-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-f30298614a 2020-09-25 17:46:08.775727 --------------------------------------------------------------------------------
Name : perl-DBI Product : Fedora 31 Version : 1.643 Release : 3.fc31 URL : http://dbi.perl.org/ Summary : A database access API for perl Description : DBI is a database access Application Programming Interface (API) for the Perl Language. The DBI API Specification defines a set of functions, variables and conventions that provide a consistent database interface independent of the actual database being used.
-------------------------------------------------------------------------------- Update Information:
This release fixes CVE-2020-14392 (a memory corruption in XS functions when Perl stack is reallocated), CVE-2019-20919 (a NULL profile dereference in dbi_profile()), a documentation that old API functions are vulnerable to an overflow, and CVE-2020-14393 (a buffer overlfow on an overlong DBD class name). It also adds a missing dependency on FileHandle Perl module. -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 12 2020 Jitka Plesnikova jplesnik@redhat.com - 1.643-3 - Add BR: perl(FileHandle) * Mon Feb 10 2020 Petr Pisar ppisar@redhat.com - 1.643-2 - Build-require blib for tests * Wed Feb 5 2020 Jitka Plesnikova jplesnik@redhat.com - 1.643-1 - 1.643 bump * Tue Feb 4 2020 Tom Stellard tstellar@redhat.com - 1.642-6 - Spec file cleanups: Use make_build and make_install macros - https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make - https://fedoraproject.org/wiki/Perl/Tips#ExtUtils::MakeMake -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1877402 - CVE-2020-14392 perl-dbi: Memory corruption in XS functions when Perl stack is reallocated https://bugzilla.redhat.com/show_bug.cgi?id=1877402 [ 2 ] Bug #1877405 - CVE-2019-20919 perl-dbi: NULL profile dereference in dbi_profile() https://bugzilla.redhat.com/show_bug.cgi?id=1877405 [ 3 ] Bug #1877409 - CVE-2020-14393 perl-dbi: Buffer overflow on an overlong DBD class name https://bugzilla.redhat.com/show_bug.cgi?id=1877409 [ 4 ] Bug #1877421 - perl-dbi: Old API functions vulnerable to overflow https://bugzilla.redhat.com/show_bug.cgi?id=1877421 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-f30298614a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------