Amazon Linux AMI : php54 (ALAS-2014-434)
High Nessus Plugin ID 78777
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionAn out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.
An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669)
A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.
SolutionRun 'yum update php54' to update your system.