ALT-PU-2016-2306-1
Package perl-DBD-mysql updated to version 4.039-alt1 for branch sisyphus in task 172361.
Closed vulnerabilities
Published: 2017-02-17
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-1249
The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression.
Severity: MEDIUM (5.9)
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes
- http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes
- [oss-security] 20161115 CVE-2016-1249: Out-of-bounds read by DBD::mysql >= version 2.9003
- [oss-security] 20161115 CVE-2016-1249: Out-of-bounds read by DBD::mysql >= version 2.9003
- 94350
- 94350
- https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe
- https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe
- GLSA-201701-51
- GLSA-201701-51