SuSE Local Security Checks : openSUSE: Security Advisory for unixODBC (openSUSE-SU-2018:1845-1)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.851803

Categoría: SuSE Local Security Checks

Título: openSUSE: Security Advisory for unixODBC (openSUSE-SU-2018:1845-1)

Resumen: The remote host is missing an update for the 'unixODBC'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'unixODBC'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for unixODBC to version 2.3.6
fixes the following issues:

- CVE-2018-7409: Buffer overflow in unicode_to_ansi_copy() was fixed in
2.3.5 (bsc#1082290)

- CVE-2018-7485: Swapped arguments in SQLWriteFileDSN() in
odbcinst/SQLWriteFileDSN.c (bsc#1082484)

Other fixes:

- Enabled --enable-fastvalidate option in configure (bsc#1044970)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-684=1

Affected Software/OS:
unixODBC on openSUSE Leap 42.3

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-7409
http://www.unixodbc.org/unixODBC-2.3.5.tar.gz
https://sourceforge.net/projects/unixodbc/files/unixODBC/2.3.5/ChangeLog/download
RedHat Security Advisories: RHSA-2019:2336
https://access.redhat.com/errata/RHSA-2019:2336
Common Vulnerability Exposure (CVE) ID: CVE-2018-7485
BugTraq ID: 103193
http://www.securityfocus.com/bid/103193
https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.851803
Categoría:	SuSE Local Security Checks
Título:	openSUSE: Security Advisory for unixODBC (openSUSE-SU-2018:1845-1)
Resumen:	The remote host is missing an update for the 'unixODBC'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'unixODBC' package(s) announced via the referenced advisory. Vulnerability Insight: This update for unixODBC to version 2.3.6 fixes the following issues: - CVE-2018-7409: Buffer overflow in unicode_to_ansi_copy() was fixed in 2.3.5 (bsc#1082290) - CVE-2018-7485: Swapped arguments in SQLWriteFileDSN() in odbcinst/SQLWriteFileDSN.c (bsc#1082484) Other fixes: - Enabled --enable-fastvalidate option in configure (bsc#1044970) This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-684=1 Affected Software/OS: unixODBC on openSUSE Leap 42.3 Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-7409 http://www.unixodbc.org/unixODBC-2.3.5.tar.gz https://sourceforge.net/projects/unixodbc/files/unixODBC/2.3.5/ChangeLog/download RedHat Security Advisories: RHSA-2019:2336 https://access.redhat.com/errata/RHSA-2019:2336 Common Vulnerability Exposure (CVE) ID: CVE-2018-7485 BugTraq ID: 103193 http://www.securityfocus.com/bid/103193 https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24
Copyright	Copyright (C) 2018 Greenbone Networks GmbH