You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php-udan11-sql-parser

Sigurnosni nedostaci programskog paketa php-udan11-sql-parser

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2016-03-13 19:42:32.347711

Name : php-udan11-sql-parser
Product : Fedora 22
Version : 3.4.0
Release : 1.fc22
Summary : A validating SQL lexer and parser with a focus on MySQL dialect
Description :
A validating SQL lexer and parser with a focus on MySQL dialect.

This library was originally developed for phpMyAdmin during
the Google Summer of Code 2015.

To use this library, you just have to add, in your project:
require_once ‘/usr/share/php/SqlParser/autoload.php’;

Update Information:

phpMyAdmin (2016-02-29) =============================== This release
fixes multiple XSS vulnerabilities, please see PMASA-2016-10, PMASA-2016-11, and
PMASA-2016-12 for details; additionally it fixes a vulnerability allowing man-
in-the-middle attack on an API call to GitHub, see PMASA-2016-13 for details.
It also inclues fixes for the following bugs: – issue #11971 CREATE UNIQUE
INDEX index type is not recognized by parser. – issue #11982 Row count wrong
when grouping joined tables. – issue #12012 Column definition with default value
and comment in CREATE TABLE exported faulty. – issue #12020 New statement but no
delimiter and unexpected token with REPLACE. – issue #12029 Fixed incorrect
usage of SQL parser context in SQL export – issue #12048 Fixed inclusion of
gettext library from SQL parser

[ 1 ] Bug #1313698 – CVE-2016-2559 CVE-2016-2562 phpmyadmin: various flaws [fedora-all]
[ 2 ] Bug #1313225 – CVE-2016-2560 CVE-2016-2561 phpmyadmin: various flaws [fedora-all]
[ 3 ] Bug #1310918 – phpMyAdmin- is available

This update can be installed with the “yum” update program. Use
su -c ‘yum update php-udan11-sql-parser’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorAndrej Sefic
Cert idNCERT-REF-2016-03-0025-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa bind

Otkriveni su sigurnosni nedostaci u programskom paketu bind za operativni sustav Fedora. Svi otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada...