==========================================================================
Ubuntu Security Notice USN-7417-1
April 07, 2025

libdbd-mysql-perl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in libdbd-mysql-perl.

Software Description:
- libdbd-mysql-perl: Perl5 database interface to the MySQL database

Details:

It was discovered that libdbd-mysql-perl did not correctly handle certain
SQL queries. An attacker could possibly use this issue to cause a denial
of service. (CVE-2016-1249)

It was discovered that libdbd-mysql-perl did not correctly handle certain
memory operations, which could lead to a use-after-free vulnerability. A
remote attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2016-1251, CVE-2017-10788)

It was discovered that libdbd-mysql-perl did not properly enforce SSL
connections depending on the mysql_ssl setting. A machine-in-the-middle
attacker could possibly use this issue to spoof servers. (CVE-2017-10789)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
  libdbd-mysql-perl               4.025-1ubuntu0.1+esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7417-1
  CVE-2016-1249, CVE-2016-1251, CVE-2017-10788, CVE-2017-10789