Amazon Linux 1 (EOL) Security Advisory: ALAS-2015-560
Advisory Released Date: 2015-07-07
Advisory Updated Date: 2015-07-07
Severity:
Medium
Issue Overview:
Upstream reported (http://framework.zend.com/security/advisory/ZF2015-04) a vulnerability in the Zend\Mail component in Zend Framework 2, specifically in how it handles headers. Headers are not correctly filtered for newlines, allowing the ability to send additional, unrelated headers and to bypass additional headers by emitting the header/body separator sequence.
Affected Packages:
php-ZendFramework
Issue Correction:
Run yum update php-ZendFramework to update your system.
New Packages:
noarch:
php-ZendFramework-extras-1.12.13-1.11.amzn1.noarch
php-ZendFramework-demos-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Db-Adapter-Pdo-Mssql-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Pdf-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Cache-Backend-Libmemcached-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Cache-Backend-Memcached-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Serializer-Adapter-Igbinary-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Db-Adapter-Pdo-Pgsql-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Db-Adapter-Pdo-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Captcha-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Ldap-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Search-Lucene-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Dojo-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Db-Adapter-Mysqli-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Auth-Adapter-Ldap-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Feed-1.12.13-1.11.amzn1.noarch
php-ZendFramework-full-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Cache-Backend-Apc-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Soap-1.12.13-1.11.amzn1.noarch
php-ZendFramework-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Services-1.12.13-1.11.amzn1.noarch
php-ZendFramework-Db-Adapter-Pdo-Mysql-1.12.13-1.11.amzn1.noarch
src:
php-ZendFramework-1.12.13-1.11.amzn1.src