From ${URL} : When a reporting a variable bind error, DBD-mysql would try to construct the error message in a fixed-size buffer on the stack, possibly leading to arbitrary code execution. It depends on the application whether untrusted data is included in the error message. -D_FORTIFY_SOURCE=2 would catch this and turn the issue into a mere crash. Upstream commit: <https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2> Upstream credits Pali Roh�r with reporting and fixing this issue. Here is what I used to validate the patch: use strict; use warnings; use DBI; my $dbh = DBI->connect("DBI:mysql:mysql:", "root", "", { PrintError => 0, RaiseError => 1}); $dbh->do('CREATE TEMPORARY TABLE t (i INTEGER NOT NULL)'); $dbh->begin_work; my $st = $dbh->prepare('INSERT INTO t VALUES (?)'); $st->bind_param(1, 'X' x 64, DBI::SQL_INTEGER); $dbh->commit; @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
This is CVE-2016-1246, more info: http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html Upstream changelog: http://cpansearch.perl.org/src/MICHIELB/DBD-mysql-4.037/Changes This is fixed in 4.37.0, which is already in the tree. Maintainers, can we stabilize that?
(In reply to Hanno Boeck from comment #1) > This is CVE-2016-1246, more info: > http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer- > overflow-in-dbdmysql-perl-library.html > > Upstream changelog: > http://cpansearch.perl.org/src/MICHIELB/DBD-mysql-4.037/Changes > > This is fixed in 4.37.0, which is already in the tree. Maintainers, can we > stabilize that? Sure. Arches please stabilize dev-perl/DBD-mysql-4.37.0 Target: all stable arches
amd64 stable
x86 stable
arm stable
Stable for HPPA.
Stable for PPC64.
Stable on alpha.
Stabilization blocked due to newer bug 600180. We will do cleanup afterwards.
This issue was resolved and addressed in GLSA 201701-51 at https://security.gentoo.org/glsa/201701-51 by GLSA coordinator Aaron Bauman (b-man).