Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 23 FEDORA-2015-13314 Moderate: Php-Guzzle Security Fix

fedora
Calendar Grey August 22, 2015
Dist Fedora Esm H88
The latest release of php-guzzle-Guzzle addresses a critical vulnerability and provides essential bug corrections for Fedora 23 users. Dive in for more details.
Zend Framework Upstream ChangeLog: * [Version 2.4.7]() * [Version 2.4.6]() * [Version 2.4.5]() * [Version 2.4.4]() * [Version

Summary

Guzzle takes the pain out of sending HTTP requests and the redundancy out

of creating web service clients.

Guzzle is a framework that includes the tools needed to create a robust web

service client, including: Service descriptions for defining the inputs and

outputs of an API, resource iterators for traversing paginated resources,

batching for sending a large number of requests as efficiently as possible.

* All the power of cURL with a simple interface

* Persistent connections and parallel requests

* Streams request and response bodies

* Service descriptions for quickly building clients

* Powered by the Symfony2 EventDispatcher

* Use all of the code or only specific components

* Plugins for caching, logging, OAuth, mocks, and more

Optional dependencies:

* Doctrine Cache (1.3 <= php-doctrine-cache < 2.0)

* Monolog (1.0 <= php-Monolog < 2.0)

* Zend Framework 2 Cache (2.0 <= php-ZendFramework2-Cache < 3)

* Zend Framework 2 Log (2.0 <= php-ZendFramework2-Log < 3)

***** EOL NOTICE *****

This package is for Guzzle 3.x. Guzzle 5.x+, the new versions of Guzzle, has

been released and is available as the package "php-guzzlehttp-guzzle". The

documentation for Guzzle version 5+ can be found at https://docs.guzzlephp.org/en/stable/.

Guzzle 3 is only maintained for bug and security fixes. Guzzle 3 will be EOL at

some point in late 2015.

**********************

Update Information:

Topics%20covered

Topics Covered

security advisory security issue Fedora HTTP client php-guzzle

Change Log

2.4.7]() * [Version 2.4.6]() * [Version 2.4.5]() * [Version 2.4.4]() * [Version 2.4.3]() * [Version 2.4.2]() * [Version 2.4.1]() * [Version 2.4.0]()

References


[ 1 ] Bug #1253250 - CVE-2015-5161 php-ZendFramework: XML external entity injection (XXE) on PHP FPM https://bugzilla.redhat.com/show_bug.cgi?id=1253250

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php-guzzle-Guzzle' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: php-guzzle-Guzzle
Product: Fedora 23
Version: 3.9.3
Release: 5.fc23
URL: https://github.com/guzzle/guzzle3
Summary: PHP HTTP client library and framework for building RESTful web service clients

Topics%20covered

Topics Covered

security advisory security issue Fedora HTTP client php-guzzle

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here