Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Fedora 23 perl-DBD-MySQL Update Resolves Major Bugs in Prepared Statements

fedora
Calendar Grey December 17, 2016
Dist Fedora Esm H88
Important patch for perl-DBD-MySQL in Fedora 23 tackling CVE-2016-1249 and CVE-2016-1251 security issues.
This release fixes CVE-2016-1249 (out-of-bound read when using server-side prepared statements) and CVE-2016-1251 vulnerability (a use after free when using prepared statements).

Summary

DBD::mysql is the Perl5 Database Interface driver for the MySQL database. In

other words: DBD::mysql is an interface between the Perl programming language

and the MySQL programming API that comes with the MySQL relational database

management system.

Update Information:

This release fixes CVE-2016-1249 (out-of-bound read when using server-side prepared statements) and CVE-2016-1251 vulnerability (a use after free when using prepared statements).

Change Log

References


[ 1 ] Bug #1395591 - CVE-2016-1249 perl-DBD-MySQL: Out-of-bounds read when using server-side prepared statement support https://bugzilla.redhat.com/show_bug.cgi?id=1395591 [ 2 ] Bug #1399580 - CVE-2016-1251 perl-DBD-MySQL: Use after free when using prepared statements https://bugzilla.redhat.com/show_bug.cgi?id=1399580

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade perl-DBD-MySQL' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: perl-DBD-MySQL
Product: Fedora 23
Version: 4.033
Release: 4.fc23
URL: Summary : A MySQL interface for Perl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.