Updated php-ZendFramework2 packages fix security vulnerability
Publication date: 13 Jan 2017Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10034
Description
When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability (CVE-2016-10034).
References
SRPMS
5/core
- php-ZendFramework2-2.4.11-1.mga5