Mageia alert MGASA-2016-0363 (php-adodb) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2016-0363: The updated package fix security vulnerabilities 
Date:
    	       Thu, 3 Nov 2016 23:54:03 +0100
Message-ID:
    	       <20161103225403.5CAA59F79E@duvel.mageia.org>
MGASA-2016-0363 - The updated package fix security vulnerabilities

Publication date: 03 Nov 2016
URL: http://advisories.mageia.org/MGASA-2016-0363.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2016-7405,
     CVE-2016-4855

Description:
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x 
before 5.20.7 might allow remote attackers to conduct SQL injection attacks 
via vectors related to incorrect quoting. (CVE-2016-7405)

Cross Site Scripting vulnerability in test script (CVE-2016-4855)

References:
- https://bugs.mageia.org/show_bug.cgi?id=19307
- http://www.openwall.com/lists/oss-security/2016/09/15/1
- http://lwn.net/Alerts/700508/
- http://lwn.net/Vulnerabilities/701151/
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7405
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4855

SRPMS:
- 5/core/php-adodb-5.18-5.1.mga5

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2016-0363: The updated package fix security vulnerabilities
Date:		Thu, 3 Nov 2016 23:54:03 +0100
Message-ID:		<20161103225403.5CAA59F79E@duvel.mageia.org>