Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-946)
Medium Nessus Plugin ID 106691
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionReflected XSS in .phar 404 page
An issue was discovered in PHP; there is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. (CVE-2018-5712)
Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c
The gd_gif_in.c file in the GD Graphics Library (aka libgd), as used in PHP has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. (CVE-2018-5711)
SolutionRun 'yum update php56' to update your system.
Run 'yum update php70' to update your system.
Run 'yum update php71' to update your system.