You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa perl

Sigurnosni nedostaci programskog paketa perl

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2020-09-25 17:46:08.775727

Name : perl-DBI
Product : Fedora 31
Version : 1.643
Release : 3.fc31
Summary : A database access API for perl
Description :
DBI is a database access Application Programming Interface (API) for
the Perl Language. The DBI API Specification defines a set of
functions, variables and conventions that provide a consistent
database interface independent of the actual database being used.

Update Information:

This release fixes CVE-2020-14392 (a memory corruption in XS functions when Perl
stack is reallocated), CVE-2019-20919 (a NULL profile dereference in
dbi_profile()), a documentation that old API functions are vulnerable to an
overflow, and CVE-2020-14393 (a buffer overlfow on an overlong DBD class name).
It also adds a missing dependency on FileHandle Perl module.

* Thu Mar 12 2020 Jitka Plesnikova <> – 1.643-3
– Add BR: perl(FileHandle)
* Mon Feb 10 2020 Petr Pisar <> – 1.643-2
– Build-require blib for tests
* Wed Feb 5 2020 Jitka Plesnikova <> – 1.643-1
– 1.643 bump
* Tue Feb 4 2020 Tom Stellard <> – 1.642-6
– Spec file cleanups: Use make_build and make_install macros

[ 1 ] Bug #1877402 – CVE-2020-14392 perl-dbi: Memory corruption in XS functions when Perl stack is reallocated
[ 2 ] Bug #1877405 – CVE-2019-20919 perl-dbi: NULL profile dereference in dbi_profile()
[ 3 ] Bug #1877409 – CVE-2020-14393 perl-dbi: Buffer overflow on an overlong DBD class name
[ 4 ] Bug #1877421 – perl-dbi: Old API functions vulnerable to overflow

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-f30298614a’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorBruno Varga
Cert idNCERT-REF-2020-09-0001-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa openldap2

Otkriven je sigurnosni nedostatak u programskom paketu openldap2 za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija....