Gentoo: 201204-08 Normal: Perl DBD-Pg Arbitrary Code Execution
gentoo
April 17, 2012
Two format string vulnerabilities have been found in the Perl DBD-Pg module, allowing a remote PostgreSQL servers to execute arbitrary code.
Summary
Format string vulnerabilities have been found in the the "pg_warn()" and "dbd_st_prepare()" functions in dbdimp.c.
Resolution
All users of the Perl DBD-Pg module should upgrade to the latest
version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-perl/DBD-Pg-2.19.0"
References
[ 1 ] CVE-2012-1151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1151
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website: https://security.gentoo.org/glsa/201204-08
style>.gentoo_availability{display:block;}
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
PREVIOUS 
NEXT Severity: Normal
Title: Perl DBD-Pg Module: Arbitrary code execution
Date: April 17, 2012
Bugs: #407549
ID: 201204-08
Background
DBD-Pg is a PostgreSQL interface module for Perl.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-perl/DBD-Pg < 2.19.0 >= 2.19.0
Impact
=====
A remote PostgreSQL server could send specially crafted database
warnings or DBD statements, possibly resulting in execution of
arbitrary code.
Workaround
There is no known workaround at this time.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!