Sicherheit: Mangelnde Prüfung von Umgebungsvariablen in php-guzzlehttp-guzzle6
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Umgebungsvariablen in php-guzzlehttp-guzzle6
ID: FEDORA-2016-9c8cf5912c
Distribution: Fedora
Plattformen: Fedora 23
Datum: Fr, 29. Juli 2016, 07:23
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385
Applikationen: php-guzzlehttp-guzzle6


Name        : php-guzzlehttp-guzzle6
Product : Fedora 23
Version : 6.2.1
Release : 1.fc23
URL : http://guzzlephp.org
Summary : PHP HTTP client library
Description :
Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and
to integrate with web services.

* Simple interface for building query strings, POST requests, streaming large
uploads, streaming large downloads, using HTTP cookies, uploading JSON data,
* Can send both synchronous and asynchronous requests using the same interface.
* Uses PSR-7 interfaces for requests, responses, and streams. This allows you
to utilize other PSR-7 compatible libraries with Guzzle.
* Abstracts away the underlying HTTP transport, allowing you to write
environment and transport agnostic code; i.e., no hard dependency on cURL,
PHP streams, sockets, or non-blocking event loops.
* Middleware system allows you to augment and compose client behavior.

Autoloader: /usr/share/php/GuzzleHttp6/autoload.php

Update Information:

## 6.2.1 - 2016-07-18 * Address HTTP_PROXY security vulnerability,
CVE-2016-5385: https://httpoxy.org/ * Fixing timeout bug with StreamHandler:
https://github.com/guzzle/guzzle/pull/1488 * Only read up to `Content-Length` in
PHP StreamHandler to avoid timeouts when a server does not honor `Connection:
close`. * Ignore URI fragment when sending requests.

[ 1 ] Bug #1357582 - php-guzzlehttp-guzzle6-6.2.1 is available

This update can be installed with the "yum" update program. Use
su -c 'yum update php-guzzlehttp-guzzle6' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Pro-Linux @Facebook
Neue Nachrichten