GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Apr 18, 2012 3:26 am Post subject: [ GLSA 201204-08 ] Perl DBD-Pg Module: Arbitrary code execut |
 |
|
Gentoo Linux Security Advisory
Title: Perl DBD-Pg Module: Arbitrary code execution (GLSA 201204-08)
Severity: normal
Exploitable: remote
Date: April 17, 2012
Bug(s): #407549
ID: 201204-08
Synopsis
Two format string vulnerabilities have been found in the Perl
DBD-Pg module, allowing a remote PostgreSQL servers to execute arbitrary
code.
Background
DBD-Pg is a PostgreSQL interface module for Perl.
Affected Packages
Package: dev-perl/DBD-Pg
Vulnerable: < 2.19.0
Unaffected: >= 2.19.0
Architectures: All supported architectures
Description
Format string vulnerabilities have been found in the the "pg_warn()" and
"dbd_st_prepare()" functions in dbdimp.c.
Impact
A remote PostgreSQL server could send specially crafted database
warnings or DBD statements, possibly resulting in execution of arbitrary
code.
Workaround
There is no known workaround at this time.
Resolution
All users of the Perl DBD-Pg module should upgrade to the latest
version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-perl/DBD-Pg-2.19.0"
|
References
CVE-2012-1151
Last edited by GLSA on Mon Jan 20, 2014 5:54 am; edited 2 times in total |
|
News & Announcements
