Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2018-0283)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2018.0283

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2018-0283)

Resumen: The remote host is missing an update for the 'perl-DBD-mysql' package(s) announced via the MGASA-2018-0283 advisory.

Descripción: Summary:
The remote host is missing an update for the 'perl-DBD-mysql' package(s) announced via the MGASA-2018-0283 advisory.

Vulnerability Insight:
Updated perl-DBD-mysql package fixes security vulnerabilities:

The DBD::mysql Perl module through 4.043 for Perl allows remote attackers to
cause a denial of service (use-after-free and application crash) or possibly
have unspecified other impact by triggering certain error responses from a
MySQL server or a loss of a network connection to a MySQL server. The
use-after-free defect was introduced by relying on incorrect Oracle
mysql_stmt_close documentation and code examples (CVE-2017-10788).

The DBD::mysql Perl module, when used with mysql_ssl=1 setting enabled, means
that SSL is optional (even though this setting's documentation has a 'your communication with the server will be encrypted' statement), which could lead
man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack
(CVE-2017-10789).

Affected Software/OS:
'perl-DBD-mysql' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-10788
BugTraq ID: 99374
http://www.securityfocus.com/bid/99374
http://seclists.org/oss-sec/2017/q2/443
https://github.com/perl5-dbi/DBD-mysql/issues/120
Common Vulnerability Exposure (CVE) ID: CVE-2017-10789
BugTraq ID: 99364
http://www.securityfocus.com/bid/99364
https://github.com/perl5-dbi/DBD-mysql/issues/110
https://github.com/perl5-dbi/DBD-mysql/issues/140
https://github.com/perl5-dbi/DBD-mysql/pull/114

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0283
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0283)
Resumen:	The remote host is missing an update for the 'perl-DBD-mysql' package(s) announced via the MGASA-2018-0283 advisory.
Descripción:	Summary: The remote host is missing an update for the 'perl-DBD-mysql' package(s) announced via the MGASA-2018-0283 advisory. Vulnerability Insight: Updated perl-DBD-mysql package fixes security vulnerabilities: The DBD::mysql Perl module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering certain error responses from a MySQL server or a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples (CVE-2017-10788). The DBD::mysql Perl module, when used with mysql_ssl=1 setting enabled, means that SSL is optional (even though this setting's documentation has a 'your communication with the server will be encrypted' statement), which could lead man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack (CVE-2017-10789). Affected Software/OS: 'perl-DBD-mysql' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-10788 BugTraq ID: 99374 http://www.securityfocus.com/bid/99374 http://seclists.org/oss-sec/2017/q2/443 https://github.com/perl5-dbi/DBD-mysql/issues/120 Common Vulnerability Exposure (CVE) ID: CVE-2017-10789 BugTraq ID: 99364 http://www.securityfocus.com/bid/99364 https://github.com/perl5-dbi/DBD-mysql/issues/110 https://github.com/perl5-dbi/DBD-mysql/issues/140 https://github.com/perl5-dbi/DBD-mysql/pull/114
Copyright	Copyright (C) 2022 Greenbone AG