Fedora 7 : php-pear-DB-1.7.11-1.fc7 (2007-0249)

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.

Synopsis :

The remote Fedora host is missing a security update.

Description :

1.7.11 : fbsql :

- Fixed commit and rollback to specify the handle to be

1.7.10 : mysqli :

- Added a type map for BIT fields.

1.7.9 : sybase :

- Added divide by zero error mapping.

- Added a specific quoteFloat() implementation along the
same lines as fbsql.

- Updated tableInfo() to cope with old versions of ASE
that don't have sp_helpindex.

1.7.8 : DB :

- Added code to DB_result::numRows() to return correct
results when limit emulation is being used.

- Added DB::getDSNString() to allow pretty-printing of
both string and array DSNs, thereby improving the output
of DB::connect() on error.

- Added DB_common::nextQueryIsManip() to explicitly hint
that the next query is a manipulation query and
therefore ignore DB::isManip()

- Changed all freeResult() methods to check that the
parameter is a resource before calling the native
function to free the result.

- Fixed DB_result::fetch*() to only increment their
internal row_counters when a row number has not been

- Fixed quoting of float values to always have the decimal
point as a point, rather than a comma, irrespective of

- Silenced errors on ini_set calls.

- Tweaked DB::isManip() to attempt to deal with SELECT
queries that include the word INTO in a non-keyword

fbsql :

- Fix DB_result::numRows() to return the correct value for
limit queries.

ibase :

- Handled cases where ibase_prepare returns false.

ifx :

- Altered simpleQuery() to treat EXECUTE queries as being

mssql :

- Altered nextId() to use IDENT_CURRENT instead of
@@IDENTITY, thereby resolving problems with concurrent
nextId() calls.

mysqli :

- Added the mysterious 246 data type to the type map.

- Allowed the ssl option to be an integer

oci8 :

- Added tracking of prepared queries to ensure that
last_query is set properly even when there are multiple
prepared queries at a given time.

- Altered connect() to handle non-standard ports.

- Altered numRows() to properly restore last_query

pgsql :

- Added schema support to _pgFieldFlags.

- Updated pgsql escaping to use pg_escape_string when

1.7.7 : DB :

- added ability to specify port number when using unix
sockets in DB::parseDSN()

odbc(access) :

- Tweak quoteSmart() to allows MS Access to wrap dates in

dbase :

- Added DB_dbase::freeResult().

ifx :

- Added support for error codes as at Informix 10.

msql :

- Fix error mapping in PHP 5.2.

mssql :

- Use mssql_fetch_assoc() instead of mssql_fetch_array().

- Fix issues with delimited identifiers in mssql

- Added support for some of the key error codes
introduced in SQL Server 2005.

mysql :

- fixed handling of fully qualified table names in

- Added support for new error codes in MySQL 5.

mysqli :

- worked around an issue in 'len' handling of tableInfo().
There is a bug in ext/mysqli or the mysqli docs.

- Added support for new error codes in MySQL 5.

oci8 :

- Allowed old-style functions to use the database DSN
field if hostspec isn't provided.

pgsql :

- When inserting to non-existent column, produce proper
error, 'no such field', instead of 'no such table'.

- If connection is lost, raise DB_ERROR_CONNECT_FAILED
instead of the generic DB_ERROR.

- Allow FETCH queries to return results.

sqlite :

- Fix bug sqlite:///:memory: trys to open file.

- Fix error mapping in PHP 5.2.

sybase :

- Allow connecting without specifying db name.

- Fix error mapping in PHP 5.2.

storage :

- Eliminate 'Undefined index $vars' notice in store()

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :


Solution :

Update the affected php-pear-DB package.

Risk factor :

High / CVSS Base Score : 7.5

Family: Fedora Local Security Checks

Nessus Plugin ID: 27656 (fedora_2007-0249.nasl)

Bugtraq ID:

CVE ID: CVE-2006-2313

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now