Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-1066)
Medium Nessus Plugin ID 112093
SynopsisThe remote Amazon Linux AMI host is missing a security update.
Descriptionexif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851)
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.(CVE-2018-14883)
SolutionRun 'yum update php56' to update your system.
Run 'yum update php70' to update your system.
Run 'yum update php71' to update your system.