Sicherheit: Ausführen beliebiger Kommandos in php-ZendFramework2
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in php-ZendFramework2
ID: FEDORA-2015-13529
Distribution: Fedora
Plattformen: Fedora 22
Datum: Do, 27. August 2015, 23:13
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
Applikationen: php-ZendFramework2


Name        : php-ZendFramework2
Product : Fedora 22
Version : 2.4.7
Release : 1.fc22
URL : http://framework.zend.com
Summary : Zend Framework 2
Description :
Zend Framework 2 is an open source framework for developing web applications
and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code
and utilizes most of the new features of PHP 5.3, namely namespaces, late
static binding, lambda functions and closures.

Zend Framework 2 evolved from Zend Framework 1, a successful PHP framework
with over 15 million downloads.

Note: This meta package installs all base Zend Framework component packages
(Authentication, Barcode, Cache, Captcha, Code, Config, Console, Crypt, Db,
Debug, Di, Dom, Escaper, EventManager, Feed, File, Filter, Form, Http, I18n,
InputFilter, Json, Ldap, Loader, Log, Mail, Math, Memory, Mime, ModuleManager,
Mvc, Navigation, Paginator, Permissions-Acl, Permissions-Rbac, ProgressBar,
Serializer, Server, ServiceManager, Session, Soap, Stdlib, Tag, Test, Text,
Uri, Validator, Version, View, XmlRpc) except the optional Cache-apc and
Cache-memcached packages.

Update Information:

Zend Framework Upstream ChangeLogs: * [Version
2.4.7](http://framework.zend.com/changelog/2.4.7/) * [Version
2.4.6](http://framework.zend.com/changelog/2.4.6/) * [Version
2.4.5](http://framework.zend.com/changelog/2.4.5/) * [Version
2.4.4](http://framework.zend.com/changelog/2.4.4/) * [Version
2.4.3](http://framework.zend.com/changelog/2.4.3/) * [Version
2.4.2](http://framework.zend.com/changelog/2.4.2/) * [Version
2.4.1](http://framework.zend.com/changelog/2.4.1/) * [Version

[ 1 ] Bug #1253250 - CVE-2015-5161 php-ZendFramework: XML external entity
injection (XXE) on PHP FPM

This update can be installed with the "yum" update program. Use
su -c 'yum update php-ZendFramework2' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Pro-Linux @Facebook
Neue Nachrichten