Jump to content
Compatible Support Forums
Sign in to follow this  
news

[SECURITY] [DLA 566-1] cakephp security update

Recommended Posts

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

 

Package : cakephp

Version : 1.3.15-1+deb7u1

Debian Bug : 832283

 

CakePHP, an open-source web application framework for PHP, was

vulnerable to SSRF (Server Side

Request Forgery) attacks. Remote attacker can utilize it for at least

DoS (Denial of Service) attacks, if the target application accepts XML

as an input. It is caused by insecure design of Cake's Xml class.

 

For Debian 7 "Wheezy", these problems have been fixed in version

1.3.15-1+deb7u1.

 

We recommend that you upgrade your cakephp packages.

 

Further information about Debian LTS security advisories, how to apply

these updates to your system and frequently asked questions can be

found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v2

 

iQIcBAEBCAAGBQJXmnJvAAoJEPZk0la0aRp9BVYP/AwaEyVZleQ71EYHsjPafuoF

1d3FGeZTNkFR+D8bf7+mgmHHtRDHuTCV8Xg0hJS8duXrmVEMQoeNhq7bxaIjLkw6

0kPgtgOEGdUhZFq34C5vOOH0mef3nJcnrlkk2uEGyvrj73jqR557UUGG547msU9F

dosYhFcslE79RtXFPj7IMURhKIXzNveWy36I0MUPqqRK6nbiCjEEUGkU2JlzJn0X

g+xOlpZB+fsqgLb33Qncn+/ghFx6jL0Rd25fLUvsd7FNf0zFbIlV2ZFzOsUYDDuq

HqYB1mXeSr3LveENVPHT3QdYhSCO6A+WEuI0fikoHOuHxvFtL0UehyclaKYWYl6h

rRQqgoS7Bb81g1Xw8+/7US8kreIH5oJQ+Ql8l1kGseRoGwriPr+rKPUyWx41/1xe

8XaLmoxfTYIwy76Kt2xy7SMgT8o1UGfk3WG53n6j/wpHnaFwd6CnyfJQmuFig4Z4

M9l3l71UR/NPWvNxf8Im7Bxi5NosrED+2viCaWVenckIDmEaXifindZwcTXwCwug

uplbTYaurjGKdjIV+L9cglw+96j+CEiWDzUnOAKY53RT18aHHqhLmApTP/Af6k7j

11WiOW1Alv4qDALWhvHzAbnQDl6+jjXW8/2KtZy5v7DxTH2P0LiwqE/cevEvizVg

uGAaQ1KjPW3CfYRn80re

=7bDr

-----END PGP SIGNATURE-----

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×