Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 568
Alerts This Week
Warning Icon 1 568

Fedora 23: php-ZendFramework Security Update EOL: SQL Issues

fedora
Calendar Grey October 9, 2016
Dist Fedora Esm H88
Recent security patch for PHP Zend Framework on Fedora 23, tackling various vulnerabilities prior to its end of support.
Probably the last update for Zend Framework 1 as it is being EOLd on September 28, 2016

Summary

Extending the art & spirit of PHP, Zend Framework is based on simplicity,

object-oriented best practices, corporate friendly licensing, and a rigorously

tested agile code base. Zend Framework is focused on building more secure,

reliable, and modern Web 2.0 applications & web services, and consuming widely

available APIs from leading vendors like Google, Amazon, Yahoo!, Flickr, as

well as API providers and catalogers like StrikeIron and ProgrammableWeb.

Update Information:

Probably the last update for Zend Framework 1 as it is being EOLd on September 28, 2016. Fixes two security issues, CVE-2016-4861 and CVE-2016-6233

Change Log

References


[ 1 ] Bug #1376341 - CVE-2016-4861 php-ZendFramework: ZendFramework: SQL injection vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1376341 [ 2 ] Bug #1357553 - CVE-2016-6233 php-ZendFramework: ZendFramework: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1357553

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php-ZendFramework' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php-ZendFramework
Product: Fedora 23
Version: 1.12.20
Release: 1.fc23
Summary: Leading open-source PHP framework

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.