An update for perl-DBI is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1641 Final 1.0 1.0 2022-05-11 Initial 2022-05-11 2022-05-11 openEuler SA Tool V1.0 2022-05-11 perl-DBI security update An update for perl-DBI is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. The DBI is the standard database interface module for Perl.It defines a set of methods, variables and conventions that providea consistent database interface independent of the actual database being used.It is important to remember that the DBI is just an interface.The DBI is a layer of "glue" between an application and one or more database driver modules.It is the driver modules which do most of the real work. The DBI provides a standard interface and framework for the drivers to operate within. Security Fix(es): An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.(CVE-2014-10402) An update for perl-DBI is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium perl-DBI https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1641 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2014-10402 https://nvd.nist.gov/vuln/detail/CVE-2014-10402 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS perl-DBI-1.643-2.oe1.aarch64.rpm perl-DBI-debuginfo-1.643-2.oe1.aarch64.rpm perl-DBI-debugsource-1.643-2.oe1.aarch64.rpm perl-DBI-1.643-2.oe1.aarch64.rpm perl-DBI-debuginfo-1.643-2.oe1.aarch64.rpm perl-DBI-debugsource-1.643-2.oe1.aarch64.rpm perl-DBI-1.643-3.oe2203.aarch64.rpm perl-DBI-debuginfo-1.643-3.oe2203.aarch64.rpm perl-DBI-debugsource-1.643-3.oe2203.aarch64.rpm perl-DBI-1.643-2.oe1.src.rpm perl-DBI-1.643-2.oe1.src.rpm perl-DBI-1.643-3.oe2203.src.rpm perl-DBI-help-1.643-2.oe1.noarch.rpm perl-DBI-help-1.643-2.oe1.noarch.rpm perl-DBI-help-1.643-3.oe2203.noarch.rpm perl-DBI-1.643-2.oe1.x86_64.rpm perl-DBI-debuginfo-1.643-2.oe1.x86_64.rpm perl-DBI-debugsource-1.643-2.oe1.x86_64.rpm perl-DBI-1.643-2.oe1.x86_64.rpm perl-DBI-debuginfo-1.643-2.oe1.x86_64.rpm perl-DBI-debugsource-1.643-2.oe1.x86_64.rpm perl-DBI-1.643-3.oe2203.x86_64.rpm perl-DBI-debuginfo-1.643-3.oe2203.x86_64.rpm perl-DBI-debugsource-1.643-3.oe2203.x86_64.rpm An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. 2022-05-11 CVE-2014-10402 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Medium 6.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L perl-DBI security update 2022-05-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1641