USN-7417-1: libdbd-mysql-perl vulnerabilities

Packages

libdbd-mysql-perl - Perl5 database interface to the MySQL database

Details

It was discovered that libdbd-mysql-perl did not correctly handle certain
SQL queries. An attacker could possibly use this issue to cause a denial
of service. (CVE-2016-1249)

It was discovered that libdbd-mysql-perl did not correctly handle certain
memory operations, which could lead to a use-after-free vulnerability. A
remote attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2016-1251, CVE-2017-10788)

It was discovered that libdbd-mysql-perl did not properly enforce SSL
connections depending on the mysql_ssl setting. A machine-in-the-middle
attacker could possibly use this issue to spoof servers. (CVE-2017-10789)

It was discovered that libdbd-mysql-perl did not correctly handle certain
SQL queries. An attacker could possibly use this issue to cause a denial
of service. (CVE-2016-1249)

It was discovered that libdbd-mysql-perl did not correctly handle certain
memory operations, which could lead to a use-after-free vulnerability. A
remote attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2016-1251, CVE-2017-10788)

It was discovered that libdbd-mysql-perl did not properly enforce SSL
connections depending on the mysql_ssl setting. A machine-in-the-middle
attacker could possibly use this issue to spoof servers. (CVE-2017-10789)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
14.04 trusty	libdbd-mysql-perl – 4.025-1ubuntu0.1+esm1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

USN-5344-1

USN-5344-1

Packages

Details

Update instructions

Reduce your security exposure

References

Related notices