Issued:
2019-08-06
Updated:
2019-08-06

RHSA-2019:2336 - Security Advisory

Synopsis

Moderate: unixODBC security update

Type/Severity

Security Advisory: Moderate

Topic

An update for unixODBC is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The unixODBC packages contain a framework that supports accessing databases through the ODBC protocol.

Security Fix(es):

  • unixODBC: Buffer overflow in unicode_to_ansi_copy() can lead to crash or other unspecified impact (CVE-2018-7409)
  • unixODBC: Insecure buffer copy in SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c (CVE-2018-7485)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 1548305 - CVE-2018-7409 unixODBC: Buffer overflow in unicode_to_ansi_copy() can lead to crash or other unspecified impact
  • BZ - 1549636 - CVE-2018-7485 unixODBC: Insecure buffer copy in SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c

Red Hat Enterprise Linux Server 7

SRPM
unixODBC-2.3.1-14.el7.src.rpm SHA-256: 3d8ce7843b11e60614c5c18872f7f362125fb0c167f86f935b92b2d365a7c0b5
x86_64
unixODBC-2.3.1-14.el7.i686.rpm SHA-256: 1609d18f3b6e33c0583d7422fd8d41553f1f9eb5bfa0b9952b2d81c81f1dac58
unixODBC-2.3.1-14.el7.x86_64.rpm SHA-256: a6252d5bd138a15e57c79f31f3be33317c16e93cc57e6972abf4ce3d53b59ef7
unixODBC-debuginfo-2.3.1-14.el7.i686.rpm SHA-256: db8ae2050936c1f38f1588e2de1d1078ebe0b2cc8002c4753de248bb02581380
unixODBC-debuginfo-2.3.1-14.el7.x86_64.rpm SHA-256: 1d3a6c31cdae810b47a6d28f7cc9d5f969532f9deafa5192e3d29bed0d9df860
unixODBC-devel-2.3.1-14.el7.i686.rpm SHA-256: c7f3ab826f873886d573ef765044d9a5a25582f432c9b179a2deffdf385518e0
unixODBC-devel-2.3.1-14.el7.x86_64.rpm SHA-256: 29d614754059a45c671eabfb8d277ec2eb3407b21d95fbd164e8aea454e82566

Red Hat Enterprise Linux Workstation 7

SRPM
unixODBC-2.3.1-14.el7.src.rpm SHA-256: 3d8ce7843b11e60614c5c18872f7f362125fb0c167f86f935b92b2d365a7c0b5
x86_64
unixODBC-2.3.1-14.el7.i686.rpm SHA-256: 1609d18f3b6e33c0583d7422fd8d41553f1f9eb5bfa0b9952b2d81c81f1dac58
unixODBC-2.3.1-14.el7.x86_64.rpm SHA-256: a6252d5bd138a15e57c79f31f3be33317c16e93cc57e6972abf4ce3d53b59ef7
unixODBC-debuginfo-2.3.1-14.el7.i686.rpm SHA-256: db8ae2050936c1f38f1588e2de1d1078ebe0b2cc8002c4753de248bb02581380
unixODBC-debuginfo-2.3.1-14.el7.x86_64.rpm SHA-256: 1d3a6c31cdae810b47a6d28f7cc9d5f969532f9deafa5192e3d29bed0d9df860
unixODBC-devel-2.3.1-14.el7.i686.rpm SHA-256: c7f3ab826f873886d573ef765044d9a5a25582f432c9b179a2deffdf385518e0
unixODBC-devel-2.3.1-14.el7.x86_64.rpm SHA-256: 29d614754059a45c671eabfb8d277ec2eb3407b21d95fbd164e8aea454e82566

Red Hat Enterprise Linux Desktop 7

SRPM
unixODBC-2.3.1-14.el7.src.rpm SHA-256: 3d8ce7843b11e60614c5c18872f7f362125fb0c167f86f935b92b2d365a7c0b5
x86_64
unixODBC-2.3.1-14.el7.i686.rpm SHA-256: 1609d18f3b6e33c0583d7422fd8d41553f1f9eb5bfa0b9952b2d81c81f1dac58
unixODBC-2.3.1-14.el7.x86_64.rpm SHA-256: a6252d5bd138a15e57c79f31f3be33317c16e93cc57e6972abf4ce3d53b59ef7
unixODBC-debuginfo-2.3.1-14.el7.i686.rpm SHA-256: db8ae2050936c1f38f1588e2de1d1078ebe0b2cc8002c4753de248bb02581380
unixODBC-debuginfo-2.3.1-14.el7.i686.rpm SHA-256: db8ae2050936c1f38f1588e2de1d1078ebe0b2cc8002c4753de248bb02581380
unixODBC-debuginfo-2.3.1-14.el7.x86_64.rpm SHA-256: 1d3a6c31cdae810b47a6d28f7cc9d5f969532f9deafa5192e3d29bed0d9df860
unixODBC-debuginfo-2.3.1-14.el7.x86_64.rpm SHA-256: 1d3a6c31cdae810b47a6d28f7cc9d5f969532f9deafa5192e3d29bed0d9df860
unixODBC-devel-2.3.1-14.el7.i686.rpm SHA-256: c7f3ab826f873886d573ef765044d9a5a25582f432c9b179a2deffdf385518e0
unixODBC-devel-2.3.1-14.el7.x86_64.rpm SHA-256: 29d614754059a45c671eabfb8d277ec2eb3407b21d95fbd164e8aea454e82566

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
unixODBC-2.3.1-14.el7.src.rpm SHA-256: 3d8ce7843b11e60614c5c18872f7f362125fb0c167f86f935b92b2d365a7c0b5
s390x
unixODBC-2.3.1-14.el7.s390.rpm SHA-256: 9c4b82186f2c5ed178fdc68d9d437b5b366422fdd696947dba5d47069c053b53
unixODBC-2.3.1-14.el7.s390x.rpm SHA-256: 6ded40d07e23af908d501a18f7084732a2a0fb8aff99b17688d2e5d365838de8
unixODBC-debuginfo-2.3.1-14.el7.s390.rpm SHA-256: 5f8d413d273f280f065b90cd4f519f748fca67063b4476c75411edf11440a19a
unixODBC-debuginfo-2.3.1-14.el7.s390x.rpm SHA-256: 93376941b44038c0eb5244f6c12cb1f922cd03da2ae4e488285ecc4803a3a42c
unixODBC-devel-2.3.1-14.el7.s390.rpm SHA-256: be7865a5363a0fe10c87c13ef04935c33a8706d16c42ecc7be80d45404c7859c
unixODBC-devel-2.3.1-14.el7.s390x.rpm SHA-256: 402726c4e20521c336faf20ad6e99d0ddebfde98f552d1d0077fd4adabe4fdb6

Red Hat Enterprise Linux for Power, big endian 7

SRPM
unixODBC-2.3.1-14.el7.src.rpm SHA-256: 3d8ce7843b11e60614c5c18872f7f362125fb0c167f86f935b92b2d365a7c0b5
ppc64
unixODBC-2.3.1-14.el7.ppc.rpm SHA-256: d26c45f649c95129146514420624073a37f5916b7e3ee938f078c997c2201d78
unixODBC-2.3.1-14.el7.ppc64.rpm SHA-256: df1d9618344651b7809628e87d2bb93abc8757b081001b16c8a2f9a268e25fbb
unixODBC-debuginfo-2.3.1-14.el7.ppc.rpm SHA-256: 021c55e938e2ad7013e4b9239a5e9ad0864a96417e1711ca0e120de6a225b82b
unixODBC-debuginfo-2.3.1-14.el7.ppc64.rpm SHA-256: 28100ca763880fba966a29389d14c2095504386cc62de1ec182d9f8329cb62f9
unixODBC-devel-2.3.1-14.el7.ppc.rpm SHA-256: 9c97349c2369838b5590e34083498e9007dab2792c070ee944621615a0206709
unixODBC-devel-2.3.1-14.el7.ppc64.rpm SHA-256: facd80637a6aa0b8690403389394dc1b1947ff7adce1708f74af66372ad23c1c

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
unixODBC-2.3.1-14.el7.src.rpm SHA-256: 3d8ce7843b11e60614c5c18872f7f362125fb0c167f86f935b92b2d365a7c0b5
x86_64
unixODBC-2.3.1-14.el7.i686.rpm SHA-256: 1609d18f3b6e33c0583d7422fd8d41553f1f9eb5bfa0b9952b2d81c81f1dac58
unixODBC-2.3.1-14.el7.x86_64.rpm SHA-256: a6252d5bd138a15e57c79f31f3be33317c16e93cc57e6972abf4ce3d53b59ef7
unixODBC-debuginfo-2.3.1-14.el7.i686.rpm SHA-256: db8ae2050936c1f38f1588e2de1d1078ebe0b2cc8002c4753de248bb02581380
unixODBC-debuginfo-2.3.1-14.el7.i686.rpm SHA-256: db8ae2050936c1f38f1588e2de1d1078ebe0b2cc8002c4753de248bb02581380
unixODBC-debuginfo-2.3.1-14.el7.x86_64.rpm SHA-256: 1d3a6c31cdae810b47a6d28f7cc9d5f969532f9deafa5192e3d29bed0d9df860
unixODBC-debuginfo-2.3.1-14.el7.x86_64.rpm SHA-256: 1d3a6c31cdae810b47a6d28f7cc9d5f969532f9deafa5192e3d29bed0d9df860
unixODBC-devel-2.3.1-14.el7.i686.rpm SHA-256: c7f3ab826f873886d573ef765044d9a5a25582f432c9b179a2deffdf385518e0
unixODBC-devel-2.3.1-14.el7.x86_64.rpm SHA-256: 29d614754059a45c671eabfb8d277ec2eb3407b21d95fbd164e8aea454e82566

Red Hat Enterprise Linux for Power, little endian 7

SRPM
unixODBC-2.3.1-14.el7.src.rpm SHA-256: 3d8ce7843b11e60614c5c18872f7f362125fb0c167f86f935b92b2d365a7c0b5
ppc64le
unixODBC-2.3.1-14.el7.ppc64le.rpm SHA-256: 7d2f85709d8dca00b1f7087ddd702dc88906f00b6b83dee75f1bc3c8fa202b53
unixODBC-debuginfo-2.3.1-14.el7.ppc64le.rpm SHA-256: 27b53c1e0d7972017a7fa38e478b5675de9607111b508e316ab54c6553d988f9
unixODBC-devel-2.3.1-14.el7.ppc64le.rpm SHA-256: f98439edf19c6e40751c0c3e0387c3e3b327c01277343d09de5468ebab0d236e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.