[Bug 506304] Re: Security Issues in Zend-Framework

Tue, 12 Jan 2010 08:10:51 -0800 

This bug was fixed in the package zend-framework - 1.9.4-0ubuntu2.1

---------------
zend-framework (1.9.4-0ubuntu2.1) karmic-security; urgency=low

  * The security update fixes the following security issues: (LP: #506304)
    + ZF2010-03: Potential XSS vector in Zend_Filter_StripTags when comments 
allowed
      Zend_Filter_StripTags contained an optional setting to allow whitelisting
      HTML comments in filtered text. Microsoft Internet Explorer and several 
other
      browsers allow developers to create conditional functionality via HTML 
comments,
      including execution of script events and rendering of additional 
commented markup.
      By allowing whitelisting of HTML comments, a malicious user could 
potentially
      include XSS exploits within HTML comments that would then be rendered in 
the final output.
      http://framework.zend.com/security/advisory/ZF2010-03
    + ZF2010-04: Potential MIME-type Injection in Zend_File_Transfer
      Zend_File_Transfer had a potential MIME type injection vulnerability for 
file uploads.
      In certain situations where either PHP's ext/finfo extension is not 
installed and
      the mime_content_type() function was not available on a system, 
Zend_File_Transfer would
      use the user provided value for the type embedded inside the $_FILES 
superglobal.
      Additionally, in cases where the functionality was available, but where a 
type could not
      be determined by one of them, Zend_File_Transfer would also fallback on 
the user provided type.
      Using user provided information for a file's MIME type in uploads is 
considered an insecure
      practice, as it provides attack vectors by malicious users.
      http://framework.zend.com/security/advisory/ZF2010-04
    + ZF2010-06: Potential XSS or HTML Injection vector in Zend_Json
      Zend_Json_Encoder was not taking into account the solidus character ("/") 
during encoding,
      leading to incompatibilities with the JSON specification, and opening the 
potential for XSS
      or HTML injection attacks when returning HTML within a JSON string.
  * debian/patches/99_ZF2010-03_Zend_Filter_Striptags.patch:
    + Patch was found at: http://framework.zend.com/issues/browse/ZF-8743
  * debian/patches/99_ZF2010-04_Zend_File_Transfer.patch:
    + Patch was found at: http://framework.zend.com/issues/browse/ZF-8733
  * debian/patches/99_ZF2010-06_Zend_Json.patch
    + Patch was found: http://framework.zend.com/issues/browse/ZF-8663
 -- Stephan Hermann <s...@sourcecode.de>   Tue, 12 Jan 2010 10:30:47 +0000

** Changed in: zend-framework (Ubuntu Karmic)
       Status: Fix Committed => Fix Released

** Changed in: zend-framework (Ubuntu Jaunty)
       Status: Fix Committed => Fix Released

-- 
Security Issues in Zend-Framework
https://bugs.launchpad.net/bugs/506304
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-b...@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

-- 
universe-bugs mailing list
universe-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/universe-bugs

Reply via email to