unixODBC-2.3.1-14.el7

エラータID: AXSA:2019-4101:01

Release date: 
Monday, August 19, 2019 - 19:33
Subject: 
unixODBC-2.3.1-14.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The unixODBC packages contain a framework that supports accessing databases through the ODBC protocol.

Security Fix(es):

* unixODBC: Buffer overflow in unicode_to_ansi_copy() can lead to crash or other unspecified impact (CVE-2018-7409)

* unixODBC: Insecure buffer copy in SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c (CVE-2018-7485)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-7409
In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c.
CVE-2018-7485
The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.

Solution: 

Update packages.

CVEs: 
CVE-2018-7409
In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c.
CVE-2018-7485
The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.
Additional Info: 

N/A

Download: 

SRPMS
  1. unixODBC-2.3.1-14.el7.src.rpm
    MD5: 40318853831583f0c82091261db5a42f
    SHA-256: d8b9943df1e56a9c2b9023d1b12e6d519364cbccf77658eff8cc5098b4503912
    Size: 1.76 MB

Asianux Server 7 for x86_64
  1. unixODBC-2.3.1-14.el7.x86_64.rpm
    MD5: 1e823870e70ee96af5f92e8baf1fb49f
    SHA-256: 4c56e81fcbe1b63c589d559088a5d4decb8a29ec60fb5c1a560b69e4feded846
    Size: 412.27 kB
  2. unixODBC-devel-2.3.1-14.el7.x86_64.rpm
    MD5: f7cd7ebd0b15c0e94603b3f111bba2a3
    SHA-256: 8013dae02325ad9353f4fbd5b64cc00d8bad70cbb414d5a88f8696f5469ab8fc
    Size: 53.93 kB
  3. unixODBC-2.3.1-14.el7.i686.rpm
    MD5: dea111144a7283891ba3c7b2a37bd3e7
    SHA-256: 94f4f0fc3def86ca33ee526ac4123294bb0b38903a83105efac00a9992cb2f46
    Size: 410.21 kB
  4. unixODBC-devel-2.3.1-14.el7.i686.rpm
    MD5: 13a078dab6af62809d672a6a236a5d5c
    SHA-256: a2e3720790c655d0e208f4db583b914a4bd759f955074b21af342a3cee22e78c
    Size: 53.86 kB