Mandriva Linux Security Advisory 2014-145 - The implementation of the ORDER BY SQL statement in Zend_Db_Select of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses. The updated packages have been upgraded to the latest ZendFramework version which is not vulnerable to this issue.
1d38288d465713a37f02a8977e8f2b34e2ce109cc91ccc1ab5fc49854a8f79f9-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:145
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : php-ZendFramework
Date : July 31, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in php-ZendFramework:
The implementation of the ORDER BY SQL statement in Zend_Db_Select
of Zend Framework 1 contains a potential SQL injection when the query
string passed contains parentheses (CVE-2014-4914).
The updated packages have been upgraded to the latest ZendFramework
(1.12.7) version which is not vulnerable to this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914
http://framework.zend.com/security/advisory/ZF2014-04
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
f9e5804a58b8af73a972bfa0a2da6284 mbs1/x86_64/php-ZendFramework-1.12.7-1.mbs1.noarch.rpm
1a5d10af134d2b517d3752a8119b2339 mbs1/x86_64/php-ZendFramework-Cache-Backend-Apc-1.12.7-1.mbs1.noarch.rpm
1d37c1497156c59d7539333b2b413e8b mbs1/x86_64/php-ZendFramework-Cache-Backend-Memcached-1.12.7-1.mbs1.noarch.rpm
99414b75a630264f9dcfe4c8dfa53e6e mbs1/x86_64/php-ZendFramework-Captcha-1.12.7-1.mbs1.noarch.rpm
9ac1fb5c76b9f0b71abf1bf90a273ebd mbs1/x86_64/php-ZendFramework-demos-1.12.7-1.mbs1.noarch.rpm
d25f8e0658bbe3ce7f026d20baeebadf mbs1/x86_64/php-ZendFramework-Dojo-1.12.7-1.mbs1.noarch.rpm
75218f17b04edc9c422aa8117239411d mbs1/x86_64/php-ZendFramework-extras-1.12.7-1.mbs1.noarch.rpm
9ca8a5d6aa73e77f2e679e5020be0d41 mbs1/x86_64/php-ZendFramework-Feed-1.12.7-1.mbs1.noarch.rpm
46c3592a516b33b3f30fa6603d9085b7 mbs1/x86_64/php-ZendFramework-Gdata-1.12.7-1.mbs1.noarch.rpm
aecf3e6879dca04b9084660c5f490626 mbs1/x86_64/php-ZendFramework-Pdf-1.12.7-1.mbs1.noarch.rpm
44829853ef1ac199da93b5affaec8070 mbs1/x86_64/php-ZendFramework-Search-Lucene-1.12.7-1.mbs1.noarch.rpm
2338a7798d2ce6f72666a1fcedfe9b72 mbs1/x86_64/php-ZendFramework-Services-1.12.7-1.mbs1.noarch.rpm
914762e556834e2ce9e17d6d10ad81a0 mbs1/x86_64/php-ZendFramework-tests-1.12.7-1.mbs1.noarch.rpm
a8bd5d5bc7c4c8579278e22650a4d3be mbs1/SRPMS/php-ZendFramework-1.12.7-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFT2esDmqjQ0CJFipgRAuIqAKDiZkSxIOcYE5rqlzO9pcoZdzQe5QCdF8EM
FqiUcm9b3m34mIxKJh1+ePU=
=aLqo
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed