CVE-2016-6233 Amazon Linux Security Advisory for php-ZendFramework: ALAS-2016-767

The implementation of ORDER BY and GROUP BY in Zend_Db_Select was discovered to be vulnerable to SQL injection.

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

Please refer to Amazon advisory ALAS-2016-767 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ALAS-2016-767: Amazon Linux (php-ZendFramework (1.12.20-1.12.amzn1) on src)

ALAS-2016-767: Amazon Linux (php-ZendFramework (1.12.20-1.12.amzn1) on noarch)