4:41 a.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1399580
Bug ID: 1399580
Summary: CVE-2016-1251 perl-DBD-MySQL: Use after free when
using prepared statements
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: hhorak(a)redhat.com, jorton(a)redhat.com,
jplesnik(a)redhat.com,
perl-devel(a)lists.fedoraproject.org,
perl-maint-list(a)redhat.com, ppisar(a)redhat.com,
psabata(a)redhat.com
A use after free vulnerability when using prepared statements was found in
DBD::mysql. Function dbd_st_fetch() via Renew() can reallocate output buffer
for mysql_stmt_fetch() call, but it does not update pointer to that buffer in
imp_sth->stmt structure initialized by mysql_stmt_bind_result() function, which
leads to use after free in any mysql function which access imp_sth->stmt
structure.
This vulnerability is present in all releases at least back to versions 3.0 of
the driver, which were released in 2005.
Upstream patch:
https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d0...
References:
http://seclists.org/oss-sec/2016/q4/536
--
You are receiving this mail because:
You are on the CC list for the bug.
4:41 a.m.
New subject: [Bug 1399580] CVE-2016-1251 perl-DBD-MySQL:
Use after free when using prepared statements
https://bugzilla.redhat.com/show_bug.cgi?id=1399580
Adam Mariš <amaris(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1399581
--- Comment #1 from Adam Mariš <amaris(a)redhat.com> ---
Created perl-DBD-MySQL tracking bugs for this issue:
Affects: fedora-all [bug 1399581]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1399581
[Bug 1399581] CVE-2016-1251 perl-DBD-MySQL: Use after free when using
prepared statements [fedora-all]
--
You are receiving this mail because:
You are on the CC list for the bug.
4:42 a.m.
New subject: [Bug 1399580] CVE-2016-1251 perl-DBD-MySQL:
Use after free when using prepared statements
https://bugzilla.redhat.com/show_bug.cgi?id=1399580
Adam Mariš <amaris(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1399583
--
You are receiving this mail because:
You are on the CC list for the bug.
6:26 p.m.
New subject: [Bug 1399580] CVE-2016-1251 perl-DBD-MySQL:
Use after free when using prepared statements
https://bugzilla.redhat.com/show_bug.cgi?id=1399580
Bug 1399580 depends on bug 1399581, which changed state.
Bug 1399581 Summary: CVE-2016-1251 perl-DBD-MySQL: Use after free when using prepared
statements [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1399581
What |Removed |Added
----------------------------------------------------------------------------
Status|ON_QA |CLOSED
Resolution|--- |ERRATA
--
You are receiving this mail because:
You are on the CC list for the bug.
10:51 p.m.
New subject: [Bug 1399580] CVE-2016-1251 perl-DBD-MySQL:
Use after free when using prepared statements
https://bugzilla.redhat.com/show_bug.cgi?id=1399580
Dhiru Kholia <dkholia(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016
|1118,reported=20161128,sour |1118,reported=20161128,sour
|ce=oss-security,cvss2=5.1/A |ce=oss-security,cvss2=5.1/A
|V:N/AC:H/Au:N/C:P/I:P/A:P,c |V:N/AC:H/Au:N/C:P/I:P/A:P,c
|vss3=7.5/CVSS:3.0/AV:N/AC:H |vss3=7.5/CVSS:3.0/AV:N/AC:H
|/PR:N/UI:R/S:U/C:H/I:H/A:H, |/PR:N/UI:R/S:U/C:H/I:H/A:H,
|cwe=CWE-416,rhel-5/perl-DBD |cwe=CWE-416,rhel-5/perl-DBD
|-MySQL=new,rhel-6/perl-DBD- |-MySQL=wontfix,rhel-6/perl-
|MySQL=new,rhel-7/perl-DBD-M |DBD-MySQL=wontfix,rhel-7/pe
|ySQL=new,rhscl-2/rh-perl520 |rl-DBD-MySQL=wontfix,rhscl-
|-perl-DBD-MySQL=new,rhscl-2 |2/rh-perl520-perl-DBD-MySQL
|/rh-perl524-perl-DBD-MySQL= |=wontfix,rhscl-2/rh-perl524
|new,fedora-all/perl-DBD-MyS |-perl-DBD-MySQL=affected,fe
|QL=affected |dora-all/perl-DBD-MySQL=aff
| |ected
--
You are receiving this mail because:
You are on the CC list for the bug.
11:46 p.m.
New subject: [Bug 1399580] CVE-2016-1251 perl-DBD-MySQL:
Use after free when using prepared statements
https://bugzilla.redhat.com/show_bug.cgi?id=1399580
Dhiru Kholia <dkholia(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1405899
--
You are receiving this mail because:
You are on the CC list for the bug.
4:46 a.m.
New subject: [Bug 1399580] CVE-2016-1251 perl-DBD-MySQL:
Use after free when using prepared statements
https://bugzilla.redhat.com/show_bug.cgi?id=1399580
Dhiru Kholia <dkholia(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dkholia(a)redhat.com
--
You are receiving this mail because:
You are on the CC list for the bug.
11:04 p.m.
New subject: [Bug 1399580] CVE-2016-1251 perl-DBD-MySQL:
Use after free when using prepared statements
https://bugzilla.redhat.com/show_bug.cgi?id=1399580
--- Comment #7 from Dhiru Kholia <dkholia(a)redhat.com> ---
Mitigation:
This problem is only exposed when the user uses server-side prepared statement
support (mysql_server_prepare=1), which is NOT default behavior and was turned
off back for all drivers per MySQL AB decision in 2006 due to issues with
server-side prepared statements in the server.
Use the default driver setting which uses emulated prepared statements.
--
You are receiving this mail because:
You are on the CC list for the bug.
2:59 a.m.
New subject: [Bug 1399580] CVE-2016-1251 perl-DBD-MySQL:
Use after free when using prepared statements
https://bugzilla.redhat.com/show_bug.cgi?id=1399580
Yasuhiro Ozone <yozone(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |yozone(a)redhat.com
--
You are receiving this mail because:
You are on the CC list for the bug.
4:13 a.m.
New subject: [Bug 1399580] CVE-2016-1251 perl-DBD-MySQL:
Use after free when using prepared statements
https://bugzilla.redhat.com/show_bug.cgi?id=1399580
Dhiru Kholia <dkholia(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016
|1118,reported=20161128,sour |1118,reported=20161128,sour
|ce=oss-security,cvss2=5.1/A |ce=oss-security,cvss2=5.1/A
|V:N/AC:H/Au:N/C:P/I:P/A:P,c |V:N/AC:H/Au:N/C:P/I:P/A:P,c
|vss3=7.5/CVSS:3.0/AV:N/AC:H |vss3=7.5/CVSS:3.0/AV:N/AC:H
|/PR:N/UI:R/S:U/C:H/I:H/A:H, |/PR:N/UI:R/S:U/C:H/I:H/A:H,
|cwe=CWE-416,rhel-5/perl-DBD |cwe=CWE-416,rhel-5/perl-DBD
|-MySQL=wontfix,rhel-6/perl- |-MySQL=wontfix,rhel-6/perl-
|DBD-MySQL=wontfix,rhel-7/pe |DBD-MySQL=wontfix,rhel-7/pe
|rl-DBD-MySQL=wontfix,rhscl- |rl-DBD-MySQL=wontfix,rhscl-
|2/rh-perl520-perl-DBD-MySQL |2/rh-perl520-perl-DBD-MySQL
|=wontfix,rhscl-2/rh-perl524 |=wontfix,rhscl-2/rh-perl524
|-perl-DBD-MySQL=affected,fe |-perl-DBD-MySQL=wontfix,fed
|dora-all/perl-DBD-MySQL=aff |ora-all/perl-DBD-MySQL=affe
|ected |cted
--
You are receiving this mail because:
You are on the CC list for the bug.
2642
days inactive
2705
days old
perl-devel@lists.fedoraproject.org
9 comments
1 participants
participants (1)
-
Red Hat Bugzilla