Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisorysecurity updatefedoraFedora 28 Update: FEDORA-2018-7da5983771 Moderate: Php-Zendframework
## 2.10.3 - 2018-08-01 ### Added - Nothing. ### Changed - This release modifies how `Zend\Feed\Pubsubhubbub\AbstractCallback::_detectCallbackUrl()` marshals the request URI. In prior releases, we would attempt to inspect the `X-Rewrite-Url` and `X-Original-Url` headers, using their values, if present. These headers are issued by the ISAPI_Rewrite module for IIS (developed by. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-7da5983771 2018-08-14 21:06:35.949692 --------------------------------------------------------------------------------Name : php-zendframework-zend-feed Product : Fedora 28 Version : 2.10.3 Release : 1.fc28 URL : https://zendframework.github.io/zend-feed/ Summary : Zend Framework Feed component Description : Zend\Feed provides functionality for consuming RSS and Atom feeds. It provides a natural syntax for accessing elements of feeds, feed attributes, and entry attributes. Zend\Feed also has extensive support for modifying feed and entry structure with the same natural syntax, and turning the result back into XML. Documentation: https://zendframework.github.io/zend-feed/ --------------------------------------------------------------------------------Update Information: ## 2.10.3 - 2018-08-01 ### Added - Nothing. ### Changed - This release modifies how `Zend\Feed\Pubsubhubbub\AbstractCallback::_detectCallbackUrl()` marshals the request URI. In prior releases, we would attempt to inspect the `X-Rewrite-Url` and `X-Original-Url` headers, using their values, if present. These headers are issued by the ISAPI_Rewrite module for IIS (developed by HeliconTech). However, we have no way of guaranteeing that the module is what issued the headers, making it an unreliable source for discovering the URI. As such, we have removed this feature in this release. The method is not called internally. If you are calling the method from your own extension and need supportfor ISAPI_Rewrite, you will need to override the method as follows: ``` protected function _detectCallbackUrl() { $callbackUrl = null; if (isset($_SERVER['HTTP_X_REWRITE_URL'])) { $callbackUrl $_SERVER['HTTP_X_REWRITE_URL']; } if (isset($_SERVER['HTTP_X_ORIGINAL_URL'])) { $callbackUrl $_SERVER['HTTP_X_ORIGINAL_URL']; } return $callbackUrl ?: parent::__detectCallbackUrl(); } ``` If you use an approach such as the above, make sure you also instruct your web server to strip any incoming headers of the same name so that you can guarantee they are issued by the ISAPI_Rewrite module. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - Nothing. --------------------------------------------------------------------------------ChangeLog: * Thu Aug 2 2018 Shawn Iwinski - 2.10.3-1 - Update to 2.10.3 (ZF2018-01) * Fri Jul 13 2018 Fedora Release Engineering - 2.10.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Jun 19 2018 Remi Collet - 2.10.2-2 - update to 2.10.2 * Tue Jun 5 2018 Remi Collet - 2.10.1-2 - update to 2.10.1 * Fri May 25 2018 Remi Collet - 2.10.0-2 - update to 2.10.0 * Tue May 15 2018 Remi Collet - 2.9.1-2 - update to 2.9.1 - use range dependencies on F27+ --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-7da5983771' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Aug 14, 2018
•Important
Fedora
91
security advisorygentooremote command executionGentoo: GLSA-201804-10 Normal: Zend Framework Remote Command Execution
Multiple vulnerabilities have been found in Zend Framework, the worst of which could allow attackers to remotely execute arbitrary commands.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201804-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Zend Framework: Multiple vulnerabilities Date: April 09, 2018 Bugs: #604182 ID: 201804-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Zend Framework, the worst of which could allow attackers to remotely execute arbitrary commands. Background ========= Zend Framework is a high quality and open source framework for developing Web Applications. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-php/ZendFramework = Description ========== Multiple vulnerabilities have been discovered in Zend Framework that have remain unaddressed. Please review the referenced CVE identifiersfor details. Impact ===== Remote attackers could execute arbitrary commands or conduct SQL injection attacks. Workaround ========= There is no known workaround at this time. Resolution ========= Gentoo has discontinued support for Zend Framework and recommends that users unmerge the package: # emerge --unmerge "dev-php/ZendFramework" References ========= [ 1 ] CVE-2016-10034 https://nvd.nist.gov/vuln/detail/CVE-2016-10034 [ 2 ] CVE-2016-4861 https://nvd.nist.gov/vuln/detail/CVE-2016-4861 [ 3 ] CVE-2016-6233 https://nvd.nist.gov/vuln/detail/CVE-2016-6233 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201804-10 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Apr 09, 2018
Gentoo
89
security advisoryfedoraremote code executionFedora 24: Security Update for php-zendframework-zend-mail to Prevent RCE
**Version 2.7.2** - 2016-12-19 - Fixes [ZF2016-04](https://framework.zend.com/security/advisory/ZF2016-04). Potential remote code execution in zend-mail via Sendmail adapter. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-1185de6aa6 2016-12-31 18:54:49.148584 -------------------------------------------------------------------------------- Name : php-zendframework-zend-mail Product : Fedora 24 Version : 2.7.2 Release : 1.fc24 URL : https://zendframework.github.io/zend-mail/ Summary : Zend Framework Mail component Description : Zend\Mail provides generalized functionality to compose and send both text and MIME-compliant multipart email messages. Mail can be sent with Zend\Mail via the Mail\Transport\Sendmail, Mail\Transport\Smtp or the Mail\Transport\File transport. Of course, you can also implement your own transport by implementing the Mail\Transport\TransportInterface. Documentation: https://zendframework.github.io/zend-mail/ -------------------------------------------------------------------------------- Update Information: **Version 2.7.2** - 2016-12-19 - Fixes [ZF2016-04](https://framework.zend.com/security/advisory/ZF2016-04). Potential remote code execution in zend-mail via Sendmail adapter -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade php-zendframework-zend-mail' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 31, 2016
•Critical
Fedora
87
security advisorycriticaldebianDebian DSA-3340-1: Critical XML External Entity Attack in Zend Framework
Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3340-1
Aug 19, 2015
•Critical
Debian
87
security advisorycriticaldebianDebian: DSA-3265-1 Critical: Zend Framework Multiple Security Issues
Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3265-1
May 20, 2015
•Critical
Debian
87
security advisorycritical issuedebianDebian DSA-2602-1 Critical: Zend Framework XML Inclusion Risk
Yury Dyachenko discovered that Zend Framework uses the PHP XML parser in an insecure way, allowing attackers to open files and trigger HTTP requests, potentially accessing restricted information. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2602-1
Jan 08, 2013
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!