php-5.3.3-48.AXS4
エラータID: AXSA:2016-621:04
リリース日:
2016/08/12 Friday - 06:36
題名:
php-5.3.3-48.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
Moderate
Description:
[修正内容]
以下項目について対処しました。
[Security Fix]
- PHP は、RFC 3875 section 4.1.18 の名前空間のコンフリクト処理を試みておらず、その結果、HTTP_PROXY 環境変数の信頼できないクライントデータから、アプリケーションを保護しないため、HTTP リクエストの巧妙に細工された Proxy ヘッダーによって、リモートの攻撃者がアプリケーションのアウトバウンド HTTP トラフィックを、任意のプロキシサーバにリダイレクトする可能性のある脆弱性があります。(CVE-2016-5385)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2016-5385
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
追加情報:
N/A
ダウンロード:
SRPMS
- php-5.3.3-48.AXS4.src.rpm
MD5: eaf3f399d797ac227fd300a6e233cd55
SHA-256: f4c61958bbfde06f25602ff057927e63025a449c79ce154031d44ff4453904c5
Size: 10.41 MB
Asianux Server 4 for x86
- php-5.3.3-48.AXS4.i686.rpm
MD5: a1eb4fb53991f8aecb843d7357714d46
SHA-256: 9d32a5af180c07c448a5f836b2dadfe3889d9ac3b6c8edd184768cf3376da7b9
Size: 1.12 MB - php-bcmath-5.3.3-48.AXS4.i686.rpm
MD5: 747ad0aeba6a464a6cd03d3d4ee6d940
SHA-256: a9bb1c51e6bedf029ecf614ce871c6d9244deef077d378c85fdbddd9d42b43c0
Size: 38.75 kB - php-cli-5.3.3-48.AXS4.i686.rpm
MD5: 884eba7712eea24558facc62d3b024e6
SHA-256: 1b46edae3e82e368a0e505c3a174d1ae5d405aef4c471462703da3ed80f7c230
Size: 2.23 MB - php-common-5.3.3-48.AXS4.i686.rpm
MD5: 16df7ae411172128aed14c2a0ad7b081
SHA-256: 90b40c8b9064f7c20e62bd4df8c6d61c87280423b8373e2d15d4879961d0c6ae
Size: 530.23 kB - php-gd-5.3.3-48.AXS4.i686.rpm
MD5: 36486e09d47826578b282f3370d99e37
SHA-256: bd6d288ca80735de8c99d7ce38ef403ff36661e96284218618afdfa3da3d49ac
Size: 109.05 kB - php-ldap-5.3.3-48.AXS4.i686.rpm
MD5: 39870ed8eb703f36343157cea08ec832
SHA-256: b450e6aa56925a26101335f42e7b56971874200429b295c6d91fee14cfdae94f
Size: 41.78 kB - php-mbstring-5.3.3-48.AXS4.i686.rpm
MD5: e95ba2cb5fc6dc53a662a7fcab6831a2
SHA-256: 1e3281f79462b8aae9a633b4c86b4eced52b9bfbe3497a531b0094df883a9425
Size: 459.16 kB - php-mysql-5.3.3-48.AXS4.i686.rpm
MD5: 5409616051bde143e97790ea1ba9553c
SHA-256: a65e029d6df09406a9257102a3c3ad57634dd61509561ede05c6846d214a4a96
Size: 83.09 kB - php-odbc-5.3.3-48.AXS4.i686.rpm
MD5: c376068d78919e37cb8b52c7bcf3ea45
SHA-256: 5c440ecb826ecaeef8a71bf50ade123b22dcf5aa56c1b1c768ec00b97458fd93
Size: 54.34 kB - php-pdo-5.3.3-48.AXS4.i686.rpm
MD5: 5f7d82b64fa52fc629b03815a5abf7c3
SHA-256: af11ec4a8de7b56d60f995aab36f88dd9fdfffdd8e8a3df202e66554245b8976
Size: 78.33 kB - php-pgsql-5.3.3-48.AXS4.i686.rpm
MD5: 1887bd96e7b41c5d11b6226436a0bd0a
SHA-256: 5d028d3a827ebdb797922f3b10505a7d9552bb22ad4e81dca3a9cede63a4d931
Size: 73.39 kB - php-soap-5.3.3-48.AXS4.i686.rpm
MD5: 50f4843b79079a5e0cedb54912a93a43
SHA-256: db655288d6c3972b9dff71563b88327058d8af7fbbe38070a4359f01c9c72798
Size: 145.68 kB - php-xml-5.3.3-48.AXS4.i686.rpm
MD5: 96fafbabac6a3c5778637f8c3927d8f9
SHA-256: 76ebf76aaa97db450c119498f9b888803d40cf15b02d6f30126c28ffa384162c
Size: 105.60 kB - php-xmlrpc-5.3.3-48.AXS4.i686.rpm
MD5: 042d7a12b81439a512783d280b757444
SHA-256: 9c3fe900c25137829310da64151f42fc684a11781bda94769d9f9eeb06532676
Size: 57.50 kB
Asianux Server 4 for x86_64
- php-5.3.3-48.AXS4.x86_64.rpm
MD5: e75977590118f5bcfc6deb87d06be245
SHA-256: 2db158c231d2b49d876b5427e66197f2f183e765a4683c88078be1799b9ee8e4
Size: 1.13 MB - php-bcmath-5.3.3-48.AXS4.x86_64.rpm
MD5: 055afc76ec0d206335cc322d4a030fa3
SHA-256: 0afb6e7690ad2ce0ae153588048689b6b646cf5b67274feceddb8ed57aef97a8
Size: 38.51 kB - php-cli-5.3.3-48.AXS4.x86_64.rpm
MD5: 4aa684e9a501d14f4570132df19df743
SHA-256: 46180fc1a5c624fd4bb92d86bf3ad50b2468210d7fe4f1b87e65879c621ff401
Size: 2.18 MB - php-common-5.3.3-48.AXS4.x86_64.rpm
MD5: bad2ca1be95af8ba21500245a3eda3c4
SHA-256: d69b7a426de9b8b0bd792bf26240701d80a834915fc689cdfe1a984b528ed7d7
Size: 528.78 kB - php-gd-5.3.3-48.AXS4.x86_64.rpm
MD5: 0298fb55a8f612e8ff77be5822547049
SHA-256: 71b97929e56ed556de96d2b2dfb18d59d5771633ece9f6caf312bc2f0fd7d2b1
Size: 110.35 kB - php-ldap-5.3.3-48.AXS4.x86_64.rpm
MD5: 11dfd1e5033fe0628c5a6e75365e8063
SHA-256: bf8755cc7b00b1f3d71e9c3bb3c91f0983f6132aab18fd78e9f1bb14580b0a58
Size: 42.14 kB - php-mbstring-5.3.3-48.AXS4.x86_64.rpm
MD5: d634f7e254c989339f9857c366bdb933
SHA-256: 78670221bcbc6934f0654fccb66a1c843f96deed4b97c3c440c769666e7661ee
Size: 459.08 kB - php-mysql-5.3.3-48.AXS4.x86_64.rpm
MD5: d7538b8fdb49f6b610cc8302ef6bc037
SHA-256: ddf2e2fd38ad168e8a7eb960c179c1cf5b858f479d4aaca59e3c0f001c21c80c
Size: 85.28 kB - php-odbc-5.3.3-48.AXS4.x86_64.rpm
MD5: 4098d134001ad66c54285c24f042e740
SHA-256: 262fa8f811040ed5a43c7e6d1cd4bb790221e1f5fa779646fb30544273bf948d
Size: 54.67 kB - php-pdo-5.3.3-48.AXS4.x86_64.rpm
MD5: 673e67780e912e43d8fbd486088594c7
SHA-256: 4c6fb5335e529618b4474e916bf57f0942d6c9a29dfe1745e52c3ae751cb0f93
Size: 79.04 kB - php-pgsql-5.3.3-48.AXS4.x86_64.rpm
MD5: 4e2c4e092ca3d874e4f58891bd3cd6bc
SHA-256: 98e0692f44862fe1cf1efd771e770ee2760c36de977db9f149299d2554ba8694
Size: 74.07 kB - php-soap-5.3.3-48.AXS4.x86_64.rpm
MD5: 88f584f5521ec36c15cfb82a6d11b2b0
SHA-256: 686cd3d86915fea47e577c20246c111252e9a23a94728b826cf035ad810ad57b
Size: 144.30 kB - php-xml-5.3.3-48.AXS4.x86_64.rpm
MD5: a2c64d34e409d355922b55b27342a7a3
SHA-256: caa1440d529fd69fb3a7b04ad664b44ccc807b03af31c3486e2a577b39e0bf59
Size: 107.09 kB - php-xmlrpc-5.3.3-48.AXS4.x86_64.rpm
MD5: 9589432d004c9853d1354315375e03c9
SHA-256: 5ae7757149db0aca041d50ffd52067f6a219e78f10437e0b5e586725e84ce3c7
Size: 56.48 kB
English