Release date:
Updated on: 2012-03-12
Affected Systems:
Perl DBD: Pg 2.x
Description:
--------------------------------------------------------------------------------
Perl is a high-level, general, literal, and dynamic programming language.
Perl DBD: The Pg module has two implementation vulnerabilities that can be exploited by malicious users to control applications.
1) when processing database notifications, "pg_warn ()" function (dbdimp. c) contains a format string error.
2) when preparing the DBD statement, the "dbd_st_prepare ()" function (dbdimp. c) contains a format string error.
<* Source: Dominic Hargreaves
Link: http://secunia.com/advisories/48319/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Perl
----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.perl.com