Bug ID 1002626
Summary CVE-2016-1246: Buffer overflow in DBD-mysql error reporting (Perl DBI module)
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.1
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter mikhail.kasimov@gmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Reference: http://seclists.org/oss-sec/2016/q4/13

=================================================
When a reporting a variable bind error, DBD-mysql would try to
construct the error message in a fixed-size buffer on the stack,
possibly leading to arbitrary code execution.

It depends on the application whether untrusted data is included in
the error message.  -D_FORTIFY_SOURCE=2 would catch this and turn the
issue into a mere crash.

Upstream commit:

 
<https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2>

Upstream credits Pali Roh�r with reporting and fixing this issue.

Here is what I used to validate the patch:

use strict;
use warnings;

use DBI;

my $dbh = DBI->connect("DBI:mysql:mysql:",
                       "root", "",
                       { PrintError => 0, RaiseError => 1});

$dbh->do('CREATE TEMPORARY TABLE t (i INTEGER NOT NULL)');
$dbh->begin_work;
my $st = $dbh->prepare('INSERT INTO t VALUES (?)');
$st->bind_param(1, 'X' x 64, DBI::SQL_INTEGER);
$dbh->commit;
=================================================

You are receiving this mail because: