Candidate: CVE-2016-1251
PublicDate: 2016-11-29 20:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1251
 http://www.openwall.com/lists/oss-security/2016/11/28/2
 https://tracker.debian.org/news/819888
Description:
 There is a vulnerability of type use-after-free affecting DBD::mysql (aka
 DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and
 4.x before 4.041 when used with mysql_server_prepare=1.
Ubuntu-Description:
Notes:
 mdeslaur> only an issue with mysql_server_prepare=1, which is not the
 mdeslaur> default.
Bugs:
Priority: low
Discovered-by: Pali Rohár
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]

Patches_libdbd-mysql-perl:
 upstream: https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1 (4.041)
upstream_libdbd-mysql-perl: released (4.041-1)
precise_libdbd-mysql-perl: ignored (reached end-of-life)
precise/esm_libdbd-mysql-perl: ignored (end of ESM support, was needed)
trusty_libdbd-mysql-perl: ignored (reached end-of-life)
trusty/esm_libdbd-mysql-perl: needed
vivid/stable-phone-overlay_libdbd-mysql-perl: DNE
vivid/ubuntu-core_libdbd-mysql-perl: DNE
xenial_libdbd-mysql-perl: ignored (end of standard support, was needed)
yakkety_libdbd-mysql-perl: ignored (reached end-of-life)
zesty_libdbd-mysql-perl: not-affected (4.041-1)
artful_libdbd-mysql-perl: not-affected (4.041-2build1)
bionic_libdbd-mysql-perl: not-affected (4.041-2build1)
cosmic_libdbd-mysql-perl: not-affected (4.041-2build1)
disco_libdbd-mysql-perl: not-affected (4.041-2build1)
eoan_libdbd-mysql-perl: not-affected (4.041-2build1)
focal_libdbd-mysql-perl: not-affected (4.041-2build1)
groovy_libdbd-mysql-perl: not-affected (4.041-2build1)
hirsute_libdbd-mysql-perl: not-affected (4.041-2build1)
impish_libdbd-mysql-perl: not-affected (4.041-2build1)
jammy_libdbd-mysql-perl: not-affected (4.041-2build1)
devel_libdbd-mysql-perl: not-affected (4.041-2build1)