Oval Definition:oval:com.redhat.rhsa:def:20161609
Revision Date:2016-08-11Version:637
Title:RHSA-2016:1609: php security update (Moderate)
Description:PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

  • It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385)

    Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2016-5385
    RHSA-2016:1609
    RHSA-2016:1609-00
    RHSA-2016:1609-02
    RHSA-2016:1609-02
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • php is earlier than 0:5.3.3-48.el6_8
  • AND php is signed with Red Hat redhatrelease2 key
  • php-bcmath is earlier than 0:5.3.3-48.el6_8
  • AND php-bcmath is signed with Red Hat redhatrelease2 key
  • php-cli is earlier than 0:5.3.3-48.el6_8
  • AND php-cli is signed with Red Hat redhatrelease2 key
  • php-common is earlier than 0:5.3.3-48.el6_8
  • AND php-common is signed with Red Hat redhatrelease2 key
  • php-dba is earlier than 0:5.3.3-48.el6_8
  • AND php-dba is signed with Red Hat redhatrelease2 key
  • php-devel is earlier than 0:5.3.3-48.el6_8
  • AND php-devel is signed with Red Hat redhatrelease2 key
  • php-embedded is earlier than 0:5.3.3-48.el6_8
  • AND php-embedded is signed with Red Hat redhatrelease2 key
  • php-enchant is earlier than 0:5.3.3-48.el6_8
  • AND php-enchant is signed with Red Hat redhatrelease2 key
  • php-fpm is earlier than 0:5.3.3-48.el6_8
  • AND php-fpm is signed with Red Hat redhatrelease2 key
  • php-gd is earlier than 0:5.3.3-48.el6_8
  • AND php-gd is signed with Red Hat redhatrelease2 key
  • php-imap is earlier than 0:5.3.3-48.el6_8
  • AND php-imap is signed with Red Hat redhatrelease2 key
  • php-intl is earlier than 0:5.3.3-48.el6_8
  • AND php-intl is signed with Red Hat redhatrelease2 key
  • php-ldap is earlier than 0:5.3.3-48.el6_8
  • AND php-ldap is signed with Red Hat redhatrelease2 key
  • php-mbstring is earlier than 0:5.3.3-48.el6_8
  • AND php-mbstring is signed with Red Hat redhatrelease2 key
  • php-mysql is earlier than 0:5.3.3-48.el6_8
  • AND php-mysql is signed with Red Hat redhatrelease2 key
  • php-odbc is earlier than 0:5.3.3-48.el6_8
  • AND php-odbc is signed with Red Hat redhatrelease2 key
  • php-pdo is earlier than 0:5.3.3-48.el6_8
  • AND php-pdo is signed with Red Hat redhatrelease2 key
  • php-pgsql is earlier than 0:5.3.3-48.el6_8
  • AND php-pgsql is signed with Red Hat redhatrelease2 key
  • php-process is earlier than 0:5.3.3-48.el6_8
  • AND php-process is signed with Red Hat redhatrelease2 key
  • php-pspell is earlier than 0:5.3.3-48.el6_8
  • AND php-pspell is signed with Red Hat redhatrelease2 key
  • php-recode is earlier than 0:5.3.3-48.el6_8
  • AND php-recode is signed with Red Hat redhatrelease2 key
  • php-snmp is earlier than 0:5.3.3-48.el6_8
  • AND php-snmp is signed with Red Hat redhatrelease2 key
  • php-soap is earlier than 0:5.3.3-48.el6_8
  • AND php-soap is signed with Red Hat redhatrelease2 key
  • php-tidy is earlier than 0:5.3.3-48.el6_8
  • AND php-tidy is signed with Red Hat redhatrelease2 key
  • php-xml is earlier than 0:5.3.3-48.el6_8
  • AND php-xml is signed with Red Hat redhatrelease2 key
  • php-xmlrpc is earlier than 0:5.3.3-48.el6_8
  • AND php-xmlrpc is signed with Red Hat redhatrelease2 key
  • php-zts is earlier than 0:5.3.3-48.el6_8
  • AND php-zts is signed with Red Hat redhatrelease2 key
    • BACK