Advisories ยป MGASA-2016-0352

Updated php-ZendFramework packages fix security vulnerability

Publication date: 21 Oct 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4861

Description

The implementation of ORDER BY and GROUP BY in Zend_Db_Select remained prone
to SQL injection when a combination of SQL expressions and comments were used.
This security patch provides a comprehensive solution that identifies and
removes comments prior to checking validity of the statement to ensure no SQLi
vectors occur (CVE-2016-4861).
                

References

SRPMS

5/core