https://bugzilla.redhat.com/show_bug.cgi?id=1360279
Bug ID: 1360279 Summary: perl-DBD-MySQL: Use after free when my_login fails Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: amaris@redhat.com CC: hhorak@redhat.com, jorton@redhat.com, jplesnik@redhat.com, perl-devel@lists.fedoraproject.org, perl-maint-list@redhat.com, ppisar@redhat.com, psabata@redhat.com
A use-after-free vulnerability in perl-DBD-MySQL was found. When my_login fails, the code tries to call mysql_errno on the mysql connection. However, my_login has already free'd that connection variable, which causes use-after-free error.
Upstream bug:
https://github.com/perl5-dbi/DBD-mysql/pull/45
Upstream patch:
https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc...
CVE request:
http://seclists.org/oss-sec/2016/q3/150
https://bugzilla.redhat.com/show_bug.cgi?id=1360279
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1360280
--- Comment #1 from Adam Mariš amaris@redhat.com ---
Created perl-DBD-MySQL tracking bugs for this issue:
Affects: fedora-all [bug 1360280]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1360280 [Bug 1360280] perl-DBD-MySQL: Use after free when my_login fails [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1360279
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1360282
https://bugzilla.redhat.com/show_bug.cgi?id=1360279
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|perl-DBD-MySQL: Use after |CVE-2015-8949 |free when my_login fails |perl-DBD-MySQL: Use after | |free when my_login fails Alias| |CVE-2015-8949
https://bugzilla.redhat.com/show_bug.cgi?id=1360279
Dhiru Kholia dkholia@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dkholia@redhat.com Whiteboard|impact=moderate,public=2015 |impact=low,public=20151114, |1114,reported=20160725,sour |reported=20160725,source=os |ce=oss-security,cvss2=5.1/A |s-security,cvss2=2.6/AV:N/A |V:N/AC:H/Au:N/C:P/I:P/A:P,c |C:H/Au:N/C:P/I:N/A:N,cvss3= |vss3=7.4/CVSS:3.0/AV:L/AC:H |3.7/CVSS:3.0/AV:N/AC:H/PR:N |/PR:N/UI:N/S:U/C:H/I:H/A:H, |/UI:N/S:U/C:L/I:N/A:N,cwe=C |cwe=CWE-416,rhel-5/perl-DBD |WE-416,rhel-5/perl-DBD-MySQ |-MySQL=new,rhel-6/perl-DBD- |L=new,rhel-6/perl-DBD-MySQL |MySQL=new,rhel-7/perl-DBD-M |=new,rhel-7/perl-DBD-MySQL= |ySQL=new,rhscl-2/perl516-pe |new,rhscl-2/perl516-perl-DB |rl-DBD-MySQL=new,rhscl-2/rh |D-MySQL=new,rhscl-2/rh-perl |-perl520-perl-DBD-MySQL=new |520-perl-DBD-MySQL=new,fedo |,fedora-all/perl-DBD-MySQL= |ra-all/perl-DBD-MySQL=affec |affected |ted
https://bugzilla.redhat.com/show_bug.cgi?id=1360279
Dhiru Kholia dkholia@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20151114, |impact=low,public=20151114, |reported=20160725,source=os |reported=20160725,source=os |s-security,cvss2=2.6/AV:N/A |s-security,cvss2=2.6/AV:N/A |C:H/Au:N/C:P/I:N/A:N,cvss3= |C:H/Au:N/C:P/I:N/A:N,cvss3= |3.7/CVSS:3.0/AV:N/AC:H/PR:N |3.7/CVSS:3.0/AV:N/AC:H/PR:N |/UI:N/S:U/C:L/I:N/A:N,cwe=C |/UI:N/S:U/C:L/I:N/A:N,cwe=C |WE-416,rhel-5/perl-DBD-MySQ |WE-416,rhel-5/perl-DBD-MySQ |L=new,rhel-6/perl-DBD-MySQL |L=notaffected,rhel-6/perl-D |=new,rhel-7/perl-DBD-MySQL= |BD-MySQL=notaffected,rhel-7 |new,rhscl-2/perl516-perl-DB |/perl-DBD-MySQL=notaffected |D-MySQL=new,rhscl-2/rh-perl |,rhscl-2/perl516-perl-DBD-M |520-perl-DBD-MySQL=new,fedo |ySQL=notaffected,rhscl-2/rh |ra-all/perl-DBD-MySQL=affec |-perl520-perl-DBD-MySQL=won |ted |tfix,fedora-all/perl-DBD-My | |SQL=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1360279
Dhiru Kholia dkholia@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX Last Closed| |2016-08-02 05:07:14
https://bugzilla.redhat.com/show_bug.cgi?id=1360279
--- Comment #4 from Fedora Update System updates@fedoraproject.org --- perl-DBD-MySQL-4.035-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1360279 Bug 1360279 depends on bug 1360280, which changed state.
Bug 1360280 Summary: perl-DBD-MySQL: Use after free when my_login fails [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1360280
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1360279
--- Comment #5 from Fedora Update System updates@fedoraproject.org --- perl-DBD-MySQL-4.033-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
perl-devel@lists.fedoraproject.org