You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php-udan11-sql-parser

Sigurnosni nedostaci programskog paketa php-udan11-sql-parser

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2016-03-09 20:10:53.637502

Name : php-udan11-sql-parser
Product : Fedora 23
Version : 3.4.0
Release : 1.fc23
Summary : A validating SQL lexer and parser with a focus on MySQL dialect
Description :
A validating SQL lexer and parser with a focus on MySQL dialect.

This library was originally developed for phpMyAdmin during
the Google Summer of Code 2015.

To use this library, you just have to add, in your project:
require_once ‘/usr/share/php/SqlParser/autoload.php’;

Update Information:

phpMyAdmin (2016-02-29) =============================== This release
fixes multiple XSS vulnerabilities, please see PMASA-2016-10, PMASA-2016-11, and
PMASA-2016-12 for details; additionally it fixes a vulnerability allowing man-
in-the-middle attack on an API call to GitHub, see PMASA-2016-13 for details.
It also inclues fixes for the following bugs: – issue #11971 CREATE UNIQUE
INDEX index type is not recognized by parser. – issue #11982 Row count wrong
when grouping joined tables. – issue #12012 Column definition with default value
and comment in CREATE TABLE exported faulty. – issue #12020 New statement but no
delimiter and unexpected token with REPLACE. – issue #12029 Fixed incorrect
usage of SQL parser context in SQL export – issue #12048 Fixed inclusion of
gettext library from SQL parser

[ 1 ] Bug #1313696 – CVE-2016-2562 phpMyAdmin: man-in-the-middle attack on API call to GitHub (PMASA-2016-13)
[ 2 ] Bug #1313695 – CVE-2016-2559 phpMyAdmin: XSS vulnerability in SQL parser (PMASA-2016-10)
[ 3 ] Bug #1313224 – CVE-2016-2561 phpMyAdmin: multiple XSS vulnerabilities (PMASA-2016-12)
[ 4 ] Bug #1313221 – CVE-2016-2560 phpMyAdmin: multiple XSS vulnerabilities (PMASA-2016-11)

This update can be installed with the “yum” update program. Use
su -c ‘yum update php-udan11-sql-parser’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorAndrej Sefic
Cert idNCERT-REF-2016-03-0042-ADV
More in Preporuke
Ranjivost Cisco Wireless Residential Gateway uređaja

Cisco je izdao zakrpu za otklanjanje ranjivosti u Cisco Wireless Residential Gateway uređaju. Ranjivost je uzrokovana nepravilno implementiranim ograničenjima pristupa...