Explore top 10 tips to secure your open-source projects now. Read More
×ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. . MGASA-2025-0179 - Updated php-adodb packages fix security vulnerability Publication date: 08 Jun 2025 URL: https://advisories.mageia.org/MGASA-2025-0179.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-46337 ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. This issue has been patched in version 5.22.9 - CVE-2025-46337. References: - https://bugs.mageia.org/show_bug.cgi?id=34339 - https://ubuntu.com/security/notices/USN-7530-1 - https://github.com/ADOdb/ADOdb/releases/tag/v5.22.9 - https://www.cve.org/CVERecord?id=CVE-2025-46337 SRPMS: - 9/core/php-adodb-5.22.9-1.mga9 . Caution notice for Mageia addressing a php-adodb vulnerability that permits SQL injection. It is suggested to upgrade to version 5.22.9 for best protection.. php adodb security, Mageia advisory, database vulnerability, SQL injection fix, security patch. . LinuxSecurity.com Team
Vulnerabilities was discovered in MariaDB, a SQL database server compatible with MySQL. CVE-2025-30693 . From: Otto Kekäläinen To:
ADOdb could be made to crash or run programs if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-7530-1 May 29, 2025 libphp-adodb vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 Summary: ADOdb could be made to crash or run programs if it received specially crafted input. Software Description: - libphp-adodb: PHP database abstraction layer library Details: It was discovered that ADOdb incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libphp-adodb 5.22.8-0.1ubuntu0.1 Ubuntu 24.10 libphp-adodb 5.22.7-0.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7530-1 CVE-2025-46337 Package Information: https://launchpad.net/ubuntu/+source/libphp-adodb/5.22.8-0.1ubuntu0.1 https://launchpad.net/ubuntu/+source/libphp-adodb/5.22.7-0.1ubuntu0.1 . Enhance your Ubuntu installations to address ADOdb vulnerabilities concerning SQL input processing.. ADOdb, SQL Injection, Ubuntu Security, System Update, Code Execution. . LinuxSecurity.com Team
PostgreSQL could be made to execute arbitrary code if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-7315-1 March 03, 2025 postgresql-12, postgresql-14, postgresql-16 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: PostgreSQL could be made to execute arbitrary code if it received specially crafted input. Software Description: - postgresql-16: Object-relational SQL database - postgresql-14: Object-relational SQL database - postgresql-12: Object-relational SQL database Details: Stephen Fewer discovered that PostgreSQL incorrectly handled quoting syntax in certain scenarios. A remote attacker could possibly use this issue to perform SQL injection attacks. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 postgresql-16 16.8-0ubuntu0.24.10.1 postgresql-client-16 16.8-0ubuntu0.24.10.1 Ubuntu 24.04 LTS postgresql-16 16.8-0ubuntu0.24.04.1 postgresql-client-16 16.8-0ubuntu0.24.04.1 Ubuntu 22.04 LTS postgresql-14 14.17-0ubuntu0.22.04.1 postgresql-client-14 14.17-0ubuntu0.22.04.1 Ubuntu 20.04 LTS postgresql-12 12.22-0ubuntu0.20.04.2 postgresql-client-12 12.22-0ubuntu0.20.04.2 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7315-1 CVE-2025-1094 Package Information: https://launchpad.net/ubuntu/+source/postgresql-16/16.8-0ubuntu0.24.10.1 https://launchpad.net/ubuntu/+source/postgresql-16/16.8-0ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/postgresql-14/14.17-0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/postgresql-12/12.22-0ubuntu0.20.04.2 . Ubuntu USN-7316-1 highlights security patches for PostgreSQL aimed at mitigating remote SQL injection vulnerabilities and unauthorized execution of code.. postgresql security, ubuntu update, attack prevention, sql injection threat. . Severity: Critical. LinuxSecurity.com Team
A security issue was discovered in the PostgreSQL database system. Under certain usage patterns, improper neutralization of quoting syntax could make it possible for an input provider to achieve SQL injection. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4052-1
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for python-mysql-connector-python ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0351-1 Rating: important References: #1231740 Cross-References: CVE-2024-21272 Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-mysql-connector-python fixes the following issues: - Update to 9.1.0 (boo#1231740, CVE-2024-21272) - WL#16452: Bundle all installable authentication plugins when building the C-extension - WL#16444: Drop build support for DEB packages - WL#16442: Upgrade gssapi version to 1.8.3 - WL#16411: Improve wheel metadata information for Classic and XDevAPI connectors - WL#16341: OpenID Connect (Oauth2 - JWT) Authentication Support - WL#16307: Remove Python 3.8 support - WL#16306: Add support for Python 3.13 - BUG#37055435: Connection fails during the TLS negotiation when specifying TLSv1.3 ciphers - BUG#37013057: mysql-connector-python Parameterized query SQL injection - BUG#36765200: python mysql connector 8.3.0 raise %-.100s:%u when input a wrong host - BUG#36577957: Update charset/collation description indicate this is 16 bits - 9.0.0: - WL#16350: Update dnspython version - WL#16318: Deprecate Cursors Prepared Raw and Named Tuple - WL#16284: Update the Python Protobuf version - WL#16283: Remove OpenTelemetry Bundled Installation - BUG#36664998: Packets out of order error is raised while changing user in aio - BUG#36611371: Update dnspython required versions to allow latest 2.6.1 - BUG#36570707: Collation set on connect using C-Extension is ignored - BUG#36476195: Incorrectescaping in pure Python mode if sql_mode includes NO_BACKSLASH_ESCAPES - BUG#36289767: MySQLCursorBufferedRaw does not skip conversion - 8.4.0 - WL#16203: GPL License Exception Update - WL#16173: Update allowed cipher and cipher-suite lists - WL#16164: Implement support for new vector data type - WL#16127: Remove the FIDO authentication mechanism - WL#16053: Support GSSAPI/Kerberos authentication on Windows using authentication_ldap_sasl_client plug-in for C-extension - BUG#36227964: Improve OpenTelemetry span coverage - BUG#36167880: Massive memory leak mysqlx native Protobuf adding to collection - 8.3.0 - WL#16015: Remove use of removed COM_ commands - WL#15985: Support GSSAPI/Kerberos authentication on Windows using authentication_ldap_sasl_client plug-in for Pure Python - WL#15983: Stop using mysql_ssl_set api - WL#15982: Remove use of mysql_shutdown - WL#15950: Support query parameters for prepared statements - WL#15942: Improve type hints and standardize byte type handling - WL#15836: Split mysql and mysqlx into different packages - WL#15523: Support Python DB API asynchronous execution - BUG#35912790: Binary strings are converted when using prepared statements - BUG#35832148: Fix Django timezone.utc deprecation warning - BUG#35710145: Bad MySQLCursor.statement and result when query text contains code comments - BUG#21390859: STATEMENTS GET OUT OF SYNCH WITH RESULT SETS Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-351=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): python3-mysql-connector-python-9.1.0-bp155.3.3.1 References: https://www.suse.com/security/cve/CVE-2024-21272.html https://bugzilla.suse.com/1231740 . A significant patch has been released for python-mysql-connector-python due to a serious security vulnerability.. openSUSE python-mysql-connector-python security issue. . Severity: Important. LinuxSecurity.com Team
Cacti, a web interface for graphing of monitoring systems, was vulnerable. CVE-2022-41444 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3884-1
An update that fixes four vulnerabilities is now available. . openSUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0272-1 Rating: important References: #1228629 #1228630 #1228631 #1228632 Cross-References: CVE-2024-41989 CVE-2024-41990 CVE-2024-41991 CVE-2024-42005 CVSS scores: CVE-2024-41989 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-41989 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-41990 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-41990 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-41991 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-41991 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-42005 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2024-42005 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for python-Django fixes the following issues: * CVE-2024-42005: Fixed potential SQL injection in QuerySet.values() and values_list() (boo#1228629) * CVE-2024-41989: Fixed memory exhaustion in django.utils.numberformat.floatformat() (boo#1228630) * CVE-2024-41990: Fixed potential denial-of-service vulnerability in django.utils.html.urlize() (boo#1228631) * CVE-2024-41991: Fixed potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget (boo#1228632) Patch Instructions: To install this openSUSE Security Update use the SUSE recommendedinstallation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-272=1 Package List: References: https://www.suse.com/security/cve/CVE-2024-41989.html https://www.suse.com/security/cve/CVE-2024-41990.html https://www.suse.com/security/cve/CVE-2024-41991.html https://www.suse.com/security/cve/CVE-2024-42005.html https://bugzilla.suse.com/1228629 https://bugzilla.suse.com/1228630 https://bugzilla.suse.com/1228631 https://bugzilla.suse.com/1228632 . The latest update for openSUSE's python-Django addresses various security vulnerabilities, reinforcing system security with crucial patches.. openSUSE Django Security Update, Python Security Patch, Backports SLE-15-SP5, SQL Injection Fix. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.