Описание
Security update for perl-DBD-mysql
This update for perl-DBD-mysql fixes the following issues:
- CVE-2016-1251: A use-after-free when used with mysql_server_prepare=1 (bsc#1012546).
- CVE-2016-1246: Buffer overflow allowed context-dependent attackers to cause a denial of service (crash) via vectors related to an error message (bsc#1002626).
- CVE-2016-1249: Out-of-bounds read when using server-side prepared statement support (bsc#1010457).
Список пакетов
SUSE Linux Enterprise Server 12 SP1
perl-DBD-mysql-4.021-11.1
SUSE Linux Enterprise Server 12 SP2
perl-DBD-mysql-4.021-11.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
perl-DBD-mysql-4.021-11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
perl-DBD-mysql-4.021-11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
perl-DBD-mysql-4.021-11.1
Ссылки
- Link for SUSE-SU-2017:0123-1
- E-Mail link for SUSE-SU-2017:0123-1
- SUSE Security Ratings
- SUSE Bug 1002626
- SUSE Bug 1010457
- SUSE Bug 1012546
- SUSE CVE CVE-2016-1246 page
- SUSE CVE CVE-2016-1249 page
- SUSE CVE CVE-2016-1251 page
Описание
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1:perl-DBD-mysql-4.021-11.1
SUSE Linux Enterprise Server 12 SP2:perl-DBD-mysql-4.021-11.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-DBD-mysql-4.021-11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:perl-DBD-mysql-4.021-11.1
Ссылки
- CVE-2016-1246
- SUSE Bug 1002626
Описание
The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1:perl-DBD-mysql-4.021-11.1
SUSE Linux Enterprise Server 12 SP2:perl-DBD-mysql-4.021-11.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-DBD-mysql-4.021-11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:perl-DBD-mysql-4.021-11.1
Ссылки
- CVE-2016-1249
- SUSE Bug 1010457
Описание
There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1:perl-DBD-mysql-4.021-11.1
SUSE Linux Enterprise Server 12 SP2:perl-DBD-mysql-4.021-11.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-DBD-mysql-4.021-11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:perl-DBD-mysql-4.021-11.1
Ссылки
- CVE-2016-1251
- SUSE Bug 1012546