Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Fedora: 2015-13314 Critical: PHP-ZendFramework2 XML Injection

fedora
Calendar Grey August 22, 2015
Dist Fedora Esm H88
A critical security update for php-ZendFramework2 has been released, addressing significant vulnerabilities that could lead to data manipulation and unauthorized access
Zend Framework Upstream ChangeLog: * [Version 2.4.7]() * [Version 2.4.6]() * [Version 2.4.5]() * [Version 2.4.4]() * [Version

Summary

Zend Framework 2 is an open source framework for developing web applications

and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code

and utilizes most of the new features of PHP 5.3, namely namespaces, late

static binding, lambda functions and closures.

Zend Framework 2 evolved from Zend Framework 1, a successful PHP framework

with over 15 million downloads.

Note: This meta package installs all base Zend Framework component packages

(Authentication, Barcode, Cache, Captcha, Code, Config, Console, Crypt, Db,

Debug, Di, Dom, Escaper, EventManager, Feed, File, Filter, Form, Http, I18n,

InputFilter, Json, Ldap, Loader, Log, Mail, Math, Memory, Mime, ModuleManager,

Mvc, Navigation, Paginator, Permissions-Acl, Permissions-Rbac, ProgressBar,

Serializer, Server, ServiceManager, Session, Soap, Stdlib, Tag, Test, Text,

Uri, Validator, Version, View, XmlRpc) except the optional Cache-apc and

Cache-memcached packages.

Update Information:

Topics%20covered

Topics Covered

security advisory software update Fedora XML injection php framework

Change Log

2.4.7]() * [Version 2.4.6]() * [Version 2.4.5]() * [Version 2.4.4]() * [Version 2.4.3]() * [Version 2.4.2]() * [Version 2.4.1]() * [Version 2.4.0]()

References


[ 1 ] Bug #1253250 - CVE-2015-5161 php-ZendFramework: XML external entity injection (XXE) on PHP FPM https://bugzilla.redhat.com/show_bug.cgi?id=1253250

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php-ZendFramework2' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php-ZendFramework2
Product: Fedora 23
Version: 2.4.7
Release: 1.fc23
URL: https://framework.zend.com/
Summary: Zend Framework 2

Topics%20covered

Topics Covered

security advisory software update Fedora XML injection php framework

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here