|
|
Subscribe / Log in / New account

Mageia alert MGASA-2016-0044 (cakephp)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2016-0044: Updated cakephp package fixes security vulnerability 


Date:
    	      Fri, 5 Feb 2016 18:26:45 +0100


Message-ID:
    	      <20160205172645.47B7B21BE3B@valstar.mageia.org>


MGASA-2016-0044 - Updated cakephp package fixes security vulnerability

Publication date: 05 Feb 2016
URL: http://advisories.mageia.org/MGASA-2016-0044.html
Type: security
Affected Mageia releases: 5

Description:
CakePHP, an open-source web application framework for PHP, was vulnerable
to SSRF (Server Side Request Forgery) attacks. Remote attacker can utilize
it for at least DoS (Denial of Service) attacks, if the target application
accepts XML as an input. It is caused by insecure design of Cake's Xml
class.

References:
- https://bugs.mageia.org/show_bug.cgi?id=17003
- http://lwn.net/Alerts/661886/

SRPMS:
- 5/core/cakephp-1.3.21-2.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds