php-5.4.16-36.3.el7
エラータID: AXSA:2016-624:02
リリース日:
2016/08/12 Friday - 07:19
題名:
php-5.4.16-36.3.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
[修正内容]
以下項目について対処しました。
[Security Fix]
- PHP は、RFC 3875 section 4.1.18 の名前空間のコンフリクト処理を試みておらず、その結果、HTTP_PROXY 環境変数の信頼できないクライントデータから、アプリケーションを保護しないため、HTTP リクエストの巧妙に細工された Proxy ヘッダーによって、リモートの攻撃者がアプリケーションのアウトバウンド HTTP トラフィックを、任意のプロキシサーバにリダイレクトする可能性のある脆弱性があります。(CVE-2016-5385)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2016-5385
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
追加情報:
N/A
ダウンロード:
SRPMS
- php-5.4.16-36.3.el7.src.rpm
MD5: a7da7d134b522e2eabd9c31845fd0446
SHA-256: 24432744daa555c499ef969b55f77587395dca222e7fe8b56b4695e88a1d0bca
Size: 11.38 MB
Asianux Server 7 for x86_64
- php-5.4.16-36.3.el7.x86_64.rpm
MD5: 91d95c2f5ad68caf49ab258894b9b06b
SHA-256: 47157a7f5422b368ca9ac0cc37dc3a47cfbf63dc38a3050dba15986df5e5c978
Size: 1.35 MB - php-bcmath-5.4.16-36.3.el7.x86_64.rpm
MD5: ad3ff4eddcf95e6706ef3cc0429f9195
SHA-256: 8a8ad2e0f0ca4856f4b9c78293ca8ef5a9b8224e3bf5bed00fe974ea8cbba82b
Size: 55.35 kB - php-cli-5.4.16-36.3.el7.x86_64.rpm
MD5: 6ca0ba4e81b4a04f84a91574cf39052e
SHA-256: ddbc0307268ee56404bb89272880417b0f4d09ab53874d92bd5a6e9f7cc6b145
Size: 2.74 MB - php-common-5.4.16-36.3.el7.x86_64.rpm
MD5: 434464ddd0bd8fce9f86bf48cbb531bf
SHA-256: ae6ee478424676090a58c8fa96a918f145285840bc0ec40bc8d6bdaa7ddc1050
Size: 562.43 kB - php-gd-5.4.16-36.3.el7.x86_64.rpm
MD5: 38085b0e24c8a4ad95305fec8b3e2520
SHA-256: 53447ba8eb795d149a547b78eae8a9f1dc0e2c0a5c7f157576ae566c58312057
Size: 125.12 kB - php-ldap-5.4.16-36.3.el7.x86_64.rpm
MD5: 0cd97c89dbad9eacc84072d9c0aed075
SHA-256: fe4a52bedacae1070f915fb61ab7a1c25b430b8e0c2da9c62768c2df4d163cfc
Size: 50.30 kB - php-mbstring-5.4.16-36.3.el7.x86_64.rpm
MD5: 904db9c6ad2dd5fc78ebc23577fe6878
SHA-256: b57b22641cba894c0dd3e98a87f01c690981bb5f499b2aefd5e9e68994f3335c
Size: 502.68 kB - php-mysql-5.4.16-36.3.el7.x86_64.rpm
MD5: 989d0b6f77c9ff621d88269d4461ad17
SHA-256: 9636a96151a84959c8c5284a2ad8c6e2dc9b6333169ec2b8d4f4250ceab5f5d1
Size: 98.80 kB - php-odbc-5.4.16-36.3.el7.x86_64.rpm
MD5: 1e568b200576dbe3a80f33830f12f4e9
SHA-256: e68376039988437f8c683eb39e477a3bf83ea8e6be1c3a0f1f926d8a72f9b469
Size: 63.19 kB - php-pdo-5.4.16-36.3.el7.x86_64.rpm
MD5: 3c1d9ea55305ab686a5973fd50feca52
SHA-256: 89a44a929648fa994ba690f5c4c1f882502b7ee4e87778949cab2d7389f5774f
Size: 96.51 kB - php-pgsql-5.4.16-36.3.el7.x86_64.rpm
MD5: 3f14b989c8acf7e760e10d2d87da3534
SHA-256: 1f4f3a94739fc48b035585ff7ac352d4192120a311094cf0cbcf859c3be51647
Size: 83.71 kB - php-process-5.4.16-36.3.el7.x86_64.rpm
MD5: 83aee16dcc9ea83d5b70b88c5eb5cd47
SHA-256: 7bb0e656ffa4a44b4f5e4f0589eedc9dcc4f1482d16ede7414c62dee3e7f2447
Size: 53.59 kB - php-recode-5.4.16-36.3.el7.x86_64.rpm
MD5: c9796718cbad103b137304552f99c639
SHA-256: 3b3db089d1742fc10248b5a7081ae0e87328451b138e8bc3ec5af564a9c2f567
Size: 36.29 kB - php-soap-5.4.16-36.3.el7.x86_64.rpm
MD5: ae2d7b0ea56c587201640bb72fabd76e
SHA-256: 241674419e4359f87f5b7f8e82d09ea01d390fa32faf14e885d7323bbfb421f3
Size: 156.41 kB - php-xml-5.4.16-36.3.el7.x86_64.rpm
MD5: 51467ee2f8eb5ed191080563242b7690
SHA-256: 2291202ec0a8d905ab0f48406eaa7280005606100185f9484b35e00fa3638cfa
Size: 123.49 kB - php-xmlrpc-5.4.16-36.3.el7.x86_64.rpm
MD5: 798fab753e04bcec3e8799897ca74cea
SHA-256: 55558926e2ee2ae80f4204f5bc94fc5ac09a6ede76759811d04748058347dfdb
Size: 65.81 kB
English