Package name
php-ZendFramework
Date
2013-04-10
Advisory ID
MDVSA-2013:115
Affected versions
MBS1 x86_64

Problem description

Updated php-ZendFramework packages fix security vulnerabilities:

Zend_Dom, Zend_Feed, Zend_Soap, and Zend_XmlRpc in Zend Framework
before 1.11.13 and 1.12.0 are vulnerable to XML Entity Expansion (XEE)
vectors, leading to Denial of Service vectors. XEE attacks occur when
the XML DOCTYPE declaration includes XML entity definitions that
contain either recursive or circular references; this leads to CPU
and memory consumption, making Denial of Service exploits trivial to
implement (ZF2012-02).

A vulnerability was reported in Zend Framework versions prior to
1.11.15 and 1.12.1, which can be exploited to disclose certain
sensitive information. This flaw is caused due to an error in the
Zend_Feed_Rss and Zend_Feed_Atom classes of the Zend_Feed component,
when processing XML data. It can be used to disclose the contents of
certain local files by sending specially crafted XML data including
external entity references (CVE-2012-5657, ZF2012-05).

Updated packages

MBS1 x86_64

 24028f63cdfc1cd6304d441156fad899  mbs1/x86_64/php-ZendFramework-1.12.1-1.1.mbs1.noarch.rpm
 df6a7e6d8e9237029ac465a347a88b90  mbs1/x86_64/php-ZendFramework-Cache-Backend-Apc-1.12.1-1.1.mbs1.noarch.rpm
 2e6cfe5c461049ee56de1ef3cc04aabe  mbs1/x86_64/php-ZendFramework-Cache-Backend-Memcached-1.12.1-1.1.mbs1.noarch.rpm
 2be9447ec141ece3454048dc7e0c38e6  mbs1/x86_64/php-ZendFramework-Captcha-1.12.1-1.1.mbs1.noarch.rpm
 063eb5dbad73a565cf930d173be9551c  mbs1/x86_64/php-ZendFramework-demos-1.12.1-1.1.mbs1.noarch.rpm
 25213d4c603b83610a21f7677578110b  mbs1/x86_64/php-ZendFramework-Dojo-1.12.1-1.1.mbs1.noarch.rpm
 ca11b8d3cccbbce205d8dc5150d01d85  mbs1/x86_64/php-ZendFramework-extras-1.12.1-1.1.mbs1.noarch.rpm
 774db46afd448e9819ca5d93187f8282  mbs1/x86_64/php-ZendFramework-Feed-1.12.1-1.1.mbs1.noarch.rpm
 d270baf04532a249946335a3aaed7a67  mbs1/x86_64/php-ZendFramework-Gdata-1.12.1-1.1.mbs1.noarch.rpm
 43d00dcdce015dfef4f9043665741e78  mbs1/x86_64/php-ZendFramework-Pdf-1.12.1-1.1.mbs1.noarch.rpm
 5cd58523a16de049f42a6e9785e3b1aa  mbs1/x86_64/php-ZendFramework-Search-Lucene-1.12.1-1.1.mbs1.noarch.rpm
 f46f3e10469fc9446102d8f20204f3e7  mbs1/x86_64/php-ZendFramework-Services-1.12.1-1.1.mbs1.noarch.rpm
 93e13dc568450349d8b89fc34561a018  mbs1/x86_64/php-ZendFramework-tests-1.12.1-1.1.mbs1.noarch.rpm 
 5851be0ec185d6d9f1e0e260aa7e7004  mbs1/SRPMS/php-ZendFramework-1.12.1-1.1.mbs1.src.rpm

References