MDVSA-2009:344
- Package name
- perl-DBD-Pg
- Date
- 2009-12-28
- Advisory ID
- MDVSA-2009:344
- Affected versions
- 2008.0 i586 , 2008.0 x86_64
Problem description
Multiple vulnerabilities was discovered and corrected in perl-DBD-Pg:
Heap-based buffer overflow in the DBD::Pg module for Perl might allow
context-dependent attackers to execute arbitrary code via unspecified
input to an application that uses the getline and pg_getline functions
to read database rows.
Memory leak in the dequote_bytea function in quote.c in the DBD::Pg
(aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows
context-dependent attackers to cause a denial of service (memory
consumption) by fetching data with BYTEA columns (CVE-2009-1341).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
This update provides a fix for these vulnerabilities.
Updated packages
2008.0 i586
be2421eff6d4387621d1a9c2fb0cf553 2008.0/i586/perl-DBD-Pg-1.49-2.1mdv2008.0.i586.rpm 02653121d648cd28a3f6d0da998ee210 2008.0/SRPMS/perl-DBD-Pg-1.49-2.1mdv2008.0.src.rpm
2008.0 x86_64
5f1b67d426cedecd1a16aff009282a9a 2008.0/x86_64/perl-DBD-Pg-1.49-2.1mdv2008.0.x86_64.rpm 02653121d648cd28a3f6d0da998ee210 2008.0/SRPMS/perl-DBD-Pg-1.49-2.1mdv2008.0.src.rpm