rh-php56-php-5.6.5-9.AXS4
エラータID: AXSA:2016-622:02
リリース日:
2016/08/12 Friday - 06:49
題名:
rh-php56-php-5.6.5-9.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Severity:
Moderate
Description:
- PHP は、RFC 3875 section 4.1.18 の名前空間のコンフリクト処理を試みておらず、その結果、HTTP_PROXY 環境変数の信頼できないクライントデータから、アプリケーションを保護しないため、HTTP リクエストの巧妙に細工された Proxy ヘッダーによって、リモートの攻撃者がアプリケーションのアウトバウンド HTTP トラフィックを、任意のプロキシサーバにリダイレクトする可能性のある脆弱性があります。(CVE-2016-5385)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2016-5385
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
追加情報:
N/A
ダウンロード:
SRPMS
- rh-php56-php-5.6.5-9.AXS4.src.rpm
MD5: fa7fdf3c6a4522d560e52be80dc5eedb
SHA-256: 0cc41fca178fd288ca46a6f0625a0a38a8d5ec8b72f98f66e0e48b52f96c1864
Size: 11.00 MB
Asianux Server 4 for x86_64
- rh-php56-php-5.6.5-9.AXS4.x86_64.rpm
MD5: fadfd17e38732d684f094883f6ccbbf3
SHA-256: bc92d656e2280e0080dc691a402dd74dd1a3e008d41a33b2f566eea333a48a66
Size: 1.28 MB - rh-php56-php-bcmath-5.6.5-9.AXS4.x86_64.rpm
MD5: 508c17e0ff23d62373bf1b5ea9667d32
SHA-256: f0654cc402f228033a263b7364408671325dc06f980d692671709f57a7dd7b48
Size: 56.61 kB - rh-php56-php-cli-5.6.5-9.AXS4.x86_64.rpm
MD5: 7c15320bea579564c524cde7237dbe5c
SHA-256: e66d3b8f3b0130d51a84e003fd09dcb221f89b3d75c2a8f28db1adabfc272abc
Size: 2.48 MB - rh-php56-php-common-5.6.5-9.AXS4.x86_64.rpm
MD5: 9e9e9ce9bfd62fdd62fa9970614e0b23
SHA-256: 086c1a98c8291ff82d2d1e1a2b406b6b994d82f412cdcb36362669f668b86223
Size: 721.33 kB - rh-php56-php-dba-5.6.5-9.AXS4.x86_64.rpm
MD5: ceede36cb922aaf2fd733915ba4a6041
SHA-256: 2bc482e599138d7f419034ff574c28a4c87f0544eb0a480cd8ae7a35ee16c3b1
Size: 54.39 kB - rh-php56-php-dbg-5.6.5-9.AXS4.x86_64.rpm
MD5: 1f6ada32ec2ac1d55fd808ff5581ded6
SHA-256: 9a2f88944ca0f2050147a9b73026827e647e909c78d1880d4ca292a084ac9016
Size: 1.28 MB - rh-php56-php-devel-5.6.5-9.AXS4.x86_64.rpm
MD5: 04ae58516301f9194ad3d47dff429e22
SHA-256: bcf12fceb43bf859f69931f4d39bbeb7c9dae5dfea957b3d8881c2b684cd9b0b
Size: 672.27 kB - rh-php56-php-embedded-5.6.5-9.AXS4.x86_64.rpm
MD5: 64c691cc5f568cb13ea69bd7aacc0f8c
SHA-256: 1a9e54b6112198be0d766594abda5b05a75983a8505c45fe091c96dfc8cdc08f
Size: 1.27 MB - rh-php56-php-enchant-5.6.5-9.AXS4.x86_64.rpm
MD5: 423af8ed9a4cfa09c68b11b660e2b1d8
SHA-256: 6d5a6c648e46f3e9af9c97e492f42cc14774e687bdb44af227314beaca5229f3
Size: 41.44 kB - rh-php56-php-fpm-5.6.5-9.AXS4.x86_64.rpm
MD5: fb96469af08bcef0d6c4ec920c03b974
SHA-256: ae875c5bda67ad247591b3b2aa40677876ea5ac9acb7b7c1d5b7529c0366eeba
Size: 1.29 MB - rh-php56-php-gd-5.6.5-9.AXS4.x86_64.rpm
MD5: aaf0af8c9abcb56f42f1a226e99cf289
SHA-256: 8d292888b31b1e0ae3b42b8db511a7c258325bfbfd9d64ea3936faf4b045d9af
Size: 145.20 kB - rh-php56-php-gmp-5.6.5-9.AXS4.x86_64.rpm
MD5: 2e260e289de1d599aba7324c11100e7a
SHA-256: 6afb802e7da974b1f8764b219ffbee467a20f0a943b46f626eee268bdf35334f
Size: 50.94 kB - rh-php56-php-imap-5.6.5-9.AXS4.x86_64.rpm
MD5: 7d2cd535ecabe31651f7e49d01394393
SHA-256: 4a2cc8d3b94c155d0dc40ea47972cb9e45f953a995e38c7b290be9734d2459a3
Size: 62.75 kB - rh-php56-php-intl-5.6.5-9.AXS4.x86_64.rpm
MD5: f69b3687d909ddae051665bc9ff7a7d8
SHA-256: 4eac5cc2df2fe69c90bec27a2985483450f185602644d84499a36cbb3f2a616e
Size: 138.00 kB - rh-php56-php-ldap-5.6.5-9.AXS4.x86_64.rpm
MD5: 5dee6129f8b05c1d0450a6178aae3226
SHA-256: 67ffbc0271964aba028db9d4421dbf51017d58b0dda74ae60c39d530354e77f7
Size: 54.06 kB - rh-php56-php-mbstring-5.6.5-9.AXS4.x86_64.rpm
MD5: bf34142e1c28e5b2445bd525ddc13288
SHA-256: 2c63a55a5aebe7c04acd89d281e5601413dbc2158f7f489743843cc1344fa21e
Size: 507.79 kB - rh-php56-php-mysqlnd-5.6.5-9.AXS4.x86_64.rpm
MD5: 9b6fb78f286d02d8784bb501283db3ae
SHA-256: b368400f007239e1073102b111e7bca4e4697cc8263b8bb3a9796fe5a8bad43f
Size: 1.85 MB - rh-php56-php-odbc-5.6.5-9.AXS4.x86_64.rpm
MD5: 01004a033f1ee24f99c1d72ac61901d8
SHA-256: 0c59c761e19209c80c8dd831ef73913aacfceeb217fed2b5a16149e3cd4a86a0
Size: 63.59 kB - rh-php56-php-opcache-5.6.5-9.AXS4.x86_64.rpm
MD5: 782b6691b1d0e3ce4cdd9091f26f5ef3
SHA-256: 444c6c0018b1c63d61885a6a2b9da7dac8803028e3f60c85b833fb5c99211751
Size: 94.80 kB - rh-php56-php-pdo-5.6.5-9.AXS4.x86_64.rpm
MD5: 3b66204ddf5bca3730e4da64a063053a
SHA-256: 6b3be6ece68b7b9cb2293dabfc313081f0ca866530f59e8c1e3daf1fd72af1ff
Size: 89.50 kB - rh-php56-php-pgsql-5.6.5-9.AXS4.x86_64.rpm
MD5: 9cf89ba3de908f21d42af5c8628f332a
SHA-256: ffa9156085ff721e0346fc8d13893da251a0d38650d594e3fc096fa153fb0eb8
Size: 87.71 kB - rh-php56-php-process-5.6.5-9.AXS4.x86_64.rpm
MD5: 8363ca448c8d95afa21ef6e7d2fef0d1
SHA-256: 0578200038c99650af1c71576ea5b6f76591a27fba708455ab3b19c512315f94
Size: 55.07 kB - rh-php56-php-pspell-5.6.5-9.AXS4.x86_64.rpm
MD5: b9863e59c5aa4902b2e9765e27054157
SHA-256: e27e3710cbb80d9b6bc0b4b5a526ea1d0953cee2fa824b2b5caec686dd5219d3
Size: 40.87 kB - rh-php56-php-recode-5.6.5-9.AXS4.x86_64.rpm
MD5: 3c79ee055bdfac1334286bd8c55b16f0
SHA-256: 49313ec2903e7a1a345305ccf753abbb14de1af236fcb1d531376559f7255558
Size: 37.89 kB - rh-php56-php-snmp-5.6.5-9.AXS4.x86_64.rpm
MD5: c337807c3dfb141e9842d54f39e6cf15
SHA-256: 6c13d584411d31ff4517ec5887ed6482b307720d65040552ca7401e79ddf5365
Size: 51.48 kB - rh-php56-php-soap-5.6.5-9.AXS4.x86_64.rpm
MD5: 762c67d44087d5a01fcecb1f20777739
SHA-256: 495108dd1aa5e933d4e44dc59fe3ec5cc1b566a6b1f5ff26b646e3c5e08e039e
Size: 154.41 kB - rh-php56-php-tidy-5.6.5-9.AXS4.x86_64.rpm
MD5: 679c3a5d2a466b8a256ad3c397ae409c
SHA-256: 77f589b38b10931340693880c28208b5fa5d26a53b61f558d403102239c27318
Size: 48.93 kB - rh-php56-php-xml-5.6.5-9.AXS4.x86_64.rpm
MD5: f8af1596c60c66227c89f5d22bd1a1a4
SHA-256: 0ca1b7384b76e049beb645fb226fc8984c4a83ac9d84a6b4497b4bb1f0ab6e58
Size: 145.94 kB - rh-php56-php-xmlrpc-5.6.5-9.AXS4.x86_64.rpm
MD5: c5178489eb7dd8c3f3be1e5845fd3a2a
SHA-256: 492188920b8fe8a0967f1b0c72be022cb137d6ab7591464617b82c3e6fb4df45
Size: 65.14 kB
English