Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in php-guzzle-Guzzle
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in php-guzzle-Guzzle
ID: FEDORA-2015-13314
Distribution: Fedora
Plattformen: Fedora 23
Datum: Sa, 22. August 2015, 23:43
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
Applikationen: php-guzzle-Guzzle

Originalnachricht

Name        : php-guzzle-Guzzle
Product : Fedora 23
Version : 3.9.3
Release : 5.fc23
URL : https://github.com/guzzle/guzzle3
Summary : PHP HTTP client library and framework for building RESTful web
service clients
Description :
Guzzle takes the pain out of sending HTTP requests and the redundancy out
of creating web service clients.

Guzzle is a framework that includes the tools needed to create a robust web
service client, including: Service descriptions for defining the inputs and
outputs of an API, resource iterators for traversing paginated resources,
batching for sending a large number of requests as efficiently as possible.

* All the power of cURL with a simple interface
* Persistent connections and parallel requests
* Streams request and response bodies
* Service descriptions for quickly building clients
* Powered by the Symfony2 EventDispatcher
* Use all of the code or only specific components
* Plugins for caching, logging, OAuth, mocks, and more

Optional dependencies:
* Doctrine Cache (1.3 <= php-doctrine-cache < 2.0)
* Monolog (1.0 <= php-Monolog < 2.0)
* Zend Framework 2 Cache (2.0 <= php-ZendFramework2-Cache < 3)
* Zend Framework 2 Log (2.0 <= php-ZendFramework2-Log < 3)

***** EOL NOTICE *****

This package is for Guzzle 3.x. Guzzle 5.x+, the new versions of Guzzle, has
been released and is available as the package "php-guzzlehttp-guzzle".
The
documentation for Guzzle version 5+ can be found at http://guzzlephp.org.

Guzzle 3 is only maintained for bug and security fixes. Guzzle 3 will be EOL at
some point in late 2015.

**********************

-------------------------------------------------------------------------------
-
Update Information:

Zend Framework Upstream ChangeLog: * [Version
2.4.7](http://framework.zend.com/changelog/2.4.7/) * [Version
2.4.6](http://framework.zend.com/changelog/2.4.6/) * [Version
2.4.5](http://framework.zend.com/changelog/2.4.5/) * [Version
2.4.4](http://framework.zend.com/changelog/2.4.4/) * [Version
2.4.3](http://framework.zend.com/changelog/2.4.3/) * [Version
2.4.2](http://framework.zend.com/changelog/2.4.2/) * [Version
2.4.1](http://framework.zend.com/changelog/2.4.1/) * [Version
2.4.0](http://framework.zend.com/changelog/2.4.0/)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1253250 - CVE-2015-5161 php-ZendFramework: XML external entity
injection (XXE) on PHP FPM
https://bugzilla.redhat.com/show_bug.cgi?id=1253250
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update php-guzzle-Guzzle' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung