Advisories » MGASA-2016-0300

Updated perl-DBD-mysql packages fix security vulnerability

Publication date: 16 Sep 2016
Modification date: 08 Sep 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2014-9906 , CVE-2015-8949

Description

Two use-after-free vulnerabilities were discovered in DBD::mysql. A remote
attacker can take advantage of these flaws to cause a denial-of-service
against an application using DBD::mysql (application crash), or
potentially to execute arbitrary code with the privileges of the user
running the application(CVE-2014-9906, CVE-2015-8949).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19050
• https://www.debian.org/security/2016/dsa-3635
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9906
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8949

SRPMS

5/core

• perl-DBD-mysql-4.28.0-3.1.mga5