QID 354412
Date Published: 2022-12-21
QID 354412: Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALAS2022-2022-073
A flaw was found in php.
The main cause of this vulnerability is improper input validation while parsing an extensible markup language(xml) entity.
A special character could allow an attacker to traverse directories.
The highest threat from this vulnerability is confidentiality. (
( CVE-2021-21707) a flaw was found in php.
The vulnerability occurs due to the malformed php_filter_float() function and leads to a use-after-free vulnerability.
This flaw allows an attacker to inject a malicious file, leading to a crash or a segmentation fault. (
( CVE-2021-21708)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2022-2022-073 for affected packages and patching details, or update with your package manager.
Vendor References
- ALAS2022-2022-073 -
alas.aws.amazon.com/AL2022/ALAS-2022-073.html
CVEs related to QID 354412
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2022-2022-073 | amazon linux 2022 |
alas.aws.amazon.com/AL2022/ALAS-2022-073.html |