Ausführen beliebiger Kommandos in php-guzzle-Guzzle
ID: | FEDORA-2015-13488 |
Distribution: | Fedora |
Plattformen: | Fedora 21 |
Datum: | Fr, 28. August 2015, 06:47 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161 |
Applikationen: | php-guzzle-Guzzle |
Originalnachricht |
|
Name : php-guzzle-Guzzle Product : Fedora 21 Version : 3.9.3 Release : 5.fc21 URL : https://github.com/guzzle/guzzle3 Summary : PHP HTTP client library and framework for building RESTful web service clients Description : Guzzle takes the pain out of sending HTTP requests and the redundancy out of creating web service clients. Guzzle is a framework that includes the tools needed to create a robust web service client, including: Service descriptions for defining the inputs and outputs of an API, resource iterators for traversing paginated resources, batching for sending a large number of requests as efficiently as possible. * All the power of cURL with a simple interface * Persistent connections and parallel requests * Streams request and response bodies * Service descriptions for quickly building clients * Powered by the Symfony2 EventDispatcher * Use all of the code or only specific components * Plugins for caching, logging, OAuth, mocks, and more Optional dependencies: * Doctrine Cache (1.3 <= php-doctrine-cache < 2.0) * Monolog (1.0 <= php-Monolog < 2.0) * Zend Framework 2 Cache (2.0 <= php-ZendFramework2-Cache < 3) * Zend Framework 2 Log (2.0 <= php-ZendFramework2-Log < 3) ***** EOL NOTICE ***** This package is for Guzzle 3.x. Guzzle 5.x+, the new versions of Guzzle, has been released and is available as the package "php-guzzlehttp-guzzle". The documentation for Guzzle version 5+ can be found at http://guzzlephp.org. Guzzle 3 is only maintained for bug and security fixes. Guzzle 3 will be EOL at some point in late 2015. ********************** -------------------------------------------------------------------------------- Update Information: Zend Framework Upstream ChangeLogs: * [Version 2.4.7](http://framework.zend.com/changelog/2.4.7/) * [Version 2.4.6](http://framework.zend.com/changelog/2.4.6/) * [Version 2.4.5](http://framework.zend.com/changelog/2.4.5/) * [Version 2.4.4](http://framework.zend.com/changelog/2.4.4/) * [Version 2.4.3](http://framework.zend.com/changelog/2.4.3/) * [Version 2.4.2](http://framework.zend.com/changelog/2.4.2/) * [Version 2.4.1](http://framework.zend.com/changelog/2.4.1/) * [Version 2.4.0](http://framework.zend.com/changelog/2.4.0/) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1253250 - CVE-2015-5161 php-ZendFramework: XML external entity injection (XXE) on PHP FPM https://bugzilla.redhat.com/show_bug.cgi?id=1253250 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update php-guzzle-Guzzle' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce |