Advisories ยป MGASA-2017-0016

Updated php-ZendFramework2 packages fix security vulnerability

Publication date: 13 Jan 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10034

Description

When using the zend-mail component to send email via the
Zend\Mail\Transport\Sendmail transport, a malicious user may be able to
inject arbitrary parameters to the system sendmail program. The attack
is performed by providing additional quote characters within an address;
when unsanitized, they can be interpreted as additional command line
arguments, leading to the vulnerability (CVE-2016-10034).
                

References

SRPMS

5/core