Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2018-0283)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2018.0283

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2018-0283)

Zusammenfassung: The remote host is missing an update for the 'perl-DBD-mysql' package(s) announced via the MGASA-2018-0283 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'perl-DBD-mysql' package(s) announced via the MGASA-2018-0283 advisory.

Vulnerability Insight:
Updated perl-DBD-mysql package fixes security vulnerabilities:

The DBD::mysql Perl module through 4.043 for Perl allows remote attackers to
cause a denial of service (use-after-free and application crash) or possibly
have unspecified other impact by triggering certain error responses from a
MySQL server or a loss of a network connection to a MySQL server. The
use-after-free defect was introduced by relying on incorrect Oracle
mysql_stmt_close documentation and code examples (CVE-2017-10788).

The DBD::mysql Perl module, when used with mysql_ssl=1 setting enabled, means
that SSL is optional (even though this setting's documentation has a 'your communication with the server will be encrypted' statement), which could lead
man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack
(CVE-2017-10789).

Affected Software/OS:
'perl-DBD-mysql' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-10788
BugTraq ID: 99374
http://www.securityfocus.com/bid/99374
http://seclists.org/oss-sec/2017/q2/443
https://github.com/perl5-dbi/DBD-mysql/issues/120
Common Vulnerability Exposure (CVE) ID: CVE-2017-10789
BugTraq ID: 99364
http://www.securityfocus.com/bid/99364
https://github.com/perl5-dbi/DBD-mysql/issues/110
https://github.com/perl5-dbi/DBD-mysql/issues/140
https://github.com/perl5-dbi/DBD-mysql/pull/114

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2018.0283
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2018-0283)
Zusammenfassung:	The remote host is missing an update for the 'perl-DBD-mysql' package(s) announced via the MGASA-2018-0283 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'perl-DBD-mysql' package(s) announced via the MGASA-2018-0283 advisory. Vulnerability Insight: Updated perl-DBD-mysql package fixes security vulnerabilities: The DBD::mysql Perl module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering certain error responses from a MySQL server or a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples (CVE-2017-10788). The DBD::mysql Perl module, when used with mysql_ssl=1 setting enabled, means that SSL is optional (even though this setting's documentation has a 'your communication with the server will be encrypted' statement), which could lead man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack (CVE-2017-10789). Affected Software/OS: 'perl-DBD-mysql' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-10788 BugTraq ID: 99374 http://www.securityfocus.com/bid/99374 http://seclists.org/oss-sec/2017/q2/443 https://github.com/perl5-dbi/DBD-mysql/issues/120 Common Vulnerability Exposure (CVE) ID: CVE-2017-10789 BugTraq ID: 99364 http://www.securityfocus.com/bid/99364 https://github.com/perl5-dbi/DBD-mysql/issues/110 https://github.com/perl5-dbi/DBD-mysql/issues/140 https://github.com/perl5-dbi/DBD-mysql/pull/114
Copyright	Copyright (C) 2022 Greenbone AG