You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa perl

Sigurnosni nedostaci programskog paketa perl

——————————————————————————–
Fedora Update Notification
FEDORA-2020-f30298614a
2020-09-25 17:46:08.775727
——————————————————————————–

Name : perl-DBI
Product : Fedora 31
Version : 1.643
Release : 3.fc31
URL : http://dbi.perl.org/
Summary : A database access API for perl
Description :
DBI is a database access Application Programming Interface (API) for
the Perl Language. The DBI API Specification defines a set of
functions, variables and conventions that provide a consistent
database interface independent of the actual database being used.

——————————————————————————–
Update Information:

This release fixes CVE-2020-14392 (a memory corruption in XS functions when Perl
stack is reallocated), CVE-2019-20919 (a NULL profile dereference in
dbi_profile()), a documentation that old API functions are vulnerable to an
overflow, and CVE-2020-14393 (a buffer overlfow on an overlong DBD class name).
It also adds a missing dependency on FileHandle Perl module.
——————————————————————————–
ChangeLog:

* Thu Mar 12 2020 Jitka Plesnikova <jplesnik@redhat.com> – 1.643-3
– Add BR: perl(FileHandle)
* Mon Feb 10 2020 Petr Pisar <ppisar@redhat.com> – 1.643-2
– Build-require blib for tests
* Wed Feb 5 2020 Jitka Plesnikova <jplesnik@redhat.com> – 1.643-1
– 1.643 bump
* Tue Feb 4 2020 Tom Stellard <tstellar@redhat.com> – 1.642-6
– Spec file cleanups: Use make_build and make_install macros
– https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make
– https://fedoraproject.org/wiki/Perl/Tips#ExtUtils::MakeMake
——————————————————————————–
References:

[ 1 ] Bug #1877402 – CVE-2020-14392 perl-dbi: Memory corruption in XS functions when Perl stack is reallocated
https://bugzilla.redhat.com/show_bug.cgi?id=1877402
[ 2 ] Bug #1877405 – CVE-2019-20919 perl-dbi: NULL profile dereference in dbi_profile()
https://bugzilla.redhat.com/show_bug.cgi?id=1877405
[ 3 ] Bug #1877409 – CVE-2020-14393 perl-dbi: Buffer overflow on an overlong DBD class name
https://bugzilla.redhat.com/show_bug.cgi?id=1877409
[ 4 ] Bug #1877421 – perl-dbi: Old API functions vulnerable to overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1877421
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-f30298614a’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa openldap2

Otkriven je sigurnosni nedostatak u programskom paketu openldap2 za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija....

Close