Amazon Linux AMI : php54 (ALAS-2015-509)
High Nessus Plugin ID 82856
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionA buffer overflow vulnerability was found in PHP's phar (PHP Archive) implementation. See https://bugs.php.net/bug.php?id=69324 for more details. (CVE-2015-2783)
A use-after-free flaw was found in PHP's phar (PHP Archive) paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2015-2301)
A buffer over-read flaw was found in the GD library. A specially crafted GIF file could cause an application using the gdImageCreateFromGif() function to crash. (CVE-2014-9709)
A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pg_insert() or pg_select() could cause a PHP application to crash. (CVE-2015-1352)
A buffer overflow flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.
SolutionRun 'yum update php54' to update your system.