[SECURITY] [DSA 3635-1] libdbd-mysql-perl security update

2016-07-2918:16:28

lists.debian.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Debian Security Advisory DSA-3635-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
July 29, 2016 https://www.debian.org/security/faq

Package : libdbd-mysql-perl
CVE ID : CVE-2014-9906 CVE-2015-8949

Two use-after-free vulnerabilities were discovered in DBD::mysql, a Perl
DBI driver for the MySQL database server. A remote attacker can take
advantage of these flaws to cause a denial-of-service against an
application using DBD::mysql (application crash), or potentially to
execute arbitrary code with the privileges of the user running the
application.

For the stable distribution (jessie), these problems have been fixed in
version 4.028-2+deb8u1.

We recommend that you upgrade your libdbd-mysql-perl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8mipsellibdbd-mysql-perl< 4.028-2+deb8u1libdbd-mysql-perl_4.028-2+deb8u1_mipsel.deb
Debian8arm64libdbd-mysql-perl< 4.028-2+deb8u1libdbd-mysql-perl_4.028-2+deb8u1_arm64.deb
Debian8kfreebsd-amd64libdbd-mysql-perl< 4.028-2+deb8u1libdbd-mysql-perl_4.028-2+deb8u1_kfreebsd-amd64.deb
Debian8mipslibdbd-mysql-perl< 4.028-2+deb8u1libdbd-mysql-perl_4.028-2+deb8u1_mips.deb
Debian8i386libdbd-mysql-perl< 4.028-2+deb8u1libdbd-mysql-perl_4.028-2+deb8u1_i386.deb
Debian7alllibdbd-mysql-perl< 4.021-1+deb7u1libdbd-mysql-perl_4.021-1+deb7u1_all.deb
Debian8powerpclibdbd-mysql-perl< 4.028-2+deb8u1libdbd-mysql-perl_4.028-2+deb8u1_powerpc.deb
Debian7i386libdbd-mysql-perl< 4.021-1+deb7u1libdbd-mysql-perl_4.021-1+deb7u1_i386.deb
Debian8ppc64ellibdbd-mysql-perl< 4.028-2+deb8u1libdbd-mysql-perl_4.028-2+deb8u1_ppc64el.deb
Debian8s390xlibdbd-mysql-perl< 4.028-2+deb8u1libdbd-mysql-perl_4.028-2+deb8u1_s390x.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	mipsel	libdbd-mysql-perl	< 4.028-2+deb8u1	libdbd-mysql-perl_4.028-2+deb8u1_mipsel.deb
Debian	8	arm64	libdbd-mysql-perl	< 4.028-2+deb8u1	libdbd-mysql-perl_4.028-2+deb8u1_arm64.deb
Debian	8	kfreebsd-amd64	libdbd-mysql-perl	< 4.028-2+deb8u1	libdbd-mysql-perl_4.028-2+deb8u1_kfreebsd-amd64.deb
Debian	8	mips	libdbd-mysql-perl	< 4.028-2+deb8u1	libdbd-mysql-perl_4.028-2+deb8u1_mips.deb
Debian	8	i386	libdbd-mysql-perl	< 4.028-2+deb8u1	libdbd-mysql-perl_4.028-2+deb8u1_i386.deb
Debian	7	all	libdbd-mysql-perl	< 4.021-1+deb7u1	libdbd-mysql-perl_4.021-1+deb7u1_all.deb
Debian	8	powerpc	libdbd-mysql-perl	< 4.028-2+deb8u1	libdbd-mysql-perl_4.028-2+deb8u1_powerpc.deb
Debian	7	i386	libdbd-mysql-perl	< 4.021-1+deb7u1	libdbd-mysql-perl_4.021-1+deb7u1_i386.deb
Debian	8	ppc64el	libdbd-mysql-perl	< 4.028-2+deb8u1	libdbd-mysql-perl_4.028-2+deb8u1_ppc64el.deb
Debian	8	s390x	libdbd-mysql-perl	< 4.028-2+deb8u1	libdbd-mysql-perl_4.028-2+deb8u1_s390x.deb