Amazon Linux AMI update for php56, php70, php71, php72
Published: 2019-01-13
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-19518 CVE-2018-19935 |
| CWE-ID | CWE-77 CWE-476 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Command injection
EUVDB-ID: #VU16067
Risk: Low
CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2018-19518
CWE-ID:
CWE-77 - Command injection
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary commands on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to inject and execute arbitrary commands.
Update the affected packages.
i686:Vulnerable software versions
php70-soap-7.0.33-1.32.amzn1.i686
php70-json-7.0.33-1.32.amzn1.i686
php70-mbstring-7.0.33-1.32.amzn1.i686
php70-opcache-7.0.33-1.32.amzn1.i686
php70-tidy-7.0.33-1.32.amzn1.i686
php70-xml-7.0.33-1.32.amzn1.i686
php70-gd-7.0.33-1.32.amzn1.i686
php70-common-7.0.33-1.32.amzn1.i686
php70-snmp-7.0.33-1.32.amzn1.i686
php70-gmp-7.0.33-1.32.amzn1.i686
php70-ldap-7.0.33-1.32.amzn1.i686
php70-mysqlnd-7.0.33-1.32.amzn1.i686
php70-mcrypt-7.0.33-1.32.amzn1.i686
php70-pdo-7.0.33-1.32.amzn1.i686
php70-embedded-7.0.33-1.32.amzn1.i686
php70-process-7.0.33-1.32.amzn1.i686
php70-intl-7.0.33-1.32.amzn1.i686
php70-bcmath-7.0.33-1.32.amzn1.i686
php70-7.0.33-1.32.amzn1.i686
php70-recode-7.0.33-1.32.amzn1.i686
php70-xmlrpc-7.0.33-1.32.amzn1.i686
php70-pdo-dblib-7.0.33-1.32.amzn1.i686
php70-cli-7.0.33-1.32.amzn1.i686
php70-pspell-7.0.33-1.32.amzn1.i686
php70-dba-7.0.33-1.32.amzn1.i686
php70-dbg-7.0.33-1.32.amzn1.i686
php70-odbc-7.0.33-1.32.amzn1.i686
php70-enchant-7.0.33-1.32.amzn1.i686
php70-fpm-7.0.33-1.32.amzn1.i686
php70-pgsql-7.0.33-1.32.amzn1.i686
php70-devel-7.0.33-1.32.amzn1.i686
php70-zip-7.0.33-1.32.amzn1.i686
php70-imap-7.0.33-1.32.amzn1.i686
php70-debuginfo-7.0.33-1.32.amzn1.i686
php56-xml-5.6.39-1.141.amzn1.i686
php56-pdo-5.6.39-1.141.amzn1.i686
php56-dbg-5.6.39-1.141.amzn1.i686
php56-ldap-5.6.39-1.141.amzn1.i686
php56-mbstring-5.6.39-1.141.amzn1.i686
php56-dba-5.6.39-1.141.amzn1.i686
php56-cli-5.6.39-1.141.amzn1.i686
php56-process-5.6.39-1.141.amzn1.i686
php56-common-5.6.39-1.141.amzn1.i686
php56-odbc-5.6.39-1.141.amzn1.i686
php56-xmlrpc-5.6.39-1.141.amzn1.i686
php56-devel-5.6.39-1.141.amzn1.i686
php56-mysqlnd-5.6.39-1.141.amzn1.i686
php56-opcache-5.6.39-1.141.amzn1.i686
php56-fpm-5.6.39-1.141.amzn1.i686
php56-debuginfo-5.6.39-1.141.amzn1.i686
php56-embedded-5.6.39-1.141.amzn1.i686
php56-gd-5.6.39-1.141.amzn1.i686
php56-imap-5.6.39-1.141.amzn1.i686
php56-enchant-5.6.39-1.141.amzn1.i686
php56-mssql-5.6.39-1.141.amzn1.i686
php56-soap-5.6.39-1.141.amzn1.i686
php56-mcrypt-5.6.39-1.141.amzn1.i686
php56-bcmath-5.6.39-1.141.amzn1.i686
php56-tidy-5.6.39-1.141.amzn1.i686
php56-gmp-5.6.39-1.141.amzn1.i686
php56-intl-5.6.39-1.141.amzn1.i686
php56-recode-5.6.39-1.141.amzn1.i686
php56-pgsql-5.6.39-1.141.amzn1.i686
php56-5.6.39-1.141.amzn1.i686
php56-snmp-5.6.39-1.141.amzn1.i686
php56-pspell-5.6.39-1.141.amzn1.i686
php71-common-7.1.25-1.35.amzn1.i686
php71-enchant-7.1.25-1.35.amzn1.i686
php71-intl-7.1.25-1.35.amzn1.i686
php71-pdo-dblib-7.1.25-1.35.amzn1.i686
php71-7.1.25-1.35.amzn1.i686
php71-debuginfo-7.1.25-1.35.amzn1.i686
php71-tidy-7.1.25-1.35.amzn1.i686
php71-gmp-7.1.25-1.35.amzn1.i686
php71-bcmath-7.1.25-1.35.amzn1.i686
php71-embedded-7.1.25-1.35.amzn1.i686
php71-fpm-7.1.25-1.35.amzn1.i686
php71-gd-7.1.25-1.35.amzn1.i686
php71-cli-7.1.25-1.35.amzn1.i686
php71-pgsql-7.1.25-1.35.amzn1.i686
php71-snmp-7.1.25-1.35.amzn1.i686
php71-ldap-7.1.25-1.35.amzn1.i686
php71-xml-7.1.25-1.35.amzn1.i686
php71-dbg-7.1.25-1.35.amzn1.i686
php71-odbc-7.1.25-1.35.amzn1.i686
php71-json-7.1.25-1.35.amzn1.i686
php71-xmlrpc-7.1.25-1.35.amzn1.i686
php71-imap-7.1.25-1.35.amzn1.i686
php71-mysqlnd-7.1.25-1.35.amzn1.i686
php71-devel-7.1.25-1.35.amzn1.i686
php71-mcrypt-7.1.25-1.35.amzn1.i686
php71-recode-7.1.25-1.35.amzn1.i686
php71-process-7.1.25-1.35.amzn1.i686
php71-opcache-7.1.25-1.35.amzn1.i686
php71-dba-7.1.25-1.35.amzn1.i686
php71-soap-7.1.25-1.35.amzn1.i686
php71-pdo-7.1.25-1.35.amzn1.i686
php71-pspell-7.1.25-1.35.amzn1.i686
php71-mbstring-7.1.25-1.35.amzn1.i686
php72-pspell-7.2.13-1.7.amzn1.i686
php72-imap-7.2.13-1.7.amzn1.i686
php72-7.2.13-1.7.amzn1.i686
php72-json-7.2.13-1.7.amzn1.i686
php72-dbg-7.2.13-1.7.amzn1.i686
php72-intl-7.2.13-1.7.amzn1.i686
php72-mysqlnd-7.2.13-1.7.amzn1.i686
php72-enchant-7.2.13-1.7.amzn1.i686
php72-embedded-7.2.13-1.7.amzn1.i686
php72-debuginfo-7.2.13-1.7.amzn1.i686
php72-pgsql-7.2.13-1.7.amzn1.i686
php72-common-7.2.13-1.7.amzn1.i686
php72-pdo-dblib-7.2.13-1.7.amzn1.i686
php72-recode-7.2.13-1.7.amzn1.i686
php72-mbstring-7.2.13-1.7.amzn1.i686
php72-bcmath-7.2.13-1.7.amzn1.i686
php72-tidy-7.2.13-1.7.amzn1.i686
php72-gd-7.2.13-1.7.amzn1.i686
php72-soap-7.2.13-1.7.amzn1.i686
php72-ldap-7.2.13-1.7.amzn1.i686
php72-devel-7.2.13-1.7.amzn1.i686
php72-odbc-7.2.13-1.7.amzn1.i686
php72-gmp-7.2.13-1.7.amzn1.i686
php72-dba-7.2.13-1.7.amzn1.i686
php72-xml-7.2.13-1.7.amzn1.i686
php72-snmp-7.2.13-1.7.amzn1.i686
php72-opcache-7.2.13-1.7.amzn1.i686
php72-fpm-7.2.13-1.7.amzn1.i686
php72-pdo-7.2.13-1.7.amzn1.i686
php72-cli-7.2.13-1.7.amzn1.i686
php72-xmlrpc-7.2.13-1.7.amzn1.i686
php72-process-7.2.13-1.7.amzn1.i686
src:
php70-7.0.33-1.32.amzn1.src
php56-5.6.39-1.141.amzn1.src
php71-7.1.25-1.35.amzn1.src
php72-7.2.13-1.7.amzn1.src
x86_64:
php70-gd-7.0.33-1.32.amzn1.x86_64
php70-embedded-7.0.33-1.32.amzn1.x86_64
php70-pgsql-7.0.33-1.32.amzn1.x86_64
php70-ldap-7.0.33-1.32.amzn1.x86_64
php70-process-7.0.33-1.32.amzn1.x86_64
php70-intl-7.0.33-1.32.amzn1.x86_64
php70-common-7.0.33-1.32.amzn1.x86_64
php70-opcache-7.0.33-1.32.amzn1.x86_64
php70-cli-7.0.33-1.32.amzn1.x86_64
php70-enchant-7.0.33-1.32.amzn1.x86_64
php70-fpm-7.0.33-1.32.amzn1.x86_64
php70-recode-7.0.33-1.32.amzn1.x86_64
php70-bcmath-7.0.33-1.32.amzn1.x86_64
php70-mbstring-7.0.33-1.32.amzn1.x86_64
php70-soap-7.0.33-1.32.amzn1.x86_64
php70-pdo-dblib-7.0.33-1.32.amzn1.x86_64
php70-debuginfo-7.0.33-1.32.amzn1.x86_64
php70-mysqlnd-7.0.33-1.32.amzn1.x86_64
php70-snmp-7.0.33-1.32.amzn1.x86_64
php70-7.0.33-1.32.amzn1.x86_64
php70-dbg-7.0.33-1.32.amzn1.x86_64
php70-pspell-7.0.33-1.32.amzn1.x86_64
php70-dba-7.0.33-1.32.amzn1.x86_64
php70-odbc-7.0.33-1.32.amzn1.x86_64
php70-xmlrpc-7.0.33-1.32.amzn1.x86_64
php70-devel-7.0.33-1.32.amzn1.x86_64
php70-pdo-7.0.33-1.32.amzn1.x86_64
php70-xml-7.0.33-1.32.amzn1.x86_64
php70-zip-7.0.33-1.32.amzn1.x86_64
php70-imap-7.0.33-1.32.amzn1.x86_64
php70-gmp-7.0.33-1.32.amzn1.x86_64
php70-tidy-7.0.33-1.32.amzn1.x86_64
php70-json-7.0.33-1.32.amzn1.x86_64
php70-mcrypt-7.0.33-1.32.amzn1.x86_64
php56-dbg-5.6.39-1.141.amzn1.x86_64
php56-mssql-5.6.39-1.141.amzn1.x86_64
php56-tidy-5.6.39-1.141.amzn1.x86_64
php56-intl-5.6.39-1.141.amzn1.x86_64
php56-dba-5.6.39-1.141.amzn1.x86_64
php56-pdo-5.6.39-1.141.amzn1.x86_64
php56-cli-5.6.39-1.141.amzn1.x86_64
php56-common-5.6.39-1.141.amzn1.x86_64
php56-embedded-5.6.39-1.141.amzn1.x86_64
php56-ldap-5.6.39-1.141.amzn1.x86_64
php56-pspell-5.6.39-1.141.amzn1.x86_64
php56-5.6.39-1.141.amzn1.x86_64
php56-fpm-5.6.39-1.141.amzn1.x86_64
php56-debuginfo-5.6.39-1.141.amzn1.x86_64
php56-mysqlnd-5.6.39-1.141.amzn1.x86_64
php56-gmp-5.6.39-1.141.amzn1.x86_64
php56-xml-5.6.39-1.141.amzn1.x86_64
php56-pgsql-5.6.39-1.141.amzn1.x86_64
php56-bcmath-5.6.39-1.141.amzn1.x86_64
php56-gd-5.6.39-1.141.amzn1.x86_64
php56-opcache-5.6.39-1.141.amzn1.x86_64
php56-devel-5.6.39-1.141.amzn1.x86_64
php56-xmlrpc-5.6.39-1.141.amzn1.x86_64
php56-recode-5.6.39-1.141.amzn1.x86_64
php56-process-5.6.39-1.141.amzn1.x86_64
php56-mbstring-5.6.39-1.141.amzn1.x86_64
php56-enchant-5.6.39-1.141.amzn1.x86_64
php56-imap-5.6.39-1.141.amzn1.x86_64
php56-soap-5.6.39-1.141.amzn1.x86_64
php56-mcrypt-5.6.39-1.141.amzn1.x86_64
php56-odbc-5.6.39-1.141.amzn1.x86_64
php56-snmp-5.6.39-1.141.amzn1.x86_64
php71-bcmath-7.1.25-1.35.amzn1.x86_64
php71-snmp-7.1.25-1.35.amzn1.x86_64
php71-pspell-7.1.25-1.35.amzn1.x86_64
php71-mbstring-7.1.25-1.35.amzn1.x86_64
php71-pdo-dblib-7.1.25-1.35.amzn1.x86_64
php71-mysqlnd-7.1.25-1.35.amzn1.x86_64
php71-embedded-7.1.25-1.35.amzn1.x86_64
php71-7.1.25-1.35.amzn1.x86_64
php71-debuginfo-7.1.25-1.35.amzn1.x86_64
php71-cli-7.1.25-1.35.amzn1.x86_64
php71-devel-7.1.25-1.35.amzn1.x86_64
php71-dbg-7.1.25-1.35.amzn1.x86_64
php71-common-7.1.25-1.35.amzn1.x86_64
php71-odbc-7.1.25-1.35.amzn1.x86_64
php71-soap-7.1.25-1.35.amzn1.x86_64
php71-xmlrpc-7.1.25-1.35.amzn1.x86_64
php71-xml-7.1.25-1.35.amzn1.x86_64
php71-tidy-7.1.25-1.35.amzn1.x86_64
php71-json-7.1.25-1.35.amzn1.x86_64
php71-imap-7.1.25-1.35.amzn1.x86_64
php71-intl-7.1.25-1.35.amzn1.x86_64
php71-gmp-7.1.25-1.35.amzn1.x86_64
php71-fpm-7.1.25-1.35.amzn1.x86_64
php71-recode-7.1.25-1.35.amzn1.x86_64
php71-opcache-7.1.25-1.35.amzn1.x86_64
php71-mcrypt-7.1.25-1.35.amzn1.x86_64
php71-dba-7.1.25-1.35.amzn1.x86_64
php71-pgsql-7.1.25-1.35.amzn1.x86_64
php71-pdo-7.1.25-1.35.amzn1.x86_64
php71-process-7.1.25-1.35.amzn1.x86_64
php71-enchant-7.1.25-1.35.amzn1.x86_64
php71-ldap-7.1.25-1.35.amzn1.x86_64
php71-gd-7.1.25-1.35.amzn1.x86_64
php72-dba-7.2.13-1.7.amzn1.x86_64
php72-cli-7.2.13-1.7.amzn1.x86_64
php72-debuginfo-7.2.13-1.7.amzn1.x86_64
php72-odbc-7.2.13-1.7.amzn1.x86_64
php72-xml-7.2.13-1.7.amzn1.x86_64
php72-gd-7.2.13-1.7.amzn1.x86_64
php72-devel-7.2.13-1.7.amzn1.x86_64
php72-snmp-7.2.13-1.7.amzn1.x86_64
php72-pdo-dblib-7.2.13-1.7.amzn1.x86_64
php72-7.2.13-1.7.amzn1.x86_64
php72-mbstring-7.2.13-1.7.amzn1.x86_64
php72-soap-7.2.13-1.7.amzn1.x86_64
php72-dbg-7.2.13-1.7.amzn1.x86_64
php72-mysqlnd-7.2.13-1.7.amzn1.x86_64
php72-recode-7.2.13-1.7.amzn1.x86_64
php72-pdo-7.2.13-1.7.amzn1.x86_64
php72-fpm-7.2.13-1.7.amzn1.x86_64
php72-opcache-7.2.13-1.7.amzn1.x86_64
php72-tidy-7.2.13-1.7.amzn1.x86_64
php72-json-7.2.13-1.7.amzn1.x86_64
php72-ldap-7.2.13-1.7.amzn1.x86_64
php72-pgsql-7.2.13-1.7.amzn1.x86_64
php72-pspell-7.2.13-1.7.amzn1.x86_64
php72-bcmath-7.2.13-1.7.amzn1.x86_64
php72-imap-7.2.13-1.7.amzn1.x86_64
php72-intl-7.2.13-1.7.amzn1.x86_64
php72-common-7.2.13-1.7.amzn1.x86_64
php72-gmp-7.2.13-1.7.amzn1.x86_64
php72-xmlrpc-7.2.13-1.7.amzn1.x86_64
php72-embedded-7.2.13-1.7.amzn1.x86_64
php72-process-7.2.13-1.7.amzn1.x86_64
php72-enchant-7.2.13-1.7.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2019-1147.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
2) NULL pointer dereference
EUVDB-ID: #VU16315
Risk: Low
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-19935
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to NULL pointer dereference in _php_imap_mail when improper check of wheater message. A remote attacker can supply specially crafted message, trigger NULL pointer dereference and cause the service to crash.
Update the affected packages.
i686:Vulnerable software versions
php70-soap-7.0.33-1.32.amzn1.i686
php70-json-7.0.33-1.32.amzn1.i686
php70-mbstring-7.0.33-1.32.amzn1.i686
php70-opcache-7.0.33-1.32.amzn1.i686
php70-tidy-7.0.33-1.32.amzn1.i686
php70-xml-7.0.33-1.32.amzn1.i686
php70-gd-7.0.33-1.32.amzn1.i686
php70-common-7.0.33-1.32.amzn1.i686
php70-snmp-7.0.33-1.32.amzn1.i686
php70-gmp-7.0.33-1.32.amzn1.i686
php70-ldap-7.0.33-1.32.amzn1.i686
php70-mysqlnd-7.0.33-1.32.amzn1.i686
php70-mcrypt-7.0.33-1.32.amzn1.i686
php70-pdo-7.0.33-1.32.amzn1.i686
php70-embedded-7.0.33-1.32.amzn1.i686
php70-process-7.0.33-1.32.amzn1.i686
php70-intl-7.0.33-1.32.amzn1.i686
php70-bcmath-7.0.33-1.32.amzn1.i686
php70-7.0.33-1.32.amzn1.i686
php70-recode-7.0.33-1.32.amzn1.i686
php70-xmlrpc-7.0.33-1.32.amzn1.i686
php70-pdo-dblib-7.0.33-1.32.amzn1.i686
php70-cli-7.0.33-1.32.amzn1.i686
php70-pspell-7.0.33-1.32.amzn1.i686
php70-dba-7.0.33-1.32.amzn1.i686
php70-dbg-7.0.33-1.32.amzn1.i686
php70-odbc-7.0.33-1.32.amzn1.i686
php70-enchant-7.0.33-1.32.amzn1.i686
php70-fpm-7.0.33-1.32.amzn1.i686
php70-pgsql-7.0.33-1.32.amzn1.i686
php70-devel-7.0.33-1.32.amzn1.i686
php70-zip-7.0.33-1.32.amzn1.i686
php70-imap-7.0.33-1.32.amzn1.i686
php70-debuginfo-7.0.33-1.32.amzn1.i686
php56-xml-5.6.39-1.141.amzn1.i686
php56-pdo-5.6.39-1.141.amzn1.i686
php56-dbg-5.6.39-1.141.amzn1.i686
php56-ldap-5.6.39-1.141.amzn1.i686
php56-mbstring-5.6.39-1.141.amzn1.i686
php56-dba-5.6.39-1.141.amzn1.i686
php56-cli-5.6.39-1.141.amzn1.i686
php56-process-5.6.39-1.141.amzn1.i686
php56-common-5.6.39-1.141.amzn1.i686
php56-odbc-5.6.39-1.141.amzn1.i686
php56-xmlrpc-5.6.39-1.141.amzn1.i686
php56-devel-5.6.39-1.141.amzn1.i686
php56-mysqlnd-5.6.39-1.141.amzn1.i686
php56-opcache-5.6.39-1.141.amzn1.i686
php56-fpm-5.6.39-1.141.amzn1.i686
php56-debuginfo-5.6.39-1.141.amzn1.i686
php56-embedded-5.6.39-1.141.amzn1.i686
php56-gd-5.6.39-1.141.amzn1.i686
php56-imap-5.6.39-1.141.amzn1.i686
php56-enchant-5.6.39-1.141.amzn1.i686
php56-mssql-5.6.39-1.141.amzn1.i686
php56-soap-5.6.39-1.141.amzn1.i686
php56-mcrypt-5.6.39-1.141.amzn1.i686
php56-bcmath-5.6.39-1.141.amzn1.i686
php56-tidy-5.6.39-1.141.amzn1.i686
php56-gmp-5.6.39-1.141.amzn1.i686
php56-intl-5.6.39-1.141.amzn1.i686
php56-recode-5.6.39-1.141.amzn1.i686
php56-pgsql-5.6.39-1.141.amzn1.i686
php56-5.6.39-1.141.amzn1.i686
php56-snmp-5.6.39-1.141.amzn1.i686
php56-pspell-5.6.39-1.141.amzn1.i686
php71-common-7.1.25-1.35.amzn1.i686
php71-enchant-7.1.25-1.35.amzn1.i686
php71-intl-7.1.25-1.35.amzn1.i686
php71-pdo-dblib-7.1.25-1.35.amzn1.i686
php71-7.1.25-1.35.amzn1.i686
php71-debuginfo-7.1.25-1.35.amzn1.i686
php71-tidy-7.1.25-1.35.amzn1.i686
php71-gmp-7.1.25-1.35.amzn1.i686
php71-bcmath-7.1.25-1.35.amzn1.i686
php71-embedded-7.1.25-1.35.amzn1.i686
php71-fpm-7.1.25-1.35.amzn1.i686
php71-gd-7.1.25-1.35.amzn1.i686
php71-cli-7.1.25-1.35.amzn1.i686
php71-pgsql-7.1.25-1.35.amzn1.i686
php71-snmp-7.1.25-1.35.amzn1.i686
php71-ldap-7.1.25-1.35.amzn1.i686
php71-xml-7.1.25-1.35.amzn1.i686
php71-dbg-7.1.25-1.35.amzn1.i686
php71-odbc-7.1.25-1.35.amzn1.i686
php71-json-7.1.25-1.35.amzn1.i686
php71-xmlrpc-7.1.25-1.35.amzn1.i686
php71-imap-7.1.25-1.35.amzn1.i686
php71-mysqlnd-7.1.25-1.35.amzn1.i686
php71-devel-7.1.25-1.35.amzn1.i686
php71-mcrypt-7.1.25-1.35.amzn1.i686
php71-recode-7.1.25-1.35.amzn1.i686
php71-process-7.1.25-1.35.amzn1.i686
php71-opcache-7.1.25-1.35.amzn1.i686
php71-dba-7.1.25-1.35.amzn1.i686
php71-soap-7.1.25-1.35.amzn1.i686
php71-pdo-7.1.25-1.35.amzn1.i686
php71-pspell-7.1.25-1.35.amzn1.i686
php71-mbstring-7.1.25-1.35.amzn1.i686
php72-pspell-7.2.13-1.7.amzn1.i686
php72-imap-7.2.13-1.7.amzn1.i686
php72-7.2.13-1.7.amzn1.i686
php72-json-7.2.13-1.7.amzn1.i686
php72-dbg-7.2.13-1.7.amzn1.i686
php72-intl-7.2.13-1.7.amzn1.i686
php72-mysqlnd-7.2.13-1.7.amzn1.i686
php72-enchant-7.2.13-1.7.amzn1.i686
php72-embedded-7.2.13-1.7.amzn1.i686
php72-debuginfo-7.2.13-1.7.amzn1.i686
php72-pgsql-7.2.13-1.7.amzn1.i686
php72-common-7.2.13-1.7.amzn1.i686
php72-pdo-dblib-7.2.13-1.7.amzn1.i686
php72-recode-7.2.13-1.7.amzn1.i686
php72-mbstring-7.2.13-1.7.amzn1.i686
php72-bcmath-7.2.13-1.7.amzn1.i686
php72-tidy-7.2.13-1.7.amzn1.i686
php72-gd-7.2.13-1.7.amzn1.i686
php72-soap-7.2.13-1.7.amzn1.i686
php72-ldap-7.2.13-1.7.amzn1.i686
php72-devel-7.2.13-1.7.amzn1.i686
php72-odbc-7.2.13-1.7.amzn1.i686
php72-gmp-7.2.13-1.7.amzn1.i686
php72-dba-7.2.13-1.7.amzn1.i686
php72-xml-7.2.13-1.7.amzn1.i686
php72-snmp-7.2.13-1.7.amzn1.i686
php72-opcache-7.2.13-1.7.amzn1.i686
php72-fpm-7.2.13-1.7.amzn1.i686
php72-pdo-7.2.13-1.7.amzn1.i686
php72-cli-7.2.13-1.7.amzn1.i686
php72-xmlrpc-7.2.13-1.7.amzn1.i686
php72-process-7.2.13-1.7.amzn1.i686
src:
php70-7.0.33-1.32.amzn1.src
php56-5.6.39-1.141.amzn1.src
php71-7.1.25-1.35.amzn1.src
php72-7.2.13-1.7.amzn1.src
x86_64:
php70-gd-7.0.33-1.32.amzn1.x86_64
php70-embedded-7.0.33-1.32.amzn1.x86_64
php70-pgsql-7.0.33-1.32.amzn1.x86_64
php70-ldap-7.0.33-1.32.amzn1.x86_64
php70-process-7.0.33-1.32.amzn1.x86_64
php70-intl-7.0.33-1.32.amzn1.x86_64
php70-common-7.0.33-1.32.amzn1.x86_64
php70-opcache-7.0.33-1.32.amzn1.x86_64
php70-cli-7.0.33-1.32.amzn1.x86_64
php70-enchant-7.0.33-1.32.amzn1.x86_64
php70-fpm-7.0.33-1.32.amzn1.x86_64
php70-recode-7.0.33-1.32.amzn1.x86_64
php70-bcmath-7.0.33-1.32.amzn1.x86_64
php70-mbstring-7.0.33-1.32.amzn1.x86_64
php70-soap-7.0.33-1.32.amzn1.x86_64
php70-pdo-dblib-7.0.33-1.32.amzn1.x86_64
php70-debuginfo-7.0.33-1.32.amzn1.x86_64
php70-mysqlnd-7.0.33-1.32.amzn1.x86_64
php70-snmp-7.0.33-1.32.amzn1.x86_64
php70-7.0.33-1.32.amzn1.x86_64
php70-dbg-7.0.33-1.32.amzn1.x86_64
php70-pspell-7.0.33-1.32.amzn1.x86_64
php70-dba-7.0.33-1.32.amzn1.x86_64
php70-odbc-7.0.33-1.32.amzn1.x86_64
php70-xmlrpc-7.0.33-1.32.amzn1.x86_64
php70-devel-7.0.33-1.32.amzn1.x86_64
php70-pdo-7.0.33-1.32.amzn1.x86_64
php70-xml-7.0.33-1.32.amzn1.x86_64
php70-zip-7.0.33-1.32.amzn1.x86_64
php70-imap-7.0.33-1.32.amzn1.x86_64
php70-gmp-7.0.33-1.32.amzn1.x86_64
php70-tidy-7.0.33-1.32.amzn1.x86_64
php70-json-7.0.33-1.32.amzn1.x86_64
php70-mcrypt-7.0.33-1.32.amzn1.x86_64
php56-dbg-5.6.39-1.141.amzn1.x86_64
php56-mssql-5.6.39-1.141.amzn1.x86_64
php56-tidy-5.6.39-1.141.amzn1.x86_64
php56-intl-5.6.39-1.141.amzn1.x86_64
php56-dba-5.6.39-1.141.amzn1.x86_64
php56-pdo-5.6.39-1.141.amzn1.x86_64
php56-cli-5.6.39-1.141.amzn1.x86_64
php56-common-5.6.39-1.141.amzn1.x86_64
php56-embedded-5.6.39-1.141.amzn1.x86_64
php56-ldap-5.6.39-1.141.amzn1.x86_64
php56-pspell-5.6.39-1.141.amzn1.x86_64
php56-5.6.39-1.141.amzn1.x86_64
php56-fpm-5.6.39-1.141.amzn1.x86_64
php56-debuginfo-5.6.39-1.141.amzn1.x86_64
php56-mysqlnd-5.6.39-1.141.amzn1.x86_64
php56-gmp-5.6.39-1.141.amzn1.x86_64
php56-xml-5.6.39-1.141.amzn1.x86_64
php56-pgsql-5.6.39-1.141.amzn1.x86_64
php56-bcmath-5.6.39-1.141.amzn1.x86_64
php56-gd-5.6.39-1.141.amzn1.x86_64
php56-opcache-5.6.39-1.141.amzn1.x86_64
php56-devel-5.6.39-1.141.amzn1.x86_64
php56-xmlrpc-5.6.39-1.141.amzn1.x86_64
php56-recode-5.6.39-1.141.amzn1.x86_64
php56-process-5.6.39-1.141.amzn1.x86_64
php56-mbstring-5.6.39-1.141.amzn1.x86_64
php56-enchant-5.6.39-1.141.amzn1.x86_64
php56-imap-5.6.39-1.141.amzn1.x86_64
php56-soap-5.6.39-1.141.amzn1.x86_64
php56-mcrypt-5.6.39-1.141.amzn1.x86_64
php56-odbc-5.6.39-1.141.amzn1.x86_64
php56-snmp-5.6.39-1.141.amzn1.x86_64
php71-bcmath-7.1.25-1.35.amzn1.x86_64
php71-snmp-7.1.25-1.35.amzn1.x86_64
php71-pspell-7.1.25-1.35.amzn1.x86_64
php71-mbstring-7.1.25-1.35.amzn1.x86_64
php71-pdo-dblib-7.1.25-1.35.amzn1.x86_64
php71-mysqlnd-7.1.25-1.35.amzn1.x86_64
php71-embedded-7.1.25-1.35.amzn1.x86_64
php71-7.1.25-1.35.amzn1.x86_64
php71-debuginfo-7.1.25-1.35.amzn1.x86_64
php71-cli-7.1.25-1.35.amzn1.x86_64
php71-devel-7.1.25-1.35.amzn1.x86_64
php71-dbg-7.1.25-1.35.amzn1.x86_64
php71-common-7.1.25-1.35.amzn1.x86_64
php71-odbc-7.1.25-1.35.amzn1.x86_64
php71-soap-7.1.25-1.35.amzn1.x86_64
php71-xmlrpc-7.1.25-1.35.amzn1.x86_64
php71-xml-7.1.25-1.35.amzn1.x86_64
php71-tidy-7.1.25-1.35.amzn1.x86_64
php71-json-7.1.25-1.35.amzn1.x86_64
php71-imap-7.1.25-1.35.amzn1.x86_64
php71-intl-7.1.25-1.35.amzn1.x86_64
php71-gmp-7.1.25-1.35.amzn1.x86_64
php71-fpm-7.1.25-1.35.amzn1.x86_64
php71-recode-7.1.25-1.35.amzn1.x86_64
php71-opcache-7.1.25-1.35.amzn1.x86_64
php71-mcrypt-7.1.25-1.35.amzn1.x86_64
php71-dba-7.1.25-1.35.amzn1.x86_64
php71-pgsql-7.1.25-1.35.amzn1.x86_64
php71-pdo-7.1.25-1.35.amzn1.x86_64
php71-process-7.1.25-1.35.amzn1.x86_64
php71-enchant-7.1.25-1.35.amzn1.x86_64
php71-ldap-7.1.25-1.35.amzn1.x86_64
php71-gd-7.1.25-1.35.amzn1.x86_64
php72-dba-7.2.13-1.7.amzn1.x86_64
php72-cli-7.2.13-1.7.amzn1.x86_64
php72-debuginfo-7.2.13-1.7.amzn1.x86_64
php72-odbc-7.2.13-1.7.amzn1.x86_64
php72-xml-7.2.13-1.7.amzn1.x86_64
php72-gd-7.2.13-1.7.amzn1.x86_64
php72-devel-7.2.13-1.7.amzn1.x86_64
php72-snmp-7.2.13-1.7.amzn1.x86_64
php72-pdo-dblib-7.2.13-1.7.amzn1.x86_64
php72-7.2.13-1.7.amzn1.x86_64
php72-mbstring-7.2.13-1.7.amzn1.x86_64
php72-soap-7.2.13-1.7.amzn1.x86_64
php72-dbg-7.2.13-1.7.amzn1.x86_64
php72-mysqlnd-7.2.13-1.7.amzn1.x86_64
php72-recode-7.2.13-1.7.amzn1.x86_64
php72-pdo-7.2.13-1.7.amzn1.x86_64
php72-fpm-7.2.13-1.7.amzn1.x86_64
php72-opcache-7.2.13-1.7.amzn1.x86_64
php72-tidy-7.2.13-1.7.amzn1.x86_64
php72-json-7.2.13-1.7.amzn1.x86_64
php72-ldap-7.2.13-1.7.amzn1.x86_64
php72-pgsql-7.2.13-1.7.amzn1.x86_64
php72-pspell-7.2.13-1.7.amzn1.x86_64
php72-bcmath-7.2.13-1.7.amzn1.x86_64
php72-imap-7.2.13-1.7.amzn1.x86_64
php72-intl-7.2.13-1.7.amzn1.x86_64
php72-common-7.2.13-1.7.amzn1.x86_64
php72-gmp-7.2.13-1.7.amzn1.x86_64
php72-xmlrpc-7.2.13-1.7.amzn1.x86_64
php72-embedded-7.2.13-1.7.amzn1.x86_64
php72-process-7.2.13-1.7.amzn1.x86_64
php72-enchant-7.2.13-1.7.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2019-1147.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
