Описание
Security update for perl-DBI
This update for perl-DBI fixes the following issues:
- CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764).
- CVE-2013-7490: Fixed memory corruption when using many arguments to methods for CallbacksUsing (bsc#1176496).
- CVE-2013-7491: Fixed a stack corruption when a user-defined function required a non-trivial amount of memory (bsc#1176493).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
perl-DBI-1.607-3.6.1
SUSE Linux Enterprise Server 11 SP4-LTSS
perl-DBI-1.607-3.6.1
Ссылки
- Link for SUSE-SU-2020:14510-1
- E-Mail link for SUSE-SU-2020:14510-1
- SUSE Security Ratings
- SUSE Bug 1176493
- SUSE Bug 1176496
- SUSE Bug 1176764
- SUSE CVE CVE-2013-7490 page
- SUSE CVE CVE-2013-7491 page
- SUSE CVE CVE-2019-20919 page
Описание
An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:perl-DBI-1.607-3.6.1
SUSE Linux Enterprise Server 11 SP4-LTSS:perl-DBI-1.607-3.6.1
Ссылки
- CVE-2013-7490
- SUSE Bug 1176496
Описание
An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:perl-DBI-1.607-3.6.1
SUSE Linux Enterprise Server 11 SP4-LTSS:perl-DBI-1.607-3.6.1
Ссылки
- CVE-2013-7491
- SUSE Bug 1176493
Описание
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:perl-DBI-1.607-3.6.1
SUSE Linux Enterprise Server 11 SP4-LTSS:perl-DBI-1.607-3.6.1
Ссылки
- CVE-2019-20919
- SUSE Bug 1176764