Ubuntu has released critical security updates for two software packages: Libdbd-MySQL-Perl and Kamailio, as detailed in Ubuntu Security Notices USN-7417-1 and USN-7416-1, both dated April 7, 2025.
Libdbd-MySQL-Perl Vulnerabilities (USN-7417-1)
This update addresses vulnerabilities in Libdbd-MySQL-Perl, a Perl database interface for MySQL, affecting Ubuntu 14.04 LTS. The vulnerabilities include:
- CVE-2016-1249: Poor handling of SQL queries leading to potential denial of service.
- CVE-2016-1251, CVE-2017-10788: Use-after-free vulnerabilities that could allow attackers to execute arbitrary code or cause denial of service.
- CVE-2017-10789: Improper SSL connection handling, which could enable a man-in-the-middle attack.
To fix these issues, users should update to libdbd-mysql-perl version 4.025-1ubuntu0.1+esm1, available via Ubuntu Pro.
Kamailio Vulnerabilities (USN-7416-1)
The Kamailio updates address several vulnerabilities in this SIP server software, affecting Ubuntu 16.04 LTS, 18.04 LTS, and 20.04 LTS. The vulnerabilities include:
- CVE-2016-2385: Buffer overflow issues affecting only Ubuntu 16.04, potentially leading to denial of service or arbitrary code execution.
- CVE-2018-14767: Problems with duplicated headers in Ubuntu 16.04 and 18.04, which could also lead to denial of service or arbitrary code execution.
- CVE-2020-28361: Improper handling of whitespace in headers affecting Ubuntu 18.04 and 20.04, allowing authenticated attackers to access unauthorized resources.
Users can resolve these vulnerabilities by updating Kamailio to the following versions:
- 5.3.2-1ubuntu0.1~esm2 for Ubuntu 20.04 LTS,
- 5.1.2-1ubuntu2+esm2 for Ubuntu 18.04 LTS,
- 4.3.4-1.1ubuntu2.1+esm2 for Ubuntu 16.04 LTS.
After updating, a restart of the Kamailio service is required.
For both packages, the recommended action is to perform a standard system update, which will apply all necessary changes and ensure system security.
Conclusion
Regular updates are crucial for maintaining security in Ubuntu systems. Users are encouraged to stay vigilant and apply security patches promptly to mitigate risks associated with these vulnerabilities. For further information, users can refer to the official Ubuntu security notices linked above
Libdbd-MySQL-Perl Vulnerabilities (USN-7417-1)
This update addresses vulnerabilities in Libdbd-MySQL-Perl, a Perl database interface for MySQL, affecting Ubuntu 14.04 LTS. The vulnerabilities include:
- CVE-2016-1249: Poor handling of SQL queries leading to potential denial of service.
- CVE-2016-1251, CVE-2017-10788: Use-after-free vulnerabilities that could allow attackers to execute arbitrary code or cause denial of service.
- CVE-2017-10789: Improper SSL connection handling, which could enable a man-in-the-middle attack.
To fix these issues, users should update to libdbd-mysql-perl version 4.025-1ubuntu0.1+esm1, available via Ubuntu Pro.
Kamailio Vulnerabilities (USN-7416-1)
The Kamailio updates address several vulnerabilities in this SIP server software, affecting Ubuntu 16.04 LTS, 18.04 LTS, and 20.04 LTS. The vulnerabilities include:
- CVE-2016-2385: Buffer overflow issues affecting only Ubuntu 16.04, potentially leading to denial of service or arbitrary code execution.
- CVE-2018-14767: Problems with duplicated headers in Ubuntu 16.04 and 18.04, which could also lead to denial of service or arbitrary code execution.
- CVE-2020-28361: Improper handling of whitespace in headers affecting Ubuntu 18.04 and 20.04, allowing authenticated attackers to access unauthorized resources.
Users can resolve these vulnerabilities by updating Kamailio to the following versions:
- 5.3.2-1ubuntu0.1~esm2 for Ubuntu 20.04 LTS,
- 5.1.2-1ubuntu2+esm2 for Ubuntu 18.04 LTS,
- 4.3.4-1.1ubuntu2.1+esm2 for Ubuntu 16.04 LTS.
After updating, a restart of the Kamailio service is required.
For both packages, the recommended action is to perform a standard system update, which will apply all necessary changes and ensure system security.
Conclusion
Regular updates are crucial for maintaining security in Ubuntu systems. Users are encouraged to stay vigilant and apply security patches promptly to mitigate risks associated with these vulnerabilities. For further information, users can refer to the official Ubuntu security notices linked above
Libdbd-MySQL-Perl and Kamailio updates for Ubuntu
Ubuntu Linux has received updates addressing security vulnerabilities in Libdbd-MySQL-Perl and Kamailio:
[USN-7417-1] libdbd-mysql-perl vulnerabilities
[USN-7416-1] Kamailio vulnerabilitiesLibdbd-MySQL-Perl and Kamailio updates for Ubuntu @ Linux Compatible
