Security update for unixODBC (moderate)

2018-06-29T15:07:45
ID OPENSUSE-SU-2018:1845-1
Type suse
Reporter Suse
Modified 2018-06-29T15:07:45

Description

This update for unixODBC to version 2.3.6 fixes the following issues:

  • CVE-2018-7409: Buffer overflow in unicode_to_ansi_copy() was fixed in 2.3.5 (bsc#1082290)
  • CVE-2018-7485: Swapped arguments in SQLWriteFileDSN() in odbcinst/SQLWriteFileDSN.c (bsc#1082484)

Other fixes:

  • Enabled --enable-fastvalidate option in configure (bsc#1044970)

This update was imported from the SUSE:SLE-12-SP2:Update update project.