Lucene search

RedHatRHSA-2020:4999

HistoryNov 10, 2020 - 8:42 a.m.

(RHSA-2020:4999) Moderate: unixODBC security update

2020-11-1008:42:59

access.redhat.com

unixodbc

security update

buffer overflow

cve-2018-7409

sqlwritefiledsn

cve-2018-7485

database access

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.8%

JSON

The unixODBC packages contain a framework that supports accessing databases through the ODBC protocol.

Security Fix(es):

unixODBC: Buffer overflow in unicode_to_ansi_copy() can lead to crash or other unspecified impact (CVE-2018-7409)
unixODBC: Insecure buffer copy in SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c (CVE-2018-7485)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7ppc64unixodbc-debuginfo< 2.3.1-14.el7_6unixODBC-debuginfo-2.3.1-14.el7_6.ppc64.rpm
RedHat7ppc64unixodbc< 2.3.1-14.el7_6unixODBC-2.3.1-14.el7_6.ppc64.rpm
RedHat7s390unixodbc-debuginfo< 2.3.1-14.el7_6unixODBC-debuginfo-2.3.1-14.el7_6.s390.rpm
RedHat7x86_64unixodbc-devel< 2.3.1-14.el7_6unixODBC-devel-2.3.1-14.el7_6.x86_64.rpm
RedHat7ppc64leunixodbc< 2.3.1-14.el7_6unixODBC-2.3.1-14.el7_6.ppc64le.rpm
RedHat7aarch64unixodbc< 2.3.1-14.el7_6unixODBC-2.3.1-14.el7_6.aarch64.rpm
RedHat7i686unixodbc-debuginfo< 2.3.1-14.el7_6unixODBC-debuginfo-2.3.1-14.el7_6.i686.rpm
RedHat7ppcunixodbc< 2.3.1-14.el7_6unixODBC-2.3.1-14.el7_6.ppc.rpm
RedHat7x86_64unixodbc< 2.3.1-14.el7_6unixODBC-2.3.1-14.el7_6.x86_64.rpm
RedHat7s390xunixodbc< 2.3.1-14.el7_6unixODBC-2.3.1-14.el7_6.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	ppc64	unixodbc-debuginfo	< 2.3.1-14.el7_6	unixODBC-debuginfo-2.3.1-14.el7_6.ppc64.rpm
RedHat	7	ppc64	unixodbc	< 2.3.1-14.el7_6	unixODBC-2.3.1-14.el7_6.ppc64.rpm
RedHat	7	s390	unixodbc-debuginfo	< 2.3.1-14.el7_6	unixODBC-debuginfo-2.3.1-14.el7_6.s390.rpm
RedHat	7	x86_64	unixodbc-devel	< 2.3.1-14.el7_6	unixODBC-devel-2.3.1-14.el7_6.x86_64.rpm
RedHat	7	ppc64le	unixodbc	< 2.3.1-14.el7_6	unixODBC-2.3.1-14.el7_6.ppc64le.rpm
RedHat	7	aarch64	unixodbc	< 2.3.1-14.el7_6	unixODBC-2.3.1-14.el7_6.aarch64.rpm
RedHat	7	i686	unixodbc-debuginfo	< 2.3.1-14.el7_6	unixODBC-debuginfo-2.3.1-14.el7_6.i686.rpm
RedHat	7	ppc	unixodbc	< 2.3.1-14.el7_6	unixODBC-2.3.1-14.el7_6.ppc.rpm
RedHat	7	x86_64	unixodbc	< 2.3.1-14.el7_6	unixODBC-2.3.1-14.el7_6.x86_64.rpm
RedHat	7	s390x	unixodbc	< 2.3.1-14.el7_6	unixODBC-2.3.1-14.el7_6.s390x.rpm