Advisories ยป MGASA-2015-0370

Updated php-ZendFramework packages fix CVE-2015-5161

Publication date: 15 Sep 2015
Modification date: 15 Sep 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-5161

Description

Updated php-ZendFramework packages fix security vulnerability:

Dawid Golunski discovered that when running under PHP-FPM in a threaded
environment, Zend Framework, a PHP framework, did not properly handle XML data
in multibyte encoding. This could be used by remote attackers to perform an
XML External Entity attack via crafted XML data (CVE-2015-5161).
                

References

SRPMS

4/core