Download
| Alert*
oval:org.secpod.oval:def:89002136
This update for unixODBC to version 2.3.6 fixes the following issues: - CVE-2018-7409: Buffer overflow in unicode_to_ansi_copy was fixed in 2.3.5 - CVE-2018-7485: Swapped arguments in SQLWriteFileDSN in odbcinst/SQLWriteFileDSN.c Other fixes: - Enabled --enable-fastvalidate option in configure oval:org.secpod.oval:def:2103450 In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c. oval:org.secpod.oval:def:1700268 A buffer overflow flaw was found in the unicode_to_ansi_copy function of unixODBC. This overflow is not directly controllable by an attacker making the maximum potential impact a crash or denial of service.An argument order confusion flaw was found in the SQLWriteFileDSN API of unixODBC. This could ... oval:org.secpod.oval:def:503290 The unixODBC packages contain a framework that supports accessing databases through the ODBC protocol. Security Fix: * unixODBC: Buffer overflow in unicode_to_ansi_copy can lead to crash or other unspecified impact * unixODBC: Insecure buffer copy in SQLWriteFileDSN function in odbcinst/SQLWriteFil ... oval:org.secpod.oval:def:205350 The unixODBC packages contain a framework that supports accessing databases through the ODBC protocol. Security Fix: * unixODBC: Buffer overflow in unicode_to_ansi_copy can lead to crash or other unspecified impact * unixODBC: Insecure buffer copy in SQLWriteFileDSN function in odbcinst/SQLWriteFil ... oval:org.secpod.oval:def:1503983 [2.3.1-14.0.1] - backport unchecked malloc memory references fix [Orabug: 29684195] [2.3.1-14] - fixed insecure buffer copy - fixed possible buffer overflow [2.3.1-13] - revert: ltdl bundling [2.3.1-12] - fix the libtool-ltdl compatibility Resolves: rhbz#1267438 oval:org.secpod.oval:def:115068 Install unixODBC if you want to access databases through ODBC. You will also need the mariadb-connector-odbc package if you want to access a MySQL or MariaDB database, and/or the postgresql-odbc package for PostgreSQL. oval:org.secpod.oval:def:2000151 In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy function in DriverManager/__info.c. oval:org.secpod.oval:def:1900127 In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy function in DriverManager/__info.c. |