rh-php56-php-5.6.5-9.el7
エラータID: AXSA:2016-623:03
リリース日:
2016/08/12 Friday - 07:06
題名:
rh-php56-php-5.6.5-9.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
[修正内容]
以下項目について対処しました。
[Security Fix]
- PHP は、RFC 3875 section 4.1.18 の名前空間のコンフリクト処理を試みておらず、その結果、HTTP_PROXY 環境変数の信頼できないクライントデータから、アプリケーションを保護しないため、HTTP リクエストの巧妙に細工された Proxy ヘッダーによって、リモートの攻撃者がアプリケーションのアウトバウンド HTTP トラフィックを、任意のプロキシサーバにリダイレクトする可能性のある脆弱性があります。(CVE-2016-5385)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2016-5385
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
追加情報:
N/A
ダウンロード:
SRPMS
- rh-php56-php-5.6.5-9.el7.src.rpm
MD5: 0d2fa631346e4b58becae12f7c19d400
SHA-256: 9fcc1465ec3def10255afb317eea4d6fffe72f36b7529e6db3cd361bc0ad79e3
Size: 11.00 MB
Asianux Server 7 for x86_64
- rh-php56-php-5.6.5-9.el7.x86_64.rpm
MD5: bc6c2dfb420666a4f480003e2a25da84
SHA-256: b873505d78428f106f43a752198922c7fb212b01d40abe6aa429bdbbfa2e1d87
Size: 1.29 MB - rh-php56-php-bcmath-5.6.5-9.el7.x86_64.rpm
MD5: 77244f992f272c950ed8e2554306a400
SHA-256: d2da2a5ae530f2ca0a5f4d8cb535b6501c70fd0a1a8c91c6c8a8a7f65d0270c1
Size: 58.21 kB - rh-php56-php-cli-5.6.5-9.el7.x86_64.rpm
MD5: e162be6006c06261bac8b232b217137f
SHA-256: c9dea9c371e945471b475f630171d925f55df298af178428dca6faca8882f7ca
Size: 2.62 MB - rh-php56-php-common-5.6.5-9.el7.x86_64.rpm
MD5: ff4e222dabdf20305d76021cce712e7e
SHA-256: 8ece7fdfd0efe320296a0548388981b62f0d2df32ec9550f484b6c87bdd62710
Size: 728.82 kB - rh-php56-php-dba-5.6.5-9.el7.x86_64.rpm
MD5: 51b82032a173b96497e1640d524081c4
SHA-256: c5cfe3c5adf5a6465dd9d8f19e89b63930b8f79a13ca4278a2b80a8317f5c878
Size: 56.83 kB - rh-php56-php-dbg-5.6.5-9.el7.x86_64.rpm
MD5: eba8acdfcc58109ba0e38951c8b64ec5
SHA-256: 83f116ef7fb1dcabf18f0d3c716ba15060b61734605ff4344eb180bc4d69d596
Size: 1.35 MB - rh-php56-php-devel-5.6.5-9.el7.x86_64.rpm
MD5: 41bf4875a54897388414109aaaca4a3d
SHA-256: 4068217176b8a56bf54675c9b39fc0a449ec5d609ef96413f86fba5889fb4bf7
Size: 626.22 kB - rh-php56-php-embedded-5.6.5-9.el7.x86_64.rpm
MD5: a35518bfeb83df1f07b10940fe125c01
SHA-256: 17ccb9f1fbf80e6f0b6cc47faca55b6dcd59016bba26f707d7e85a257bb8539e
Size: 1.28 MB - rh-php56-php-enchant-5.6.5-9.el7.x86_64.rpm
MD5: 72b31e47805f85015323a2f53c9981a9
SHA-256: ea8e2ed0da85dbb2182f8205f6a03027df9639a87efb4d36acc10d7407ebadd5
Size: 42.93 kB - rh-php56-php-fpm-5.6.5-9.el7.x86_64.rpm
MD5: 466f619ff57cbee9f9ec6e16f1a06bda
SHA-256: 23977ef930d495df325978187b154d04b60a1adb85d1a03933cdb8c475c8f986
Size: 1.36 MB - rh-php56-php-gd-5.6.5-9.el7.x86_64.rpm
MD5: 4608c88d9bf3d1a6156729383ad96290
SHA-256: 50a69ef38a4c435fc8cba17d7b824172938058378737b53afab7e718392451da
Size: 155.91 kB - rh-php56-php-gmp-5.6.5-9.el7.x86_64.rpm
MD5: 2ac7039510bd3b052cbf4b9ef6bf048e
SHA-256: 03fd920b3713764f724ca9074d18a31595aee099de4dbb4f364ce5ec8c42d19f
Size: 54.92 kB - rh-php56-php-intl-5.6.5-9.el7.x86_64.rpm
MD5: e1aa4a625467ca155de19acd181be03e
SHA-256: faefcd0ae5a3c33830412d1b210aa36b805ecf740816b8a1c754590b94812c7c
Size: 148.32 kB - rh-php56-php-ldap-5.6.5-9.el7.x86_64.rpm
MD5: e790e2159029ed0c4076aa83541fadd4
SHA-256: e9e1a1a08721a6a54d4afc94f6c766feffa455f614a5e152b8d799acdf2ef64e
Size: 55.56 kB - rh-php56-php-mbstring-5.6.5-9.el7.x86_64.rpm
MD5: 4ac66d592c9acdc49c7ab59033fa9810
SHA-256: 3213654e9832f1ffd2200b7c993fab1d87453a91bcb31f82470c2568d40ae3d7
Size: 517.49 kB - rh-php56-php-mysqlnd-5.6.5-9.el7.x86_64.rpm
MD5: dc0ba60d9046a1018fd304f9457a1fa3
SHA-256: c85805515b6ede57d4c97b1d3118c487bc23fe115a05d12097915a8372a0fac1
Size: 1.20 MB - rh-php56-php-odbc-5.6.5-9.el7.x86_64.rpm
MD5: cf0b2ff11edb0bf1ff2cd25c11bbfba1
SHA-256: 94f3df097905a730a26c8a6f57746ddc59148b4f557b4187d67ae7af0fffa2a0
Size: 66.37 kB - rh-php56-php-opcache-5.6.5-9.el7.x86_64.rpm
MD5: 511532928198d15b7e5c90cc748db695
SHA-256: 87e459cf388d8cf425c31d2c44e7c9986c7094092f63f5f4e86d3098c142509c
Size: 99.52 kB - rh-php56-php-pdo-5.6.5-9.el7.x86_64.rpm
MD5: 9e83611c171e25d33764fe5d895b3590
SHA-256: 832b306a1feb229f70ffbb67eb17ca777493209d3b79c0d74c593b1d300499ef
Size: 99.39 kB - rh-php56-php-pgsql-5.6.5-9.el7.x86_64.rpm
MD5: 2a655c733d92d8fb8019e25cdc534ca6
SHA-256: 8da6fdadc6860bf79ffecf3e5a01a98bead91d206ca22bca4b8e0508078f1547
Size: 93.05 kB - rh-php56-php-process-5.6.5-9.el7.x86_64.rpm
MD5: cfedf74b44e6ef0b965ce95a6fe18ecc
SHA-256: 3ae435af084ba544bf7dd97550bacc727fe5e67f426bb04b6df0dec15e1c58da
Size: 60.36 kB - rh-php56-php-pspell-5.6.5-9.el7.x86_64.rpm
MD5: 046265723df0a96c3f27b83890417851
SHA-256: 6addd6d4084d7bf907e9188e8b69fcbb82943fc875e36fed703bebbaf25ac910
Size: 42.14 kB - rh-php56-php-recode-5.6.5-9.el7.x86_64.rpm
MD5: 017871608a70d28493add4681d1a881f
SHA-256: 1aa69b35e963a475438fb891c4537cf470f37b6b902d3b7160767b404586377c
Size: 39.06 kB - rh-php56-php-snmp-5.6.5-9.el7.x86_64.rpm
MD5: 28aa1cf9e03e6ffe75848965b5dad083
SHA-256: 1a7abcd97cc7e17be52616ca6be802f4857108dfade881e32462b0f933525bd1
Size: 53.56 kB - rh-php56-php-soap-5.6.5-9.el7.x86_64.rpm
MD5: c3bf02f0ee316da24772764a2df99fea
SHA-256: 658f58be6f2733464627cf6834bdbf84fa08a5dbb071d3313c67240bfc650124
Size: 160.09 kB - rh-php56-php-xml-5.6.5-9.el7.x86_64.rpm
MD5: 7a5e4fd054948e20a6cdbacddfd4bad4
SHA-256: 2647e06edee8819a670d02f0428aad1238ab46303e538ab211fbdc016380bb02
Size: 160.38 kB - rh-php56-php-xmlrpc-5.6.5-9.el7.x86_64.rpm
MD5: fb3cc9e4f7da8dd3149a8195f16c345e
SHA-256: eba9eeb7dd4f86b47e76df894dfe23a234a567d9afdfdc67bea37a80d416e042
Size: 68.55 kB
English