drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in DBD-mysql
Name: |
Mehrere Probleme in DBD-mysql |
|
ID: |
USN-3103-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS |
|
Datum: |
Do, 13. Oktober 2016, 17:55 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8949 |
|
Applikationen: |
DBD-mysql |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1002687921407468017== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="dBscs8k0DBOnRvofn0OtnUHGtAWBFgALO"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --dBscs8k0DBOnRvofn0OtnUHGtAWBFgALO Content-Type: multipart/mixed; boundary="rho32OJKINp78tjoGW2gaw1IE0B6lQuM0" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <7d17d53d-fdbb-f11d-7fb3-3e7f43cb2b08@canonical.com> Subject: [USN-3103-1] DBD::mysql vulnerabilities
--rho32OJKINp78tjoGW2gaw1IE0B6lQuM0 Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3103-1 October 13, 2016
libdbd-mysql-perl vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
DBD::mysql could be made to crash or run programs if it received specially crafted input.
Software Description: - libdbd-mysql-perl: Perl5 database interface to the MySQL database
Details:
It was discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9906)
Hanno Böck discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8949)
Pali Rohár discovered that DBD::mysql incorrectly handled certain user supplied data. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1246)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libdbd-mysql-perl 4.025-1ubuntu0.1
Ubuntu 12.04 LTS: libdbd-mysql-perl 4.020-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3103-1 CVE-2014-9906, CVE-2015-8949, CVE-2016-1246
Package Information: https://launchpad.net/ubuntu/+source/libdbd-mysql-perl/4.025-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libdbd-mysql-perl/4.020-1ubuntu0.1
--rho32OJKINp78tjoGW2gaw1IE0B6lQuM0--
--dBscs8k0DBOnRvofn0OtnUHGtAWBFgALO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJX/59kAAoJEGVp2FWnRL6TBDAP/jAVVZvbXn4jCzMGC7bZino7 dATxd/o/LI+mIDBz2XMn0Oz7a3CmrdYx0H9B0eHuTnWp5oy9u6pVVCR6GVqx5SrM z5whMtQwDfgaFtIMY0QAgPQEuBrZzeCdPSZKQqZfWOJr47f3nrQB39WLWC3F73QC DduaMA8vjaITiER0MkURAYYGkpVCRR8QnHTBMjmMfavFaeFKQd5ZskZFBMOOJFMX mOCggIuRHDj46lMM9VSbuv8RT6Hfw9yxF2NwgZoTA7r1nejCbGyrgqfEkrJBMlu8 MbkjcXwp4CQftIn5ZBNqVz0ugbg4WFUbRLJi+hhwrUzhOsb7g5NXDtIOL5VggJAd DTGiMMt9C369JjZLGWDX4DbmC+ai45kWvN+Rig/6xKRWK38RB0hHARMOkqahoEF1 xDMGiMAGhDrOtOvWW4ItyBmPJci03NOkOohySEyxPhiklT9a4yjqfvzrpJzKxKAH Lq/25BP4M0XAXFM+bKVYdy+7/NdzHmjIoQMszfnrDm8a9sfUA+wnDDcx6uopJOJS 648qelvUxKEBRHA77WwMivB9P5bqRL0tqSoe7x41B6vBdqjTFx/z0+APJYCBz0rP hmW3mRQU+IFRjjOb+pphwOC3sTMcHVGoMg2s47bRdT5qxSZebNGZRzN6u0qb0Axx eUXzLjVOztFMg6o/ds5l =9Vzw -----END PGP SIGNATURE-----
--dBscs8k0DBOnRvofn0OtnUHGtAWBFgALO--
--===============1002687921407468017== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1002687921407468017==--
|
|
|
|