Debian Security Advisory
DSA-3635-1 libdbd-mysql-perl -- security update
- Date Reported:
- 29 Jul 2016
- Affected Packages:
- libdbd-mysql-perl
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-9906, CVE-2015-8949.
- More information:
-
Two use-after-free vulnerabilities were discovered in DBD::mysql, a Perl DBI driver for the MySQL database server. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using DBD::mysql (application crash), or potentially to execute arbitrary code with the privileges of the user running the application.
For the stable distribution (jessie), these problems have been fixed in version 4.028-2+deb8u1.
We recommend that you upgrade your libdbd-mysql-perl packages.