DBD::mysql: Multiple vulnerabilities — GLSA 201701-51

Multiple vulnerabilities have been found in DBD::mysql, the worst of which might allow an attacker to execute arbitrary code.

Affected packages

dev-perl/DBD-mysql on all architectures
Affected versions < 4.41.0
Unaffected versions >= 4.41.0

Background

MySQL driver for the Perl5 Database Interface (DBI)

Description

Multiple vulnerabilities have been discovered in DBD::mysql. Please review the CVE identifiers referenced below for details.

Impact

An attacker could cause a Denial of Service condition, execute arbitrary code, or have other unspecified impacts.

Workaround

There is no known workaround at this time.

Resolution

All DBD::mysql users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-perl/DBD-mysql-4.41.0"
 

References

Release date
January 23, 2017

Latest revision
January 23, 2017: 2

Severity
normal

Exploitable
local, remote

Bugzilla entries