GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Aug 04, 2014 10:26 am Post subject: [ GLSA 201408-01 ] Zend Framework: SQL injection |
|
|
Gentoo Linux Security Advisory
Title: Zend Framework: SQL injection (GLSA 201408-01)
Severity: normal
Exploitable: remote
Date: August 04, 2014
Bug(s): #369139
ID: 201408-01
Synopsis
A vulnerability in Zend Framework could allow a remote attacker to
inject SQL commands.
Background
Zend Framework is a high quality and open source framework for
developing Web Applications.
Affected Packages
Package: dev-php/ZendFramework
Vulnerable: < 1.11.6
Unaffected: >= 1.11.6
Architectures: All supported architectures
Description
Developers using non-ASCII-compatible encodings in conjunction with the
MySQL PDO driver of PHP may be vulnerable to SQL injection attacks.
Impact
A remote attacker could use specially crafted input to execute arbitrary
SQL statements.
Workaround
There is no known workaround at this time.
Resolution
All ZendFramework users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/ZendFramework-1.11.6"
| NOTE: This is a legacy GLSA. Updates for all affected architectures have
been
available since 2011-06-07. It is likely that your system is already
updated
to no longer be affected by this issue.
References
CVE-2011-1939 |
|