Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2016-670)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.120660

Category: Amazon Linux Local Security Checks

Title: Amazon Linux: Security Advisory (ALAS-2016-670)

Summary: The remote host is missing an update for the 'php54' package(s) announced via the ALAS-2016-670 advisory.

Description: Summary:
The remote host is missing an update for the 'php54' package(s) announced via the ALAS-2016-670 advisory.

Vulnerability Insight:
A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838)

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-6834, CVE-2015-6835, CVE-2015-6836)

Affected Software/OS:
'php54' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-6834
BugTraq ID: 76649
http://www.securityfocus.com/bid/76649
Debian Security Information: DSA-3358 (Google Search)
http://www.debian.org/security/2015/dsa-3358
https://security.gentoo.org/glsa/201606-10
http://www.securitytracker.com/id/1033548
Common Vulnerability Exposure (CVE) ID: CVE-2015-6835
BugTraq ID: 76734
http://www.securityfocus.com/bid/76734
Common Vulnerability Exposure (CVE) ID: CVE-2015-6836
BugTraq ID: 76644
http://www.securityfocus.com/bid/76644
Common Vulnerability Exposure (CVE) ID: CVE-2015-6837
BugTraq ID: 76738
http://www.securityfocus.com/bid/76738
Common Vulnerability Exposure (CVE) ID: CVE-2015-6838
BugTraq ID: 76733
http://www.securityfocus.com/bid/76733

Copyright Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.120660
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2016-670)
Summary:	The remote host is missing an update for the 'php54' package(s) announced via the ALAS-2016-670 advisory.
Description:	Summary: The remote host is missing an update for the 'php54' package(s) announced via the ALAS-2016-670 advisory. Vulnerability Insight: A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838) A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-6834, CVE-2015-6835, CVE-2015-6836) Affected Software/OS: 'php54' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6834 BugTraq ID: 76649 http://www.securityfocus.com/bid/76649 Debian Security Information: DSA-3358 (Google Search) http://www.debian.org/security/2015/dsa-3358 https://security.gentoo.org/glsa/201606-10 http://www.securitytracker.com/id/1033548 Common Vulnerability Exposure (CVE) ID: CVE-2015-6835 BugTraq ID: 76734 http://www.securityfocus.com/bid/76734 Common Vulnerability Exposure (CVE) ID: CVE-2015-6836 BugTraq ID: 76644 http://www.securityfocus.com/bid/76644 Common Vulnerability Exposure (CVE) ID: CVE-2015-6837 BugTraq ID: 76738 http://www.securityfocus.com/bid/76738 Common Vulnerability Exposure (CVE) ID: CVE-2015-6838 BugTraq ID: 76733 http://www.securityfocus.com/bid/76733
Copyright	Copyright (C) 2016 Greenbone AG