Huawei EulerOS: Security Advisory for perl-DBI (EulerOS-SA-2021-1622)

The remote host is missing an update for the Huawei EulerOS 'perl-DBI' package(s) announced via the EulerOS-SA-2021-1622 advisory.

An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.(CVE-2019-20919) An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.(CVE-2014-10402) An untrusted pointer dereference flaw was found in Perl-DBI 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.(CVE-2020-14392) A buffer overflow was found in perl-DBI 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.(CVE-2020-14393)

'perl-DBI' package(s) on Huawei EulerOS Virtualization release 2.9.1.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).