CentOS Local Security Checks : CentOS Update for perl-DBD-Pg CESA-2012:1116 centos5

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881068

Categoría: CentOS Local Security Checks

Título: CentOS Update for perl-DBD-Pg CESA-2012:1116 centos5

Resumen: The remote host is missing an update for the 'perl-DBD-Pg'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'perl-DBD-Pg'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Perl DBI is a database access Application Programming Interface (API) for
the Perl language. perl-DBD-Pg allows Perl applications to access
PostgreSQL database servers.

Two format string flaws were found in perl-DBD-Pg. A specially-crafted
database warning or error message from a server could cause an application
using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the
privileges of the user running the application. (CVE-2012-1151)

All users of perl-DBD-Pg are advised to upgrade to this updated package,
which contains a backported patch to fix these issues. Applications using
perl-DBD-Pg must be restarted for the update to take effect.

Affected Software/OS:
perl-DBD-Pg on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-1151
48307
http://secunia.com/advisories/48307
48319
http://secunia.com/advisories/48319
48824
http://secunia.com/advisories/48824
DSA-2431
http://www.debian.org/security/2012/dsa-2431
GLSA-201204-08
http://security.gentoo.org/glsa/glsa-201204-08.xml
MDVSA-2012:112
http://www.mandriva.com/security/advisories?name=MDVSA-2012:112
RHSA-2012:1116
http://rhn.redhat.com/errata/RHSA-2012-1116.html
[oss-security] 20120309 CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws
http://www.openwall.com/lists/oss-security/2012/03/09/6
[oss-security] 20120309 Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws
http://www.openwall.com/lists/oss-security/2012/03/10/4
dbdpg-dbdstprepare-format-string(73855)
https://exchange.xforce.ibmcloud.com/vulnerabilities/73855
dbdpg-pgwarn-format-string(73854)
https://exchange.xforce.ibmcloud.com/vulnerabilities/73854
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536
http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes
https://bugzilla.redhat.com/show_bug.cgi?id=801733
https://rt.cpan.org/Public/Bug/Display.html?id=75642

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881068
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for perl-DBD-Pg CESA-2012:1116 centos5
Resumen:	The remote host is missing an update for the 'perl-DBD-Pg'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'perl-DBD-Pg' package(s) announced via the referenced advisory. Vulnerability Insight: Perl DBI is a database access Application Programming Interface (API) for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-1151) All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect. Affected Software/OS: perl-DBD-Pg on CentOS 5 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1151 48307 http://secunia.com/advisories/48307 48319 http://secunia.com/advisories/48319 48824 http://secunia.com/advisories/48824 DSA-2431 http://www.debian.org/security/2012/dsa-2431 GLSA-201204-08 http://security.gentoo.org/glsa/glsa-201204-08.xml MDVSA-2012:112 http://www.mandriva.com/security/advisories?name=MDVSA-2012:112 RHSA-2012:1116 http://rhn.redhat.com/errata/RHSA-2012-1116.html [oss-security] 20120309 CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws http://www.openwall.com/lists/oss-security/2012/03/09/6 [oss-security] 20120309 Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws http://www.openwall.com/lists/oss-security/2012/03/10/4 dbdpg-dbdstprepare-format-string(73855) https://exchange.xforce.ibmcloud.com/vulnerabilities/73855 dbdpg-pgwarn-format-string(73854) https://exchange.xforce.ibmcloud.com/vulnerabilities/73854 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536 http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes https://bugzilla.redhat.com/show_bug.cgi?id=801733 https://rt.cpan.org/Public/Bug/Display.html?id=75642
Copyright	Copyright (C) 2012 Greenbone AG