Package : zendframework Version : 1.10.6-1squeeze3 CVE ID : CVE-2012-6531 CVE-2012-6532 CVE-2014-2681 CVE-2014-2682 CVE-2014-2683 CVE-2014-2684 CVE-2014-2685 CVE-2014-4914 CVE-2014-8088 CVE-2014-8089 CVE-2015-3154 Debian Bug : 743175 754201 Several vulnerabilities were found in the Zend PHP framework: CVE-2012-6531 Pádraic Brady identified a weakness to handle the SimpleXMLElement zendframework class, allowing to remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack. CVE-2012-6532 Pádraic Brady found that remote attackers could cause a denial of service by CPU consumption, via recursive or circular references through an XML entity expansion (XEE) attack. CVE-2014-2681 Lukas Reschke reported a lack of protection against XML External Entity injection attacks in some functions. This fix extends the incomplete one from CVE-2012-5657. CVE-2014-2682 Lukas Reschke reported a failure to consider that the libxml_disable_entity_loader setting is shared among threads in the PHP-FPM case. This fix extends the incomplete one from CVE-2012-5657. CVE-2014-2683 Lukas Reschke reported a lack of protection against XML Entity Expansion attacks in some functions. This fix extends the incomplete one from CVE-2012-6532. CVE-2014-2684 Christian Mainka and Vladislav Mladenov from the Ruhr-University Bochum reported an error in the consumer's verify method that lead to acceptance of wrongly sourced tokens. CVE-2014-2685 Christian Mainka and Vladislav Mladenov from the Ruhr-University Bochum reported a specification violation in which signing of a single parameter is incorrectly considered sufficient. CVE-2014-4914 Cassiano Dal Pizzol discovered that the implementation of the ORDER BY SQL statement in Zend_Db_Select contains a potential SQL injection when the query string passed contains parentheses. CVE-2014-8088 Yury Dyachenko at Positive Research Center identified potential XML eXternal Entity injection vectors due to insecure usage of PHP's DOM extension. CVE-2014-8089 Jonas Sandström discovered an SQL injection vector when manually quoting value for sqlsrv extension, using null byte. CVE-2015-3154 Filippo Tessarotto and Maks3w reported potential CRLF injection attacks in mail and HTTP headers. For Debian 6 "Squeeze", these issues have been fixed in zendframework version 1.10.6-1squeeze3.
Attachment:
signature.asc
Description: Digital signature