First published: Fri Mar 09 2012(Updated: )
Two format string flaws were found in the way perl-DBD-Pg, a Perl language PostgreSQL DBI implementation, performed: 1) turning of database notices into appropriate Perl language warning messages, 2) preparation of particular DBD statement. A rogue server could provide a specially-crafted database warning or specially-crafted DBD statement, which once processed by the perl-DBD-Pg interface would lead to perl-DBD-Pg based process crash. References: [1] <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536</a> CPAN ticket: [2] <a href="https://rt.cpan.org/Public/Bug/Display.html?id=75642">https://rt.cpan.org/Public/Bug/Display.html?id=75642</a> Patch proposed by Niko Tyni: [3] <a href="https://rt.cpan.org/Ticket/Attachment/1047954/547725/0001-Explicitly-warn-and-croak-with-controlled-format-str.patch">https://rt.cpan.org/Ticket/Attachment/1047954/547725/0001-Explicitly-warn-and-croak-with-controlled-format-str.patch</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Perl Perl | <=2.18.1 | |
Perl Perl | =0.1 | |
Perl Perl | =0.2 | |
Perl Perl | =0.3 | |
Perl Perl | =0.4 | |
Perl Perl | =0.5 | |
Perl Perl | =0.52 | |
Perl Perl | =0.61 | |
Perl Perl | =0.62 | |
Perl Perl | =0.63 | |
Perl Perl | =0.64 | |
Perl Perl | =0.65 | |
Perl Perl | =0.66 | |
Perl Perl | =0.67 | |
Perl Perl | =0.68 | |
Perl Perl | =0.69 | |
Perl Perl | =0.70 | |
Perl Perl | =0.71 | |
Perl Perl | =0.72 | |
Perl Perl | =0.73 | |
Perl Perl | =0.80 | |
Perl Perl | =0.81 | |
Perl Perl | =0.82 | |
Perl Perl | =0.83 | |
Perl Perl | =0.84 | |
Perl Perl | =0.85 | |
Perl Perl | =0.86 | |
Perl Perl | =0.87 | |
Perl Perl | =0.88 | |
Perl Perl | =0.89 | |
Perl Perl | =0.90 | |
Perl Perl | =0.91 | |
Perl Perl | =0.92 | |
Perl Perl | =0.93 | |
Perl Perl | =0.94 | |
Perl Perl | =0.95 | |
Perl Perl | =0.96 | |
Perl Perl | =0.97 | |
Perl Perl | =0.98 | |
Perl Perl | =0.99 | |
Perl Perl | =1.00 | |
Perl Perl | =1.01 | |
Perl Perl | =1.20 | |
Perl Perl | =1.21 | |
Perl Perl | =1.22 | |
Perl Perl | =1.31 | |
Perl Perl | =1.32 | |
Perl Perl | =1.40 | |
Perl Perl | =1.41 | |
Perl Perl | =1.42 | |
Perl Perl | =1.43 | |
Perl Perl | =1.44 | |
Perl Perl | =1.45 | |
Perl Perl | =1.46 | |
Perl Perl | =1.47 | |
Perl Perl | =1.48 | |
Perl Perl | =1.49 | |
Perl Perl | =2.0.0 | |
Perl Perl | =2.1.0 | |
Perl Perl | =2.1.1 | |
Perl Perl | =2.1.2 | |
Perl Perl | =2.1.3 | |
Perl Perl | =2.2.0 | |
Perl Perl | =2.2.1 | |
Perl Perl | =2.2.2 | |
Perl Perl | =2.3.0 | |
Perl Perl | =2.4.0 | |
Perl Perl | =2.5.0 | |
Perl Perl | =2.5.1 | |
Perl Perl | =2.6.0 | |
Perl Perl | =2.6.1 | |
Perl Perl | =2.6.2 | |
Perl Perl | =2.6.3 | |
Perl Perl | =2.6.4 | |
Perl Perl | =2.6.5 | |
Perl Perl | =2.6.6 | |
Perl Perl | =2.7.0 | |
Perl Perl | =2.7.1 | |
Perl Perl | =2.7.2 | |
Perl Perl | =2.8.0 | |
Perl Perl | =2.8.1 | |
Perl Perl | =2.8.2 | |
Perl Perl | =2.8.3 | |
Perl Perl | =2.8.4 | |
Perl Perl | =2.8.5 | |
Perl Perl | =2.8.6 | |
Perl Perl | =2.8.7 | |
Perl Perl | =2.8.8 | |
Perl Perl | =2.9.0 | |
Perl Perl | =2.9.1 | |
Perl Perl | =2.9.2 | |
Perl Perl | =2.10.0 | |
Perl Perl | =2.10.1 | |
Perl Perl | =2.10.2 | |
Perl Perl | =2.10.3 | |
Perl Perl | =2.10.4 | |
Perl Perl | =2.10.5 | |
Perl Perl | =2.10.6 | |
Perl Perl | =2.10.7 | |
Perl Perl | =2.11.0 | |
Perl Perl | =2.11.1 | |
Perl Perl | =2.11.2 | |
Perl Perl | =2.11.3 | |
Perl Perl | =2.11.4 | |
Perl Perl | =2.11.5 | |
Perl Perl | =2.11.6 | |
Perl Perl | =2.11.7 | |
Perl Perl | =2.11.8 | |
Perl Perl | =2.12.0 | |
Perl Perl | =2.13.0 | |
Perl Perl | =2.14.0 | |
Perl Perl | =2.14.1 | |
Perl Perl | =2.15.0 | |
Perl Perl | =2.15.1 | |
Perl Perl | =2.16.0 | |
Perl Perl | =2.16.1 | |
Perl Perl | =2.17.0 | |
Perl Perl | =2.17.1 | |
Perl Perl | =2.17.2 | |
Perl Perl | =2.18.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.