-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:145 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : php-ZendFramework Date : July 31, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in php-ZendFramework: The implementation of the ORDER BY SQL statement in Zend_Db_Select of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses (CVE-2014-4914). The updated packages have been upgraded to the latest ZendFramework (1.12.7) version which is not vulnerable to this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914 http://framework.zend.com/security/advisory/ZF2014-04 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: f9e5804a58b8af73a972bfa0a2da6284 mbs1/x86_64/php-ZendFramework-1.12.7-1.mbs1.noarch.rpm 1a5d10af134d2b517d3752a8119b2339 mbs1/x86_64/php-ZendFramework-Cache-Backend-Apc-1.12.7-1.mbs1.noarch.rpm 1d37c1497156c59d7539333b2b413e8b mbs1/x86_64/php-ZendFramework-Cache-Backend-Memcached-1.12.7-1.mbs1.noarch.rpm 99414b75a630264f9dcfe4c8dfa53e6e mbs1/x86_64/php-ZendFramework-Captcha-1.12.7-1.mbs1.noarch.rpm 9ac1fb5c76b9f0b71abf1bf90a273ebd mbs1/x86_64/php-ZendFramework-demos-1.12.7-1.mbs1.noarch.rpm d25f8e0658bbe3ce7f026d20baeebadf mbs1/x86_64/php-ZendFramework-Dojo-1.12.7-1.mbs1.noarch.rpm 75218f17b04edc9c422aa8117239411d mbs1/x86_64/php-ZendFramework-extras-1.12.7-1.mbs1.noarch.rpm 9ca8a5d6aa73e77f2e679e5020be0d41 mbs1/x86_64/php-ZendFramework-Feed-1.12.7-1.mbs1.noarch.rpm 46c3592a516b33b3f30fa6603d9085b7 mbs1/x86_64/php-ZendFramework-Gdata-1.12.7-1.mbs1.noarch.rpm aecf3e6879dca04b9084660c5f490626 mbs1/x86_64/php-ZendFramework-Pdf-1.12.7-1.mbs1.noarch.rpm 44829853ef1ac199da93b5affaec8070 mbs1/x86_64/php-ZendFramework-Search-Lucene-1.12.7-1.mbs1.noarch.rpm 2338a7798d2ce6f72666a1fcedfe9b72 mbs1/x86_64/php-ZendFramework-Services-1.12.7-1.mbs1.noarch.rpm 914762e556834e2ce9e17d6d10ad81a0 mbs1/x86_64/php-ZendFramework-tests-1.12.7-1.mbs1.noarch.rpm a8bd5d5bc7c4c8579278e22650a4d3be mbs1/SRPMS/php-ZendFramework-1.12.7-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFT2esDmqjQ0CJFipgRAuIqAKDiZkSxIOcYE5rqlzO9pcoZdzQe5QCdF8EM FqiUcm9b3m34mIxKJh1+ePU= =aLqo -----END PGP SIGNATURE-----