Package name
perl-DBD-Pg
Date
2009-12-28
Advisory ID
MDVSA-2009:344
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

Multiple vulnerabilities was discovered and corrected in perl-DBD-Pg:

Heap-based buffer overflow in the DBD::Pg module for Perl might allow
context-dependent attackers to execute arbitrary code via unspecified
input to an application that uses the getline and pg_getline functions
to read database rows.

Memory leak in the dequote_bytea function in quote.c in the DBD::Pg
(aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows
context-dependent attackers to cause a denial of service (memory
consumption) by fetching data with BYTEA columns (CVE-2009-1341).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

This update provides a fix for these vulnerabilities.

Updated packages

2008.0 i586

 be2421eff6d4387621d1a9c2fb0cf553  2008.0/i586/perl-DBD-Pg-1.49-2.1mdv2008.0.i586.rpm 
 02653121d648cd28a3f6d0da998ee210  2008.0/SRPMS/perl-DBD-Pg-1.49-2.1mdv2008.0.src.rpm

2008.0 x86_64

 5f1b67d426cedecd1a16aff009282a9a  2008.0/x86_64/perl-DBD-Pg-1.49-2.1mdv2008.0.x86_64.rpm 
 02653121d648cd28a3f6d0da998ee210  2008.0/SRPMS/perl-DBD-Pg-1.49-2.1mdv2008.0.src.rpm

References