Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 14.04 LTS USN-7417-1: Critical libdbd-mysql-perl Issues

ubuntu
Calendar Grey April 7, 2025
Dist Ubuntu Esm H88
Multiple vulnerabilities in libdbd-mysql-perl addressed by Ubuntu, covering denial of service threats and use-after-free exploits.
Several security issues were fixed in libdbd-mysql-perl.

Summary

Several security issues were fixed in libdbd-mysql-perl.

Software Description:

- libdbd-mysql-perl: Perl5 database interface to the MySQL database

Details:

It was discovered that libdbd-mysql-perl did not correctly handle certain

SQL queries. An attacker could possibly use this issue to cause a denial

of service. (CVE-2016-1249)

It was discovered that libdbd-mysql-perl did not correctly handle certain

memory operations, which could lead to a use-after-free vulnerability. A

remote attacker could possibly use this issue to cause a denial of service

or execute arbitrary code. (CVE-2016-1251, CVE-2017-10788)

It was discovered that libdbd-mysql-perl did not properly enforce SSL

connections depending on the mysql_ssl setting. A machine-in-the-middle

attacker could possibly use this issue to spoof servers. (CVE-2017-10789)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
   libdbd-mysql-perl               4.025-1ubuntu0.1+esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7417-1

  CVE-2016-1249, CVE-2016-1251, CVE-2017-10788, CVE-2017-10789

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7417-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here