GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Apr 09, 2018 4:26 pm Post subject: [ GLSA 201804-10 ] Zend Framework |
|
|
Gentoo Linux Security Advisory
Title: Zend Framework: Multiple vulnerabilities (GLSA 201804-10)
Severity: normal
Exploitable: remote
Date: 2018-04-09
Bug(s): #604182
ID: 201804-10
Synopsis
Multiple vulnerabilities have been found in Zend Framework, the
worst of which could allow attackers to remotely execute arbitrary
commands.
Background
Zend Framework is a high quality and open source framework for
developing Web Applications.
Affected Packages
Package: dev-php/ZendFramework
Vulnerable: <= 1.12.9
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Zend Framework that
have remain unaddressed. Please review the referenced CVE identifiers for
details.
Impact
Remote attackers could execute arbitrary commands or conduct SQL
injection attacks.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for Zend Framework and recommends that
users unmerge the package:
Code: | # emerge --unmerge "dev-php/ZendFramework"
|
References
CVE-2016-10034
CVE-2016-4861
CVE-2016-6233
Last edited by GLSA on Tue Apr 10, 2018 4:17 am; edited 1 time in total |
|