Security release * ZF2014-05, which mititages null byte poisoning of the password provided for LDAP authentication, thus prevening unauthorized LDAP binding. This corrects for unpatched versions of PHP (versions 5.5.11 and below, 5.4.27 and below, and any prior releases). * ZF2014-06, which mitigates null byte poisoning of quoted SQL values provided to the sqlsrv extension, thus preventing a potential SQL injection vector.

This update has been submitted for testing by remi.

5 years ago

This update is currently being pushed to the Fedora EPEL 7 testing updates repository.

5 years ago

This update has been pushed to testing

5 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

5 years ago

This update has been submitted for stable by remi.

5 years ago

This update is currently being pushed to the Fedora EPEL 7 stable updates repository.

5 years ago

This update has been pushed to stable

5 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
5 years ago
in testing
5 years ago
in stable
5 years ago
BZ#1151276 CVE-2014-8088 php-ZendFramework: null byte issue, connect to LDAP without knowing the password (ZF2014-05)
0
0
BZ#1151277 CVE-2014-8089 php-ZendFramework: SQL injection issue when using the sqlsrv PHP extension (ZF2014-06)
0
0
BZ#1151281 php-ZendFramework2: various flaws [epel-7]
0
0

Automated Test Results