Fedora 22 : php-ZendFramework2-2.4.8-1.fc22 (2015-16034)

high Nessus Plugin ID 86172

Synopsis

The remote Fedora host is missing a security update.

Description

**Zend Framework 2.4.8** **Security Update** * **ZF2015-07**: The filesystem storage adapter of Zend\Cache was creating directories with a liberal umask that could lead to local arbitrary code execution and/or local privilege escalation. This release contains a patch that ensures the directories are created using permissions of 0775 and files using 0664 (essentially umask 0002). **Bug fixed** from upstream [Changelog](http://framework.zend.com/changelog/2.4.8) * validate against DateTimeImmutable instead of DateTimeInterface * treat 0.0 as non-empty, restoring pre-2.4 behavior * deprecate 'magic' logic for auto- attaching NonEmpty validators in favor of explicit attachment * ensure fallback values work as per pre-2.4 behavior * update the InputFilterInterface::add() docblock to match implementations * Fix how missing optoinal fields are validated to match pre 2.4.0 behavior
* deprecate AllowEmpty and ContinueIfEmpty annotations, per zend-inputfilter#26 * fix typos in aria attribute names of AbstractHelper * fixes the ContentType header to properly handle encoded parameter values * fixes the Sender header to allow mailbox addresses without TLDs * fixes parsing of messages that contain an initial blank line before headers * fixes the SetCookie header to allow multiline values (as they are always encoded * fixes DefaultRenderingStrategy errors due to controllers returning non-view model results

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php-ZendFramework2 package.

See Also

https://framework.zend.com/changelog/2.4.8

http://www.nessus.org/u?bea612c5

Plugin Details

Severity: High

ID: 86172

File Name: fedora_2015-16034.nasl

Version: 2.5

Type: local

Agent: unix

Published: 9/28/2015

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php-zendframework2, cpe:/o:fedoraproject:fedora:22

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 9/25/2015

Reference Information

FEDORA: 2015-16034