php55-php-5.5.21-5.el7
エラータID: AXSA:2016-632:01
リリース日:
2016/08/19 Friday - 11:53
題名:
php55-php-5.5.21-5.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
[修正内容]
以下項目について対処しました。
[Security Fix]
- PHP は、RFC 3875 section 4.1.18 の名前空間のコンフリクト処理を試みておらず、その結果、HTTP_PROXY 環境変数の信頼できないクライントデータから、アプリケーションを保護しないため、HTTP リクエストの巧妙に細工された Proxy ヘッダーによって、リモートの攻撃者がアプリケーションのアウトバウンド HTTP トラフィックを、任意のプロキシサーバにリダイレクトする可能性のある脆弱性があります。(CVE-2016-5385)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2016-5385
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
追加情報:
N/A
ダウンロード:
SRPMS
- php55-php-5.5.21-5.el7.src.rpm
MD5: 65eb6c23743048d84ca14c47ac477e2f
SHA-256: 6097b1125e8b7e0743b50349aac337a3010a94a3c9c168bce0cc337e17d8db60
Size: 10.72 MB
Asianux Server 7 for x86_64
- php55-php-5.5.21-5.el7.x86_64.rpm
MD5: 2129423df9be55f3806884325f1c222b
SHA-256: 4be3cab77175934bc380405c3a42bd17895a347c82a5e7acb6a7e19c9f3c95c0
Size: 1.29 MB - php55-php-bcmath-5.5.21-5.el7.x86_64.rpm
MD5: a73f9a038802a7baff800098c295827a
SHA-256: dcf61e42eb18eb095adb015e0f838a6d071a513a7bdff09b85c36d2464e82f27
Size: 56.34 kB - php55-php-cli-5.5.21-5.el7.x86_64.rpm
MD5: e73705da6736f7108f6d7fe320aa22a2
SHA-256: 56f3d2b1919445e008dde409aed5db7eadb53c05a9452bcaccdb3a12e00d5d36
Size: 2.61 MB - php55-php-common-5.5.21-5.el7.x86_64.rpm
MD5: 79aaa874b7630ea076e18ccfef2e104c
SHA-256: 04cf31d16829b4d552b389a3d4aa1f8ac2a000381b41b9fced423c37a2a8ad0a
Size: 679.60 kB - php55-php-dba-5.5.21-5.el7.x86_64.rpm
MD5: 8cf2613c692010d3b4565b83a7ba28f9
SHA-256: 77ae6e5c6484d9bee63072021c93b08698f3751a02beaf4209ab3949a7829648
Size: 54.97 kB - php55-php-devel-5.5.21-5.el7.x86_64.rpm
MD5: 93a635eccb9751c1816f19979cbea845
SHA-256: 0e47172a2bc13d4ac5954c846fd6ea2a6272b243a1840151f84aadb1709271b0
Size: 613.55 kB - php55-php-enchant-5.5.21-5.el7.x86_64.rpm
MD5: 4c706afb2b8cb1f7c8cfda98e700c901
SHA-256: c8d5d0f645b6eb3dcf9eaa55b9d0f57914ae3fde54749253eadc758b6ab2a546
Size: 41.08 kB - php55-php-fpm-5.5.21-5.el7.x86_64.rpm
MD5: 033ca342bb4a08e5f4e30123cb9a4970
SHA-256: 4eb90a9302fe39388750196f36398e0ab983aab0e2647e54995b103dba616cfb
Size: 1.35 MB - php55-php-gd-5.5.21-5.el7.x86_64.rpm
MD5: ff5cf0f5a2bb0701e2565825287aac08
SHA-256: a6e844677573e85a6fc60749683629ecb8b01937c724b733167fc24c9f0e82a4
Size: 153.94 kB - php55-php-gmp-5.5.21-5.el7.x86_64.rpm
MD5: 61e45398bd9cf5ce111b40230a01e561
SHA-256: 563606a0c50a2b343987505e1aa4872da349100547b77aedf9e8593895233460
Size: 46.44 kB - php55-php-intl-5.5.21-5.el7.x86_64.rpm
MD5: 19a4874d987aa9e28224ef91b86277eb
SHA-256: a2af484bb2bb495c10e9ea7c61d4161a200806f554e1881de161e5966860a5bf
Size: 146.47 kB - php55-php-ldap-5.5.21-5.el7.x86_64.rpm
MD5: 4b97d45f2e1bcee704bd42fe8ea1ec10
SHA-256: 519f98ac88a76756eb61c10981744c590c52b856df90d2c4d1923b246d696e98
Size: 53.11 kB - php55-php-mbstring-5.5.21-5.el7.x86_64.rpm
MD5: e272f7b7ba1d9ee08a6d8d756fc2eee4
SHA-256: 4e74c40a69656c5faf20c697b58312c373d49684d7f34b13e1a85aa53afc295c
Size: 515.45 kB - php55-php-mysqlnd-5.5.21-5.el7.x86_64.rpm
MD5: ade5f64cac3b61672927c21a309cdefc
SHA-256: 2a99c3edc8678392ee88c1c8ddf8d8aa4324fb74b2b12c4e05762f8706351c66
Size: 1.20 MB - php55-php-odbc-5.5.21-5.el7.x86_64.rpm
MD5: 7125966a25839a74063657abfe247cdf
SHA-256: 46b3e53e959550c6428a3725c3ec3b36522169dab60d72f3a73fdc91da0af5f1
Size: 64.36 kB - php55-php-opcache-5.5.21-5.el7.x86_64.rpm
MD5: e14704eddc434b4ebcaee5697a695372
SHA-256: 150f78ee01703e495e3559a559a0f68e13b8c9e799f6cd952b7ae9d5fd4bed69
Size: 92.21 kB - php55-php-pdo-5.5.21-5.el7.x86_64.rpm
MD5: 87acd8eee14c4a29afd4a7302a6a684b
SHA-256: c27ea9e1df8ba0c4c511679cc177ed916d2198405b480de79e2bb1654fcf5e68
Size: 97.54 kB - php55-php-pgsql-5.5.21-5.el7.x86_64.rpm
MD5: 1f83aaeb310c356608e8eac8fc95062d
SHA-256: 8807caab584159c8601484d54ccd182361483e737606dc973fa7cf6a91405aa1
Size: 87.28 kB - php55-php-process-5.5.21-5.el7.x86_64.rpm
MD5: 500d462197b1b70233c8567e1ae13ac2
SHA-256: 3cad8fe4736b26baf665709f48545c6961bd4f7b960af4eae15543d698067abf
Size: 57.89 kB - php55-php-pspell-5.5.21-5.el7.x86_64.rpm
MD5: 1a7c8cf76ddc2d2ca0cf35d66c481ab3
SHA-256: bbb165f326cc8cd3a6780f795c43fbcff1e0800371ea229c56fae02b70f2dc72
Size: 40.30 kB - php55-php-recode-5.5.21-5.el7.x86_64.rpm
MD5: 8110658c59604146ca9b203cad18be9d
SHA-256: 35023611705330b00ff1648bae7afd98a36ca9f9924182a4481356214b36aa31
Size: 37.22 kB - php55-php-snmp-5.5.21-5.el7.x86_64.rpm
MD5: 3cc30ca4f4ce9560367223904d8850ee
SHA-256: 01a63a7b857120c72301275293bcc696d625a21aa3d6beb206a817df7fec945b
Size: 51.71 kB - php55-php-soap-5.5.21-5.el7.x86_64.rpm
MD5: 17699c9d4b657d850e550d1af126f13d
SHA-256: 301da293701e9ca131577dcfae2e231f05b7fab9bb8a0105521fdd4bbb5d67fc
Size: 158.11 kB - php55-php-xml-5.5.21-5.el7.x86_64.rpm
MD5: 38852e246bb0183519b85cc74789cd53
SHA-256: 62f5da17737e6203f4a3394af520d5cede32650155f8bf715e945c1fcd8a1ccb
Size: 156.86 kB - php55-php-xmlrpc-5.5.21-5.el7.x86_64.rpm
MD5: 87e5fd177c4de0541d4140907badb6bc
SHA-256: e11ae721299d007bf6fbf81316f6e51d0bc1936f1da0fd62f22b5f32d0a59bcf
Size: 66.85 kB
English