991207 – (CVE-2014-9906) VUL-1: CVE-2014-9906: perl-DBD-mysql: use after free in mysql_dr_error

Bug 991207 (CVE-2014-9906) - VUL-1: CVE-2014-9906: perl-DBD-mysql: use after free in mysql_dr_error

Summary: VUL-1: CVE-2014-9906: perl-DBD-mysql: use after free in mysql_dr_error

Status:	RESOLVED INVALID

Alias:	CVE-2014-9906

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Deadline:	2016-08-12
Assignee:	Forgotten User l5HDYKT_qR
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/171406/
Whiteboard:	maint:running:62917:moderate CVSSv2:S...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-07-29 08:47 UTC by Andreas Stieger
Modified:	2016-08-31 16:22 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2016-07-29 08:47:19 UTC

http://seclists.org/oss-sec/2016/q3/169

Use-after-free in mysql_dr_error, fixed in 4.029.
https://rt.cpan.org/Public/Bug/Display.html?id=97625

https://github.com/perl5-dbi/DBD-mysql/pull/27
https://github.com/perl5-dbi/DBD-mysql/pull/27/commits/fc64cd80411b236778857fac9e417c948bd4452f
https://github.com/perl5-dbi/DBD-mysql/pull/27/commits/49e7f106e6ebdd59c262fa1775f323b901f8b3cd
https://github.com/perl5-dbi/DBD-mysql/pull/27/commits/df58d6047d7fd83f36ecff173a7857d79ac42d07

merged:
https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1361073
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9906
http://seclists.org/oss-sec/2016/q3/169
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9906.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9906

Comment 1 Swamp Workflow Management 2016-07-29 09:12:11 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2016-08-12.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62917

Comment 2 Swamp Workflow Management 2016-07-29 22:00:26 UTC

bugbot adjusting priority

Comment 3 Forgotten User l5HDYKT_qR 2016-08-10 14:48:21 UTC

See https://bugzilla.suse.com/show_bug.cgi?id=991212#c3