Bug 1360279 (CVE-2015-8949)

Summary: CVE-2015-8949 perl-DBD-MySQL: Use after free when my_login fails
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: dkholia, hhorak, jorton, jplesnik, perl-devel, perl-maint-list, ppisar, psabata, sardella, slawomir
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: perl-DBD-MySQL 4.0.34 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-08-02 09:07:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1360280    
Bug Blocks: 1360282    

Description Adam Mariš 2016-07-26 11:55:50 UTC 
A use-after-free vulnerability in perl-DBD-MySQL was found. When my_login fails, the code tries to call mysql_errno on the mysql connection. However, my_login has already free'd that connection variable, which causes use-after-free error.

Upstream bug:

https://github.com/perl5-dbi/DBD-mysql/pull/45

Upstream patch:

https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156

CVE request:

http://seclists.org/oss-sec/2016/q3/150
Comment 1 Adam Mariš 2016-07-26 11:56:20 UTC 
Created perl-DBD-MySQL tracking bugs for this issue:

Affects: fedora-all [bug 1360280]
Comment 4 Fedora Update System 2016-08-04 20:53:46 UTC 
perl-DBD-MySQL-4.035-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2016-08-12 01:24:02 UTC 
perl-DBD-MySQL-4.033-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.