Gentoo Security Advisory GLSA 200712-05 (PEAR-MDB2) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200712-05.

Solution

All PEAR::MDB2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-php/PEAR-MDB2-2.5.0_alpha1' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200712-05 http://bugs.gentoo.org/show_bug.cgi?id=198446

Insight

A vulnerability when handling database input in PEAR::MDB2 allows remote attackers to obtain sensitive information.

Severity

Classification

CVE CVE-2007-5934

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200404-20 (xine)
Gentoo Security Advisory GLSA 200501-16 (Konqueror, kde, kdelibs)
Gentoo Security Advisory GLSA 200412-23 (zwiki)
Gentoo Security Advisory GLSA 200408-24 (Kernel)
Gentoo Security Advisory GLSA 200403-10 (fetchmail)

Take action and discover your vulnerabilities