.amzn1.x86_64
php54-common-5.4.40-1.68.amzn1.x86_64
php54-mysqlnd-5.4.40-1.68.amzn1.x86_64
php54-gd-5.4.40-1.68.amzn1.x86_64
php54-snmp-5.4.40-1.68.amzn1.x86_64
php54-odbc-5.4.40-1.68.amzn1.x86_64
php54-intl-5.4.40-1.68.amzn1.x86_64
php54-5.4.40-1.68.amzn1.x86_64
php54-debuginfo-5.4.40-1.68.amzn1.x86_64
php54-pdo-5.4.40-1.68.amzn1.x86_64
php54-process-5.4.40-1.68.amzn1.x86_64
php54-bcmath-5.4.40-1.68.amzn1.x86_64
php54-pspell-5.4.40-1.68.amzn1.x86_64
php54-xmlrpc-5.4.40-1.68.amzn1.x86_64
php54-fpm-5.4.40-1.68.amzn1.x86_64
php54-embedded-5.4.40-1.68.amzn1.x86_64
php54-recode-5.4.40-1.68.amzn1.x86_64
php54-mssql-5.4.40-1.68.amzn1.x86_64
php54-mcrypt-5.4.40-1.68.amzn1.x86_64
php54-ldap-5.4.40-1.68.amzn1.x86_64
php54-cli-5.4.40-1.68.amzn1.x86_64
php54-mysql-5.4.40-1.68.amzn1.x86_64
php54-imap-5.4.40-1.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttp://alas.aws.amazon.com/ALAS-2015-509.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer over-read
EUVDB-ID: #VU16114
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2783
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.
The weakness exists due to buffer over-read in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8. A remote attacker can obtain sensitive information from process memory or cause a denial of service via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.
Update the affected packages:
i686:Vulnerable software versions
php54-mysqlnd-5.4.40-1.68.amzn1.i686
php54-xmlrpc-5.4.40-1.68.amzn1.i686
php54-devel-5.4.40-1.68.amzn1.i686
php54-pgsql-5.4.40-1.68.amzn1.i686
php54-enchant-5.4.40-1.68.amzn1.i686
php54-cli-5.4.40-1.68.amzn1.i686
php54-soap-5.4.40-1.68.amzn1.i686
php54-dba-5.4.40-1.68.amzn1.i686
php54-mysql-5.4.40-1.68.amzn1.i686
php54-ldap-5.4.40-1.68.amzn1.i686
php54-pdo-5.4.40-1.68.amzn1.i686
php54-recode-5.4.40-1.68.amzn1.i686
php54-tidy-5.4.40-1.68.amzn1.i686
php54-common-5.4.40-1.68.amzn1.i686
php54-process-5.4.40-1.68.amzn1.i686
php54-intl-5.4.40-1.68.amzn1.i686
php54-fpm-5.4.40-1.68.amzn1.i686
php54-snmp-5.4.40-1.68.amzn1.i686
php54-debuginfo-5.4.40-1.68.amzn1.i686
php54-5.4.40-1.68.amzn1.i686
php54-odbc-5.4.40-1.68.amzn1.i686
php54-embedded-5.4.40-1.68.amzn1.i686
php54-xml-5.4.40-1.68.amzn1.i686
php54-gd-5.4.40-1.68.amzn1.i686
php54-mcrypt-5.4.40-1.68.amzn1.i686
php54-mssql-5.4.40-1.68.amzn1.i686
php54-mbstring-5.4.40-1.68.amzn1.i686
php54-imap-5.4.40-1.68.amzn1.i686
php54-pspell-5.4.40-1.68.amzn1.i686
php54-bcmath-5.4.40-1.68.amzn1.i686
src:
php54-5.4.40-1.68.amzn1.src
x86_64:
php54-mbstring-5.4.40-1.68.amzn1.x86_64
php54-dba-5.4.40-1.68.amzn1.x86_64
php54-soap-5.4.40-1.68.amzn1.x86_64
php54-pgsql-5.4.40-1.68.amzn1.x86_64
php54-xml-5.4.40-1.68.amzn1.x86_64
php54-devel-5.4.40-1.68.amzn1.x86_64
php54-tidy-5.4.40-1.68.amzn1.x86_64
php54-enchant-5.4.40-1.68.amzn1.x86_64
php54-common-5.4.40-1.68.amzn1.x86_64
php54-mysqlnd-5.4.40-1.68.amzn1.x86_64
php54-gd-5.4.40-1.68.amzn1.x86_64
php54-snmp-5.4.40-1.68.amzn1.x86_64
php54-odbc-5.4.40-1.68.amzn1.x86_64
php54-intl-5.4.40-1.68.amzn1.x86_64
php54-5.4.40-1.68.amzn1.x86_64
php54-debuginfo-5.4.40-1.68.amzn1.x86_64
php54-pdo-5.4.40-1.68.amzn1.x86_64
php54-process-5.4.40-1.68.amzn1.x86_64
php54-bcmath-5.4.40-1.68.amzn1.x86_64
php54-pspell-5.4.40-1.68.amzn1.x86_64
php54-xmlrpc-5.4.40-1.68.amzn1.x86_64
php54-fpm-5.4.40-1.68.amzn1.x86_64
php54-embedded-5.4.40-1.68.amzn1.x86_64
php54-recode-5.4.40-1.68.amzn1.x86_64
php54-mssql-5.4.40-1.68.amzn1.x86_64
php54-mcrypt-5.4.40-1.68.amzn1.x86_64
php54-ldap-5.4.40-1.68.amzn1.x86_64
php54-cli-5.4.40-1.68.amzn1.x86_64
php54-mysql-5.4.40-1.68.amzn1.x86_64
php54-imap-5.4.40-1.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttp://alas.aws.amazon.com/ALAS-2015-509.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Stack-based buffer overflow
EUVDB-ID: #VU16109
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-3329
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8. A remote attacker can trigger memory corruption and execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
Update the affected packages:
i686:Vulnerable software versions
php54-mysqlnd-5.4.40-1.68.amzn1.i686
php54-xmlrpc-5.4.40-1.68.amzn1.i686
php54-devel-5.4.40-1.68.amzn1.i686
php54-pgsql-5.4.40-1.68.amzn1.i686
php54-enchant-5.4.40-1.68.amzn1.i686
php54-cli-5.4.40-1.68.amzn1.i686
php54-soap-5.4.40-1.68.amzn1.i686
php54-dba-5.4.40-1.68.amzn1.i686
php54-mysql-5.4.40-1.68.amzn1.i686
php54-ldap-5.4.40-1.68.amzn1.i686
php54-pdo-5.4.40-1.68.amzn1.i686
php54-recode-5.4.40-1.68.amzn1.i686
php54-tidy-5.4.40-1.68.amzn1.i686
php54-common-5.4.40-1.68.amzn1.i686
php54-process-5.4.40-1.68.amzn1.i686
php54-intl-5.4.40-1.68.amzn1.i686
php54-fpm-5.4.40-1.68.amzn1.i686
php54-snmp-5.4.40-1.68.amzn1.i686
php54-debuginfo-5.4.40-1.68.amzn1.i686
php54-5.4.40-1.68.amzn1.i686
php54-odbc-5.4.40-1.68.amzn1.i686
php54-embedded-5.4.40-1.68.amzn1.i686
php54-xml-5.4.40-1.68.amzn1.i686
php54-gd-5.4.40-1.68.amzn1.i686
php54-mcrypt-5.4.40-1.68.amzn1.i686
php54-mssql-5.4.40-1.68.amzn1.i686
php54-mbstring-5.4.40-1.68.amzn1.i686
php54-imap-5.4.40-1.68.amzn1.i686
php54-pspell-5.4.40-1.68.amzn1.i686
php54-bcmath-5.4.40-1.68.amzn1.i686
src:
php54-5.4.40-1.68.amzn1.src
x86_64:
php54-mbstring-5.4.40-1.68.amzn1.x86_64
php54-dba-5.4.40-1.68.amzn1.x86_64
php54-soap-5.4.40-1.68.amzn1.x86_64
php54-pgsql-5.4.40-1.68.amzn1.x86_64
php54-xml-5.4.40-1.68.amzn1.x86_64
php54-devel-5.4.40-1.68.amzn1.x86_64
php54-tidy-5.4.40-1.68.amzn1.x86_64
php54-enchant-5.4.40-1.68.amzn1.x86_64
php54-common-5.4.40-1.68.amzn1.x86_64
php54-mysqlnd-5.4.40-1.68.amzn1.x86_64
php54-gd-5.4.40-1.68.amzn1.x86_64
php54-snmp-5.4.40-1.68.amzn1.x86_64
php54-odbc-5.4.40-1.68.amzn1.x86_64
php54-intl-5.4.40-1.68.amzn1.x86_64
php54-5.4.40-1.68.amzn1.x86_64
php54-debuginfo-5.4.40-1.68.amzn1.x86_64
php54-pdo-5.4.40-1.68.amzn1.x86_64
php54-process-5.4.40-1.68.amzn1.x86_64
php54-bcmath-5.4.40-1.68.amzn1.x86_64
php54-pspell-5.4.40-1.68.amzn1.x86_64
php54-xmlrpc-5.4.40-1.68.amzn1.x86_64
php54-fpm-5.4.40-1.68.amzn1.x86_64
php54-embedded-5.4.40-1.68.amzn1.x86_64
php54-recode-5.4.40-1.68.amzn1.x86_64
php54-mssql-5.4.40-1.68.amzn1.x86_64
php54-mcrypt-5.4.40-1.68.amzn1.x86_64
php54-ldap-5.4.40-1.68.amzn1.x86_64
php54-cli-5.4.40-1.68.amzn1.x86_64
php54-mysql-5.4.40-1.68.amzn1.x86_64
php54-imap-5.4.40-1.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttp://alas.aws.amazon.com/ALAS-2015-509.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
