When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability (CVE-2016-10034).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 5 | noarch | php-zendframework2 | < 2.4.11-1 | php-ZendFramework2-2.4.11-1.mga5 |