Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mangelnde Prüfung von Umgebungsvariablen in php-guzzlehttp-guzzle
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Umgebungsvariablen in php-guzzlehttp-guzzle
ID: FEDORA-2016-e2c8f5f95a
Distribution: Fedora
Plattformen: Fedora 23
Datum: Fr, 29. Juli 2016, 07:21
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385

Originalnachricht

Name        : php-guzzlehttp-guzzle
Product : Fedora 23
Version : 5.3.1
Release : 1.fc23
URL : http://guzzlephp.org
Summary : PHP HTTP client and webservice framework
Description :
Guzzle is a PHP HTTP client that makes it easy to work with HTTP/1.1 and takes
the pain out of consuming web services.

* Pluggable HTTP adapters that can send requests serially or in parallel
* Doesn't require cURL, but uses cURL by default
* Streams data for both uploads and downloads
* Provides event hooks & plugins for cookies, caching, logging, OAuth,
mocks,
etc
* Keep-Alive & connection pooling
* SSL Verification
* Automatic decompression of response bodies
* Streaming multipart file uploads
* Connection timeouts

-------------------------------------------------------------------------------
-
Update Information:

## 5.3.1 - 2016-07-18 * Address HTTP_PROXY security vulnerability,
CVE-2016-5385: https://httpoxy.org/ * Event name fix:
https://github.com/guzzle/guzzle/commit/fcae91ff31de41e312fe113ec3acbcda31b2622e
* Response header case sensitivity fix:
https://github.com/guzzle/guzzle/commit/043eeadf20ee40ddc6712faee4d3957a91f2b041
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1357580 - php-guzzlehttp-guzzle-5.3.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1357580
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update php-guzzlehttp-guzzle' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung