https://bugzilla.redhat.com/show_bug.cgi?id=1360279 Bug ID: 1360279 Summary: perl-DBD-MySQL: Use after free when my_login fails Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@xxxxxxxxxx Reporter: amaris@xxxxxxxxxx CC: hhorak@xxxxxxxxxx, jorton@xxxxxxxxxx, jplesnik@xxxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, perl-maint-list@xxxxxxxxxx, ppisar@xxxxxxxxxx, psabata@xxxxxxxxxx A use-after-free vulnerability in perl-DBD-MySQL was found. When my_login fails, the code tries to call mysql_errno on the mysql connection. However, my_login has already free'd that connection variable, which causes use-after-free error. Upstream bug: https://github.com/perl5-dbi/DBD-mysql/pull/45 Upstream patch: https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156 CVE request: http://seclists.org/oss-sec/2016/q3/150 -- You are receiving this mail because: You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
