Security Advisories (8)
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.
- https://metacpan.org/changes/distribution/DBI
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
- https://bugzilla.redhat.com/show_bug.cgi?id=1877402
- https://bugzilla.redhat.com/show_bug.cgi?id=1877402
- https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html
- https://usn.ubuntu.com/4503-1/
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
- https://metacpan.org/changes/distribution/DBI
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20919
- https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff
- https://bugzilla.redhat.com/show_bug.cgi?id=1877405
- https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/US6VXPKVAYHOKNFSAFLM3FWNYZSJKQHS/
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KJN7E27GD6QQ2CRGEJ3TNW2DJFXA2AKN/
- https://ubuntu.com/security/notices/USN-4534-1
DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.
- https://rt.cpan.org/Public/Bug/Display.html?id=99508
- https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014
- https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a
- https://usn.ubuntu.com/4509-1/
- https://metacpan.org/release/HMBRAND/DBI-1.643_01/view/Changes
An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.
An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.
NAME
DBI::Const::GetInfo::ANSI - ISO/IEC SQL/CLI Constants for GetInfo
SYNOPSIS
The API for this module is private and subject to change.DESCRIPTION
Information requested by GetInfo().
See: A.1 C header file SQLCLI.H, Page 316, 317.
The API for this module is private and subject to change.
REFERENCES
ISO/IEC FCD 9075-3:200x Information technology - Database Languages -
SQL - Part 3: Call-Level Interface (SQL/CLI)
SC32 N00744 = WG3:VIE-005 = H2-2002-007
Date: 2002-01-15%ReturnTypes
See: Codes and data types for implementation information (Table 28), Page 85, 86.
Mapped to ODBC datatype names.
%ReturnValues
See: A.1 C header file SQLCLI.H, Page 317, 318.
TODO
Corrections, e.g.:
SQL_TRANSACTION_ISOLATION_OPTION vs. SQL_TRANSACTION_ISOLATIONModule Install Instructions
To install DBI, copy and paste the appropriate command in to your terminal.
cpanm DBIperl -MCPAN -e shell
install DBIFor more information on module installation, please visit the detailed CPAN module installation guide.