Amazon Linux: Security Advisory (ALAS-2016-707)

The remote host is missing an update announced via the referenced Security Advisory.

The following security-related issues were resolved: - Out-of-bounds read in imagescale (CVE-2013-7456) - Integer underflow causing arbitrary null write in fread/gzread (CVE-2016-5096) - The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive. (CVE-2016-4343) - Integer overflow in php_html_entities() (CVE-2016-5094) - Integer overflow in php_filter_full_special_chars() (CVE-2016-5095) - Out-of-bounds heap read in get_icu_value_internal (CVE-2016-5093) (Updated 2016-06-15: CVE-2016-5095 was fixed in this version, but was not previously listed in this errata.)

Run yum update php55 to update your system.