OVAL Reference oval:com.redhat.rhsa:def:20161613

Oval Definition:

oval:com.redhat.rhsa:def:20161613

Revision Date:	2016-08-11	Version:	638
Title:	RHSA-2016:1613: php security and bug fix update (Moderate)
Description:	PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. Bug Fix(es): Previously, an incorrect logic in the SAPI header callback routine caused that the callback counter was not incremented. Consequently, when a script included a header callback, it could terminate unexpectedly with a segmentation fault. With this update, the callback counter is properly managed, and scripts with a header callback implementation work as expected. (BZ#1346758)
Family:	unix	Class:	patch
Status:		Reference(s):	CVE-2016-5385 RHSA-2016:1613 RHSA-2016:1613-00 RHSA-2016:1613-01 RHSA-2016:1613-01
Platform(s):	Red Hat Enterprise Linux 7	Product(s):
Definition Synopsis
Red Hat Enterprise Linux must be installed OR Package Information Red Hat Enterprise Linux 7 is installed AND php is earlier than 0:5.4.16-36.3.el7_2 AND php is signed with Red Hat redhatrelease2 key php-bcmath is earlier than 0:5.4.16-36.3.el7_2 AND php-bcmath is signed with Red Hat redhatrelease2 key php-cli is earlier than 0:5.4.16-36.3.el7_2 AND php-cli is signed with Red Hat redhatrelease2 key php-common is earlier than 0:5.4.16-36.3.el7_2 AND php-common is signed with Red Hat redhatrelease2 key php-dba is earlier than 0:5.4.16-36.3.el7_2 AND php-dba is signed with Red Hat redhatrelease2 key php-devel is earlier than 0:5.4.16-36.3.el7_2 AND php-devel is signed with Red Hat redhatrelease2 key php-embedded is earlier than 0:5.4.16-36.3.el7_2 AND php-embedded is signed with Red Hat redhatrelease2 key php-enchant is earlier than 0:5.4.16-36.3.el7_2 AND php-enchant is signed with Red Hat redhatrelease2 key php-fpm is earlier than 0:5.4.16-36.3.el7_2 AND php-fpm is signed with Red Hat redhatrelease2 key php-gd is earlier than 0:5.4.16-36.3.el7_2 AND php-gd is signed with Red Hat redhatrelease2 key php-intl is earlier than 0:5.4.16-36.3.el7_2 AND php-intl is signed with Red Hat redhatrelease2 key php-ldap is earlier than 0:5.4.16-36.3.el7_2 AND php-ldap is signed with Red Hat redhatrelease2 key php-mbstring is earlier than 0:5.4.16-36.3.el7_2 AND php-mbstring is signed with Red Hat redhatrelease2 key php-mysql is earlier than 0:5.4.16-36.3.el7_2 AND php-mysql is signed with Red Hat redhatrelease2 key php-mysqlnd is earlier than 0:5.4.16-36.3.el7_2 AND php-mysqlnd is signed with Red Hat redhatrelease2 key php-odbc is earlier than 0:5.4.16-36.3.el7_2 AND php-odbc is signed with Red Hat redhatrelease2 key php-pdo is earlier than 0:5.4.16-36.3.el7_2 AND php-pdo is signed with Red Hat redhatrelease2 key php-pgsql is earlier than 0:5.4.16-36.3.el7_2 AND php-pgsql is signed with Red Hat redhatrelease2 key php-process is earlier than 0:5.4.16-36.3.el7_2 AND php-process is signed with Red Hat redhatrelease2 key php-pspell is earlier than 0:5.4.16-36.3.el7_2 AND php-pspell is signed with Red Hat redhatrelease2 key php-recode is earlier than 0:5.4.16-36.3.el7_2 AND php-recode is signed with Red Hat redhatrelease2 key php-snmp is earlier than 0:5.4.16-36.3.el7_2 AND php-snmp is signed with Red Hat redhatrelease2 key php-soap is earlier than 0:5.4.16-36.3.el7_2 AND php-soap is signed with Red Hat redhatrelease2 key php-xml is earlier than 0:5.4.16-36.3.el7_2 AND php-xml is signed with Red Hat redhatrelease2 key php-xmlrpc is earlier than 0:5.4.16-36.3.el7_2 AND php-xmlrpc is signed with Red Hat redhatrelease2 key

BACK