Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0048)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0048

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0048)

Resumen: The remote host is missing an update for the 'perl-DBI' package(s) announced via the MGASA-2021-0048 advisory.

Descripción: Summary:
The remote host is missing an update for the 'perl-DBI' package(s) announced via the MGASA-2021-0048 advisory.

Vulnerability Insight:
An issue was discovered in the DBI module before 1.643 for Perl. The
hv_fetch() documentation requires checking for NULL and the code does that.
But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer
dereference. (CVE-2019-20919).

An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local
attacker who is able to manipulate calls to dbd_db_login6_sv() could cause
memory corruption, affecting the service's availability. (CVE-2020-14392).

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker
who is able to supply a string longer than 300 characters could cause an
out-of-bounds write, affecting the availability of the service or integrity
of data. (CVE-2020-14393).

Affected Software/OS:
'perl-DBI' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
3.6

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-20919
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff
https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643-...
https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
SuSE Security Announcement: openSUSE-SU-2020:1620 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00012.html
SuSE Security Announcement: openSUSE-SU-2020:1628 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00013.html
https://usn.ubuntu.com/4534-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-14392
https://bugzilla.redhat.com/show_bug.cgi?id=1877402
https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
SuSE Security Announcement: openSUSE-SU-2020:1483 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html
SuSE Security Announcement: openSUSE-SU-2020:1502 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html
https://usn.ubuntu.com/4503-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-14393
https://bugzilla.redhat.com/show_bug.cgi?id=1877409

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0048
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0048)
Resumen:	The remote host is missing an update for the 'perl-DBI' package(s) announced via the MGASA-2021-0048 advisory.
Descripción:	Summary: The remote host is missing an update for the 'perl-DBI' package(s) announced via the MGASA-2021-0048 advisory. Vulnerability Insight: An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. (CVE-2019-20919). An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. (CVE-2020-14392). A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. (CVE-2020-14393). Affected Software/OS: 'perl-DBI' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-20919 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/ https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643-... https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html SuSE Security Announcement: openSUSE-SU-2020:1620 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00012.html SuSE Security Announcement: openSUSE-SU-2020:1628 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00013.html https://usn.ubuntu.com/4534-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-14392 https://bugzilla.redhat.com/show_bug.cgi?id=1877402 https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643 SuSE Security Announcement: openSUSE-SU-2020:1483 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html SuSE Security Announcement: openSUSE-SU-2020:1502 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html https://usn.ubuntu.com/4503-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-14393 https://bugzilla.redhat.com/show_bug.cgi?id=1877409
Copyright	Copyright (C) 2022 Greenbone AG