LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

php-ZendFramework: denial of service

Package(s):php-ZendFramework CVE #(s):CVE-2012-5657
Created:December 28, 2012 Updated:January 21, 2013
Description:

From the Mageia advisory:

A vulnerability was reported in Zend Framework versions prior to 1.11.15 and 1.12.1, which can be exploited to disclose certain sensitive information. This flaw is caused due to an error in the "Zend_Feed_Rss" and "Zend_Feed_Atom" classes of the "Zend_Feed" component, when processing XML data. It can be used to disclose the contents of certain local files by sending specially crafted XML data including external entity references.

Alerts:
Mageia MGASA-2012-0367 2012-12-27
Debian DSA-2602-1 2013-01-08
Fedora FEDORA-2013-0063 2013-01-20
Fedora FEDORA-2013-0057 2013-01-20
Fedora FEDORA-2013-0061 2013-01-20
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds