GLSA-201408-01 : Zend Framework: SQL injection
High Nessus Plugin ID 76996
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201408-01 (Zend Framework: SQL injection)
Developers using non-ASCII-compatible encodings in conjunction with the MySQL PDO driver of PHP may be vulnerable to SQL injection attacks.
A remote attacker could use specially crafted input to execute arbitrary SQL statements.
There is no known workaround at this time.
SolutionAll ZendFramework users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-php/ZendFramework-1.11.6' NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2011-06-07. It is likely that your system is already updated to no longer be affected by this issue.