{"id":"MGASA-2018-0283","summary":"Updated perl-DBD-mysql packages fix security vulnerabilities","details":"Updated perl-DBD-mysql package fixes security vulnerabilities:\n\nThe DBD::mysql Perl module through 4.043 for Perl allows remote attackers to\ncause a denial of service (use-after-free and application crash) or possibly\nhave unspecified other impact by triggering certain error responses from a\nMySQL server or a loss of a network connection to a MySQL server. The\nuse-after-free defect was introduced by relying on incorrect Oracle\nmysql_stmt_close documentation and code examples (CVE-2017-10788).\n\nThe DBD::mysql Perl module, when used with mysql_ssl=1 setting enabled, means\nthat SSL is optional (even though this setting's documentation has a \"your communication with the server will be encrypted\" statement), which could lead\nman-in-the-middle attackers to spoof servers via a cleartext-downgrade attack\n(CVE-2017-10789).\n","modified":"2026-01-30T22:22:50.062027Z","published":"2018-06-14T18:14:36Z","related":["CVE-2017-10788","CVE-2017-10789"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0283.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23154"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-updates/2018-05/msg00138.html"}],"affected":[{"package":{"name":"perl-DBD-mysql","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/perl-DBD-mysql?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.46.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0283.json"}},{"package":{"name":"perl-DBD-mysql","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/perl-DBD-mysql?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.46.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0283.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}