Sicherheit: Mehrere Probleme in libdbd-mysql-perl

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7157115893554897139==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------40V4L8BkYEHQc3rj0ynbXA0j"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------40V4L8BkYEHQc3rj0ynbXA0j
Content-Type: multipart/mixed;
boundary="------------N358tvd0vzcA3hpWTjaJJVLC";
protected-headers="v1"
From: Bruce Cable <bruce.cable@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <344ef022-ff0a-41c8-98bb-3060e0f14ea2@canonical.com>
Subject: [USN-7417-1] libdbd-mysql-perl vulnerabilities

--------------N358tvd0vzcA3hpWTjaJJVLC
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7417-1
April 07, 2025

libdbd-mysql-perl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in libdbd-mysql-perl.

Software Description:
- libdbd-mysql-perl: Perl5 database interface to the MySQL database

Details:

It was discovered that libdbd-mysql-perl did not correctly handle certain
SQL queries. An attacker could possibly use this issue to cause a denial
of service. (CVE-2016-1249)

It was discovered that libdbd-mysql-perl did not correctly handle certain
memory operations, which could lead to a use-after-free vulnerability. A
remote attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2016-1251, CVE-2017-10788)

It was discovered that libdbd-mysql-perl did not properly enforce SSL
connections depending on the mysql_ssl setting. A machine-in-the-middle
attacker could possibly use this issue to spoof servers. (CVE-2017-10789)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
libdbd-mysql-perl 4.025-1ubuntu0.1+esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7417-1
CVE-2016-1249, CVE-2016-1251, CVE-2017-10788, CVE-2017-10789

--------------N358tvd0vzcA3hpWTjaJJVLC--

--------------40V4L8BkYEHQc3rj0ynbXA0j
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmfzM/cFAwAAAAAACgkQuGrtzot7pOcd
xgwAp+0TH1PPEaTAevLs67E8kTSQKioc5fVz7THXV4kv48kTXsFb9ZPl9MBeanuMRqYGn4JPHOi9
QdmM1XG+j5436LVYA5yd/Awv6Equ8+uTWYrnbFIoPr02WsS+zZnaH1LtXwUjLyIBMDCaY9s/TlAq
ZLA0NoGEEKe05BgDVhA0CXInvWtEGq4yIi7Kpnjm3l4FUFLjO+/Gq5aJGgSgx2+rHdxf5OJ8NPIf
jzHiRqd9JUUrGVIefSsRwImHb2T4aeMTpa53CWy+25yORygs8zd3XsSl4GCr6+SpWf47TMmtLlh6
MUp8O/6Dr5JDF5IYYmSSkll1kbM6EHGbVu8WPzyrHSR24C+tcX1g7MYymYZO95orpgYEIINKqu5M
A6sLusIsAthPpB15YB9ugSpVv9kLUrhOnZgCPXhIhvRb6pu53oEAbV9MIEmZlnuMVolLJ6yzWcdd
GyO5CNG+vOCFMCCFSKX/QX9V4Wkq1ZOiV7UTlabajiq8NL0o9t7mVsSyEZCo
=Vl7Y
-----END PGP SIGNATURE-----

--------------40V4L8BkYEHQc3rj0ynbXA0j--

--===============7157115893554897139==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============7157115893554897139==--