Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora: Critical Security Advisory for php-ZendFramework - EEI Risk

fedora
Calendar Grey November 9, 2015
Dist Fedora Esm H88
The security patch for PHP ZendFramework on Fedora resolves significant vulnerabilities CVE-2015-5161 and CVE-2015-5723, implementing necessary corrections.
Update to 1.12.16 - fixes CVE-2015-5161: https://framework.zend.com/security/advisory/ZF2015-06 - fixes CVE-2015-5723: https://framework.zend.com/security/advisory/ZF2015-07 - remo...

Summary

Extending the art & spirit of PHP, Zend Framework is based on simplicity,

object-oriented best practices, corporate friendly licensing, and a rigorously

tested agile code base. Zend Framework is focused on building more secure,

reliable, and modern Web 2.0 applications & web services, and consuming widely

available APIs from leading vendors like Google, Amazon, Yahoo!, Flickr, as

well as API providers and catalogers like StrikeIron and ProgrammableWeb.

Update Information:

Update to 1.12.16 - fixes CVE-2015-5161: https://framework.zend.com/security/advisory/ZF2015-06 - fixes CVE-2015-5723: https://framework.zend.com/security/advisory/ZF2015-07 - removed services: DeveloperGarden, Technorati

Topics%20covered

Topics Covered

security advisory update Fedora security fix critical issues php-ZendFramework external entity injection

Change Log

References


[ 1 ] Bug #1269080 - CVE-2015-5723 php-ZendFramework: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1269080 [ 2 ] Bug #1253255 - CVE-2015-5161 php-ZendFramework: XML external entity injection (XXE) on PHP FPM [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1253255 [ 3 ] Bug #1253253 - CVE-2015-5161 php-ZendFramework: XML external entity injection (XXE) on PHP FPM [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1253253 [ 4 ] Bug #1269081 - CVE-2015-5723 php-ZendFramework: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1269081 [ 5 ] Bug #1253251 - CVE-2015-5161 php-ZendFramework: XML external entity injection (XXE) on PHP FPM [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1253251

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php-ZendFramework' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php-ZendFramework
Product: Fedora 21
Version: 1.12.16
Release: 1.fc21
URL: https://framework.zend.com/
Summary: Leading open-source PHP framework

Topics%20covered

Topics Covered

security advisory update Fedora security fix critical issues php-ZendFramework external entity injection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here