Fedora 7 : php-pear-DB-1.7.11-1.fc7 (2007-0249)

high Nessus Plugin ID 27656

Synopsis

The remote Fedora host is missing a security update.

Description

1.7.11 : fbsql :

- Fixed commit and rollback to specify the handle to be used.

1.7.10 : mysqli :

- Added a type map for BIT fields.

1.7.9 : sybase :

- Added divide by zero error mapping.

- Added a specific quoteFloat() implementation along the same lines as fbsql.

- Updated tableInfo() to cope with old versions of ASE that don't have sp_helpindex.

1.7.8 : DB :

- Added code to DB_result::numRows() to return correct results when limit emulation is being used.

- Added DB::getDSNString() to allow pretty-printing of both string and array DSNs, thereby improving the output of DB::connect() on error.

- Added DB_common::nextQueryIsManip() to explicitly hint that the next query is a manipulation query and therefore ignore DB::isManip()

- Changed all freeResult() methods to check that the parameter is a resource before calling the native function to free the result.

- Fixed DB_result::fetch*() to only increment their internal row_counters when a row number has not been provided.

- Fixed quoting of float values to always have the decimal point as a point, rather than a comma, irrespective of locale.

- Silenced errors on ini_set calls.

- Tweaked DB::isManip() to attempt to deal with SELECT queries that include the word INTO in a non-keyword context.

fbsql :

- Fix DB_result::numRows() to return the correct value for limit queries.

ibase :

- Handled cases where ibase_prepare returns false.

ifx :

- Altered simpleQuery() to treat EXECUTE queries as being data-returning.

mssql :

- Altered nextId() to use IDENT_CURRENT instead of @@IDENTITY, thereby resolving problems with concurrent nextId() calls.

mysqli :

- Added the mysterious 246 data type to the type map.

- Allowed the ssl option to be an integer

oci8 :

- Added tracking of prepared queries to ensure that last_query is set properly even when there are multiple prepared queries at a given time.

- Altered connect() to handle non-standard ports.

- Altered numRows() to properly restore last_query state.

pgsql :

- Added schema support to _pgFieldFlags.

- Updated pgsql escaping to use pg_escape_string when available.

1.7.7 : DB :

- added ability to specify port number when using unix sockets in DB::parseDSN()

odbc(access) :

- Tweak quoteSmart() to allows MS Access to wrap dates in #'s.

dbase :

- Added DB_dbase::freeResult().

ifx :

- Added support for error codes as at Informix 10.

msql :

- Fix error mapping in PHP 5.2.

mssql :

- Use mssql_fetch_assoc() instead of mssql_fetch_array().

- Fix issues with delimited identifiers in mssql tableInfo().

- Added support for some of the key error codes introduced in SQL Server 2005.

mysql :

- fixed handling of fully qualified table names in tableInfo().

- Added support for new error codes in MySQL 5.

mysqli :

- worked around an issue in 'len' handling of tableInfo().
There is a bug in ext/mysqli or the mysqli docs.

- Added support for new error codes in MySQL 5.

oci8 :

- Allowed old-style functions to use the database DSN field if hostspec isn't provided.

pgsql :

- When inserting to non-existent column, produce proper error, 'no such field', instead of 'no such table'.

- If connection is lost, raise DB_ERROR_CONNECT_FAILED instead of the generic DB_ERROR.

- Allow FETCH queries to return results.

sqlite :

- Fix bug sqlite:///:memory: trys to open file.

- Fix error mapping in PHP 5.2.

sybase :

- Allow connecting without specifying db name.

- Fix error mapping in PHP 5.2.

storage :

- Eliminate 'Undefined index $vars' notice in store()

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php-pear-DB package.

See Also

http://www.nessus.org/u?652b49a4

Plugin Details

Severity: High

ID: 27656

File Name: fedora_2007-0249.nasl

Version: 1.15

Type: local

Agent: unix

Published: 11/6/2007

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php-pear-db, cpe:/o:fedoraproject:fedora:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 6/6/2007

Vulnerability Publication Date: 5/24/2006

Reference Information

CVE: CVE-2006-2313, CVE-2006-2314

FEDORA: 2007-0249