|
|
Subscribe / Log in / New account

Fedora alert FEDORA-2014-12676 (php-ZendFramework2)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 21 Update: php-ZendFramework2-2.3.3-1.fc21 


Date:
    	      Thu, 16 Oct 2014 02:00:15 +0000


Message-ID:
    	      <20141016020019.69DA160DE4F1@bastion01.phx2.fedoraproject.org>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-12676
2014-10-11 06:01:02
--------------------------------------------------------------------------------

Name        : php-ZendFramework2
Product     : Fedora 21
Version     : 2.3.3
Release     : 1.fc21
URL         : http://framework.zend.com
Summary     : Zend Framework 2
Description :
Zend Framework 2 is an open source framework for developing web applications
and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code
and utilizes most of the new features of PHP 5.3, namely namespaces, late
static binding, lambda functions and closures.

Zend Framework 2 evolved from Zend Framework 1, a successful PHP framework
with over 15 million downloads.

Note: This meta package installs all base Zend Framework component packages
(Authentication, Barcode, Cache, Captcha, Code, Config, Console, Crypt, Db,
Debug, Di, Dom, Escaper, EventManager, Feed, File, Filter, Form, Http, I18n,
InputFilter, Json, Ldap, Loader, Log, Mail, Math, Memory, Mime, ModuleManager,
Mvc, Navigation, Paginator, Permissions-Acl, Permissions-Rbac, ProgressBar,
Serializer, Server, ServiceManager, Session, Soap, Stdlib, Tag, Test, Text,
Uri, Validator, Version, View, XmlRpc) except the optional Cache-apc and
Cache-memcached packages.

--------------------------------------------------------------------------------
Update Information:

Security release
* ZF2014-05, which mititages null byte poisoning of the password provided for LDAP authentication,
thus prevening unauthorized LDAP binding. This corrects for unpatched versions of PHP (versions
5.5.11 and below, 5.4.27 and below, and any prior releases).
* ZF2014-06, which mitigates null byte poisoning of quoted SQL values provided to the sqlsrv
extension, thus preventing a potential SQL injection vector.

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1151276 - CVE-2014-8088 php-ZendFramework: null byte issue, connect to LDAP without
knowing the password (ZF2014-05)
        https://bugzilla.redhat.com/show_bug.cgi?id=1151276
  [ 2 ] Bug #1151277 - CVE-2014-8089 php-ZendFramework: SQL injection issue when using the sqlsrv
PHP extension (ZF2014-06)
        https://bugzilla.redhat.com/show_bug.cgi?id=1151277
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update php-ZendFramework2' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)


Copyright © 2024, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds