Advisories ยป MGASA-2015-0371

Updated php-ZendFramework packages fix CVE-2015-5161

Publication date: 15 Sep 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5161

Description

Updated php-ZendFramework and php-ZendFramework2 packages fix security vulnerability:

Dawid Golunski discovered that when running under PHP-FPM in a threaded
environment, Zend Framework, a PHP framework, did not properly handle XML data
in multibyte encoding. This could be used by remote attackers to perform an
XML External Entity attack via crafted XML data (CVE-2015-5161).
                

References

SRPMS

5/core