Security update for perl-DBI SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:2646-1 Final 1 1 2020-09-16T10:07:32Z current 2020-09-16T10:07:32Z 2020-09-16T10:07:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for perl-DBI This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/rmt-mariadb:latest-2020-2646,Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure-2020-2646,Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM-2020-2646,Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE-2020-2646,Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure-2020-2646,Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM-2020-2646,Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE-2020-2646,Image SLES15-SP4-Manager-Proxy-4-3-BYOS-2020-2646,Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure-2020-2646,Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2-2020-2646,Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE-2020-2646,Image SLES15-SP4-Manager-Server-4-3-2020-2646,Image SLES15-SP4-Manager-Server-4-3-Azure-llc-2020-2646,Image SLES15-SP4-Manager-Server-4-3-Azure-ltd-2020-2646,Image SLES15-SP4-Manager-Server-4-3-BYOS-2020-2646,Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure-2020-2646,Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2-2020-2646,Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE-2020-2646,Image SLES15-SP4-Manager-Server-4-3-EC2-llc-2020-2646,Image SLES15-SP4-Manager-Server-4-3-EC2-ltd-2020-2646,SUSE-2020-2646,SUSE-SLE-Module-Basesystem-15-SP2-2020-2646 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20202646-1/ Link for SUSE-SU-2020:2646-1 https://lists.suse.com/pipermail/sle-security-updates/2020-September/007432.html E-Mail link for SUSE-SU-2020:2646-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1176409 SUSE Bug 1176409 https://bugzilla.suse.com/1176412 SUSE Bug 1176412 https://www.suse.com/security/cve/CVE-2020-14392/ SUSE CVE CVE-2020-14392 page https://www.suse.com/security/cve/CVE-2020-14393/ SUSE CVE CVE-2020-14393 page Container suse/rmt-mariadb:latest Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE Image SLES15-SP4-Manager-Proxy-4-3-BYOS Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE Image SLES15-SP4-Manager-Server-4-3 Image SLES15-SP4-Manager-Server-4-3-Azure-llc Image SLES15-SP4-Manager-Server-4-3-Azure-ltd Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE Image SLES15-SP4-Manager-Server-4-3-EC2-llc Image SLES15-SP4-Manager-Server-4-3-EC2-ltd SUSE Linux Enterprise Module for Basesystem 15 SP2 perl-DBI-1.642-3.3.1 perl-DBI-1.642-3.3.1 as a component of Container suse/rmt-mariadb:latest perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP4-Manager-Server-4-3 perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-llc perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-ltd perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-llc perl-DBI-1.642-3.3.1 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-ltd perl-DBI-1.642-3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. CVE-2020-14392 Container suse/rmt-mariadb:latest:perl-DBI-1.642-3.3.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure:perl-DBI-1.642-3.3.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:perl-DBI-1.642-3.3.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE:perl-DBI-1.642-3.3.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:perl-DBI-1.642-3.3.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:perl-DBI-1.642-3.3.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Proxy-4-3-BYOS:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3:perl-DBI-1.642-3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:perl-DBI-1.642-3.3.1 important 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20202646-1/ https://www.suse.com/security/cve/CVE-2020-14392.html CVE-2020-14392 https://bugzilla.suse.com/1176412 SUSE Bug 1176412 A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. CVE-2020-14393 Container suse/rmt-mariadb:latest:perl-DBI-1.642-3.3.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure:perl-DBI-1.642-3.3.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:perl-DBI-1.642-3.3.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE:perl-DBI-1.642-3.3.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:perl-DBI-1.642-3.3.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:perl-DBI-1.642-3.3.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Proxy-4-3-BYOS:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:perl-DBI-1.642-3.3.1 Image SLES15-SP4-Manager-Server-4-3:perl-DBI-1.642-3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:perl-DBI-1.642-3.3.1 important 3.6 AV:L/AC:L/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20202646-1/ https://www.suse.com/security/cve/CVE-2020-14393.html CVE-2020-14393 https://bugzilla.suse.com/1176409 SUSE Bug 1176409