FrSIRT - Fedora Security Update Fixes Pear MDB2 Data Injection and Disclosure / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Pear MDB2 Data Injection and Disclosure

Title : Fedora Security Update Fixes Pear MDB2 Data Injection and Disclosure
Advisory ID : FrSIRT/ADV-2007-3864
CVE ID : CVE-2007-5934
Rated as : Low Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-15

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by remote attackers to gain knowledge of sensitive information [...]

Solution

Upgrade the affected packages :

24a9df49d1336e8f49ad7f028813c6e22845f497 php-pear-MDB2-2.4.1-2.fc7.noarch.rpm
324479ac1c2c93fe4dfb60ce207faff0ddd4fd84 php-pear-MDB2-2.4.1-2.fc7.src.rpm
f93c1e706463f865376a379e9a99c8c4fa931550 php-pear-MDB2-Driver-mysql-1.4.1-3.fc7.noarch.rpm
8611ac8c16465a3f4781e1aea7e9fe8c27366b8d php-pear-MDB2-Driver-mysql-1.4.1-3.fc7.src.rpm
6f4f2828e5dec32953ee561f43fa117de48b52d php-pear-MDB2-Driver-mysqli-1.4.1-3.fc7.noarch.rpm
4cca3a238afc9cb4fd26093fd5b0988755e8df60 php-pear-MDB2-Driver-mysqli-1.4.1-3.fc7.src.rpm

f720e8b93c7e754697ba2050d4a4e59dfae59cdb php-pear-MDB2-2.4.1-2.fc8.noarch.rpm
b47bd9fe4b44c898bc757240b38dfad492492f86 php-pear-MDB2-2.4.1-2.fc8.src.rpm
f10c20af58bf40d537f26c92878865d5a6263936 php-pear-MDB2-Driver-mysql-1.4.1-3.fc8.1.noarch.rpm
7decaae08ac1485222021ef0780b4f641527f657 php-pear-MDB2-Driver-mysql-1.4.1-3.fc8.1.src.rpm
23bba1d3f1469b658db807a39165906a88564caa php-pear-MDB2-Driver-mysqli-1.4.1-3.fc8.noarch.rpm
0026e629d0d2b66849b09554e97d1d4c4620a62a php-pear-MDB2-Driver-mysqli-1.4.1-3.fc8.src.rpm

ChangeLog

2007-11-15 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Sun Logical Domain Manager Local Privilege Escalation Vulnerability
	Sun StarOffice/StarSuite EMF Handling Buffer Overflow Vulnerability
	Sun Java Messaging Server Cross Site Scripting Vulnerability
	Sun Solaris IP Filter NAT Service DNS Cache Poisoning Vulnerability
	Sun Java System Identity Manager Security Bypass Vulnerabilities
	Sun Solaris DHCP Buffer Overflow and Denial of Service
	Sun Solstice X.25 "/dev/xty" Local Denial of Service Vulnerability

	Apple Safari Code Execution and Security Bypass Vulnerabilities
	Apple iLife and Aperture Image Handling Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities
	Apple QuickTime Multiple Remote Code Execution Vulnerabilities

	IBM AIX Sendmail Header Lines Denial of Service Vulnerability
	IBM Metrica Multiple Parameter Cross Site Scripting Vulnerabilities
	IBM Lotus Quickr Unspecified Cross Site Scripting Vulnerabilities
	IBM Hardware Management Console Denial of Service Vulnerability
	IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability
	IBM DB2 Denial of Service and Information Disclosure Vulnerabilities
	IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities