Security Information / 2016 / Security Information -- DSA-3635-1 libdbd-mysql-perl

Debian Security Advisory

DSA-3635-1 libdbd-mysql-perl -- security update

Date Reported:

29 Jul 2016

Affected Packages:

libdbd-mysql-perl

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-9906, CVE-2015-8949.

More information:

Two use-after-free vulnerabilities were discovered in DBD::mysql, a Perl DBI driver for the MySQL database server. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using DBD::mysql (application crash), or potentially to execute arbitrary code with the privileges of the user running the application.

For the stable distribution (jessie), these problems have been fixed in version 4.028-2+deb8u1.

We recommend that you upgrade your libdbd-mysql-perl packages.