A use-after-free vulnerability in perl-DBD-MySQL was found. When my_login fails, the code tries to call mysql_errno on the mysql connection. However, my_login has already free'd that connection variable, which causes use-after-free error. Upstream bug: https://github.com/perl5-dbi/DBD-mysql/pull/45 Upstream patch: https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156 CVE request: http://seclists.org/oss-sec/2016/q3/150
Created perl-DBD-MySQL tracking bugs for this issue: Affects: fedora-all [bug 1360280]
perl-DBD-MySQL-4.035-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
perl-DBD-MySQL-4.033-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.