Sunday, April 6, 2025

[USN-7417-1] libdbd-mysql-perl vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmfzM/cFAwAAAAAACgkQuGrtzot7pOcd
xgwAp+0TH1PPEaTAevLs67E8kTSQKioc5fVz7THXV4kv48kTXsFb9ZPl9MBeanuMRqYGn4JPHOi9
QdmM1XG+j5436LVYA5yd/Awv6Equ8+uTWYrnbFIoPr02WsS+zZnaH1LtXwUjLyIBMDCaY9s/TlAq
ZLA0NoGEEKe05BgDVhA0CXInvWtEGq4yIi7Kpnjm3l4FUFLjO+/Gq5aJGgSgx2+rHdxf5OJ8NPIf
jzHiRqd9JUUrGVIefSsRwImHb2T4aeMTpa53CWy+25yORygs8zd3XsSl4GCr6+SpWf47TMmtLlh6
MUp8O/6Dr5JDF5IYYmSSkll1kbM6EHGbVu8WPzyrHSR24C+tcX1g7MYymYZO95orpgYEIINKqu5M
A6sLusIsAthPpB15YB9ugSpVv9kLUrhOnZgCPXhIhvRb6pu53oEAbV9MIEmZlnuMVolLJ6yzWcdd
GyO5CNG+vOCFMCCFSKX/QX9V4Wkq1ZOiV7UTlabajiq8NL0o9t7mVsSyEZCo
=Vl7Y
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7417-1
April 07, 2025

libdbd-mysql-perl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in libdbd-mysql-perl.

Software Description:
- libdbd-mysql-perl: Perl5 database interface to the MySQL database

Details:

It was discovered that libdbd-mysql-perl did not correctly handle certain
SQL queries. An attacker could possibly use this issue to cause a denial
of service. (CVE-2016-1249)

It was discovered that libdbd-mysql-perl did not correctly handle certain
memory operations, which could lead to a use-after-free vulnerability. A
remote attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2016-1251, CVE-2017-10788)

It was discovered that libdbd-mysql-perl did not properly enforce SSL
connections depending on the mysql_ssl setting. A machine-in-the-middle
attacker could possibly use this issue to spoof servers. (CVE-2017-10789)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
  libdbd-mysql-perl               4.025-1ubuntu0.1+esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7417-1
  CVE-2016-1249, CVE-2016-1251, CVE-2017-10788, CVE-2017-10789

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)