Bug 9113

Summary: perl-DBD-mysql security vulnerabilities (CVE-2017-10789).
Product: [ROSA-based products] ROSA Fresh Reporter: Zombie Ryushu <zombie.ryushu>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: RESOLVED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: andrey.bondrov, denis.silakov, mc2374, pastordidi, v.potapov
Version: Plasma5Flags: v.potapov: qa_verified+
andrey.bondrov: published+
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://advisories.mageia.org/MGASA-2018-0283.html
Whiteboard:
Platform: --- ROSA Vulnerability identifier: CVE-2017-10789
RPM Package: perl-DBD-mysql ISO-related:
Bad POT generating: Upstream:

Description Zombie Ryushu 2018-06-18 15:54:18 MSK
The DBD::mysql Perl module through 4.043 for Perl allows remote attackers to
cause a denial of service (use-after-free and application crash) or possibly
have unspecified other impact by triggering certain error responses from a
MySQL server or a loss of a network connection to a MySQL server. The
use-after-free defect was introduced by relying on incorrect Oracle
mysql_stmt_close documentation and code examples (CVE-2017-10788).

The DBD::mysql Perl module, when used with mysql_ssl=1 setting enabled, means
that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which could lead
man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack
(CVE-2017-10789).
Comment 1 Dmitry Postnikov 2018-09-22 12:38:30 MSK
https://bugzilla.redhat.com/show_bug.cgi?id=1467608
Comment 2 Denis Silakov 2018-10-02 17:54:14 MSK
Advisory:
Updated perl-DBD_mysql to a new bugfix version 4.046

Build lists:
https://abf.io/build_lists/2948940
https://abf.io/build_lists/2948941
Comment 3 Dmitry Postnikov 2018-10-04 11:18:45 MSK
The update is sent to expanded testing
***************************************
Comment 4 Vladimir Potapov 2018-10-09 07:23:49 MSK
perl-DBD-mysql-4.46.0-1
https://abf.io/build_lists/2948940
https://abf.io/build_lists/2948941
************************************** Advisory **************************
Updated perl-DBD_mysql to a new bugfix version 4.046
**************************************************************************
QA Verified