Joined: 12 May 2004
|Posted: Wed Apr 18, 2012 3:26 am Post subject: [ GLSA 201204-08 ] Perl DBD-Pg Module: Arbitrary code execut
|Gentoo Linux Security Advisory
Title: Perl DBD-Pg Module: Arbitrary code execution (GLSA 201204-08)
Date: April 17, 2012
Two format string vulnerabilities have been found in the Perl
DBD-Pg module, allowing a remote PostgreSQL servers to execute arbitrary
DBD-Pg is a PostgreSQL interface module for Perl.
Vulnerable: < 2.19.0
Unaffected: >= 2.19.0
Architectures: All supported architectures
Format string vulnerabilities have been found in the the "pg_warn()" and
"dbd_st_prepare()" functions in dbdimp.c.
A remote PostgreSQL server could send specially crafted database
warnings or DBD statements, possibly resulting in execution of arbitrary
There is no known workaround at this time.
All users of the Perl DBD-Pg module should upgrade to the latest
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-perl/DBD-Pg-2.19.0"
Last edited by GLSA on Mon Jan 20, 2014 5:54 am; edited 2 times in total