Debian: DLA-2386-1 Critical: libdbi-perl DoS and Code Execution Risk
debian lts
September 28, 2020
Several vulnerabilities were discovered in the Perl5 Database Interface (DBI)
Summary
CVE-2019-20919
The hv_fetch() documentation requires checking for NULL and the
code does that. But, shortly thereafter, it calls SvOK(profile),
causing a NULL pointer dereference.
CVE-2020-14392
An untrusted pointer dereference flaw was found in Perl-DBI. A
local attacker who is able to manipulate calls to
dbd_db_login6_sv() could cause memory corruption, affecting the
service's availability.
CVE-2020-14393
A buffer overflow on via an overlong DBD class name in
dbih_setup_handle function may lead to data be written past the
intended limit.
For Debian 9 stretch, these problems have been fixed in version
1.636-1+deb9u1.
We recommend that you upgrade your libdbi-perl packages.
For the detailed security status of libdbi-perl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/libdbi-perl
Further information about Debian LTS security advisories, how to apply
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Package: libdbi-perl
Version: 1.636-1+deb9u1
CVE ID: CVE-2019-20919 CVE-2020-14392 CVE-2020-14393
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!