Several security issues were fixed in libdbd-mysql-perl.
Software Description:
- libdbd-mysql-perl: Perl5 database interface to the MySQL database
Details:
It was discovered that libdbd-mysql-perl did not correctly handle certain
SQL queries. An attacker could possibly use this issue to cause a denial
of service. (CVE-2016-1249)
It was discovered that libdbd-mysql-perl did not correctly handle certain
memory operations, which could lead to a use-after-free vulnerability. A
remote attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2016-1251, CVE-2017-10788)
It was discovered that libdbd-mysql-perl did not properly enforce SSL
connections depending on the mysql_ssl setting. A machine-in-the-middle
attacker could possibly use this issue to spoof servers. (CVE-2017-10789)
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS libdbd-mysql-perl 4.025-1ubuntu0.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7417-1
CVE-2016-1249, CVE-2016-1251, CVE-2017-10788, CVE-2017-10789
Get the latest Linux and open source security news straight to your inbox.