Advisories » MGASA-2016-0272

Updated php-ZendFramework packages fix security vulnerability

Publication date: 03 Aug 2016
Modification date: 03 Aug 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-6233

Description

The implementation of ORDER BY and GROUP BY in Zend_Db_Select of
ZendFramework is vulnerable to an SQL injection (CVE-2016-6233).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18958
• https://framework.zend.com/security/advisory/ZF2016-02
• https://framework.zend.com/blog/2016-07-13-ZF-1.12.19-Released.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6233

SRPMS

5/core

• php-ZendFramework-1.12.19-1.mga5