| Errata ID | 317 |
|---|---|
| Date | 2015-09-15 |
| Source package | zendframework |
| Fixed in version | 1.11.13-1.1.9.201509021442 |
| Description | Multiple security vulnerabilities have been fixed in zendframework: * Denial of service through XEE (CVE-2014-2681, CVE-2014-2682, CVE-2014-2683) * Incorrect validation of OpenID identity providers (CVE-2014-2684, CVE-2014-2685) * SQL injection in Zend_Db_Select (CVE-2014-4914) * Incorrect NULL byte handling in LDAP authentication (CVE-2014-8088) * SQL injection in sqlsrv extension (CVE-2014-8089) * CRLF injections in HTTP and Mail (CVE-2015-3154) * Improper Restriction of XML External Entity Reference (CVE-2015-5161) |
| Additional notes | |
| CVE ID | CVE-2014-2681 CVE-2014-2682 CVE-2014-2683 CVE-2014-2684 CVE-2014-2685 CVE-2014-4914 CVE-2014-8088 CVE-2014-8089 CVE-2015-3154 CVE-2015-5161 |
| UCS Bug number | #37002 |
