[ MDVSA-2015:097 ] php-ZendFramework

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:097
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php-ZendFramework
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated php-ZendFramework packages fix multiple vulnerabilities:
 
 XML eXternal Entity (XXE) and XML Entity Expansion (XEE) flaws were
 discovered in the Zend Framework. An attacker could use these flaws
 to cause a denial of service, access files accessible to the server
 process, or possibly perform other more advanced XML External Entity
 (XXE) attacks (CVE-2014-2681, CVE-2014-2682, CVE-2014-2683).
 
 Using the Consumer component of Zend_OpenId, it is possible to
 login using an arbitrary OpenID account (without kno

007 Software

[ MDVSA-2015:097 ] php-ZendFramework

Leave a Reply Cancel reply

Software and Security Information