Skip to navigation

Security Advisory Moderate: perl-DBD-Pg security update

Advisory: RHSA-2012:1116-1
Type: Security Advisory
Severity: Moderate
Issued on: 2012-07-25
Last updated on: 2012-07-25
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.3.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2012-1151

Details

An updated perl-DBD-Pg package that fixes two security issues is now
available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Perl DBI is a database access Application Programming Interface (API) for
the Perl language. perl-DBD-Pg allows Perl applications to access
PostgreSQL database servers.

Two format string flaws were found in perl-DBD-Pg. A specially-crafted
database warning or error message from a server could cause an application
using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the
privileges of the user running the application. (CVE-2012-1151)

All users of perl-DBD-Pg are advised to upgrade to this updated package,
which contains a backported patch to fix these issues. Applications using
perl-DBD-Pg must be restarted for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
perl-DBD-Pg-1.49-4.el5_8.src.rpm     MD5: b5ab0ab79cb834bfe047a1400c074310
SHA-256: 73a99993e294bdbb5dd58aea78471de04bbee1806d785f192e71bd0a3c22f9bd
 
IA-32:
perl-DBD-Pg-1.49-4.el5_8.i386.rpm     MD5: 62c08568c712b2fa70e7bd5b599a9431
SHA-256: e4488709dafe5604daea5f31e349229d5c4aea74827150ae8222968a79dfaac6
perl-DBD-Pg-debuginfo-1.49-4.el5_8.i386.rpm     MD5: aa78510978c9d2597c55d9a90fd01f36
SHA-256: 1d1b44948fe84cb0e8c4f34625efc42253a406cd0785145b60e833a78a872a04
 
IA-64:
perl-DBD-Pg-1.49-4.el5_8.ia64.rpm     MD5: d610c0407ebbce8edf4ccd61d9fb9197
SHA-256: 1ff58c777cf21c64c52414a914fa3108ee8449c9afd42d9629d8b75932610080
perl-DBD-Pg-debuginfo-1.49-4.el5_8.ia64.rpm     MD5: d1176eb2cfeff2a9e6bf6167fe3ac5a8
SHA-256: 8dec64df7903e1e10f7f6eccb0b458d8e00fccda3bf8442a746f58ce8ea22dc6
 
PPC:
perl-DBD-Pg-1.49-4.el5_8.ppc.rpm     MD5: 73c128715034e83b940d7780114c714e
SHA-256: fe3c9f597dfe291e5329d9aa264765e28d2c04e6bc6b205905c5d06013fda5e7
perl-DBD-Pg-debuginfo-1.49-4.el5_8.ppc.rpm     MD5: 6f25617c8984da0261464b713220bd62
SHA-256: b721f29abb23a0f638fd9d0d544b770a2c6f606215613d162ba6028c2b1d6bc5
 
s390x:
perl-DBD-Pg-1.49-4.el5_8.s390x.rpm     MD5: 0beb7aedb19babd16421d3cb216adbba
SHA-256: 54d51693823437d90e87ad3aa75f1fb40d33ce1cd07e83f3a171f8550b76bef7
perl-DBD-Pg-debuginfo-1.49-4.el5_8.s390x.rpm     MD5: 89b9282c9473c2c8da4ee5f34394e429
SHA-256: 53e301e2fec67188e00a88be56274cc48920893e56e4f95c079c7cfbb315267f
 
x86_64:
perl-DBD-Pg-1.49-4.el5_8.x86_64.rpm     MD5: cfca9b3547f611fe61bd3dde1e8c8b2f
SHA-256: 06554b550c1d9b605c274d16b2dccdb17f594bed6f0465f4f5f737974a466e49
perl-DBD-Pg-debuginfo-1.49-4.el5_8.x86_64.rpm     MD5: bbe4d93e3415a6491b4e8efcccdfc9aa
SHA-256: 96ffac4c645b429b3844addf90e4930479b882abe7c152931e34790592a0af2f
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
perl-DBD-Pg-1.49-4.el5_8.src.rpm     MD5: b5ab0ab79cb834bfe047a1400c074310
SHA-256: 73a99993e294bdbb5dd58aea78471de04bbee1806d785f192e71bd0a3c22f9bd
 
IA-32:
perl-DBD-Pg-1.49-4.el5_8.i386.rpm     MD5: 62c08568c712b2fa70e7bd5b599a9431
SHA-256: e4488709dafe5604daea5f31e349229d5c4aea74827150ae8222968a79dfaac6
perl-DBD-Pg-debuginfo-1.49-4.el5_8.i386.rpm     MD5: aa78510978c9d2597c55d9a90fd01f36
SHA-256: 1d1b44948fe84cb0e8c4f34625efc42253a406cd0785145b60e833a78a872a04
 
x86_64:
perl-DBD-Pg-1.49-4.el5_8.x86_64.rpm     MD5: cfca9b3547f611fe61bd3dde1e8c8b2f
SHA-256: 06554b550c1d9b605c274d16b2dccdb17f594bed6f0465f4f5f737974a466e49
perl-DBD-Pg-debuginfo-1.49-4.el5_8.x86_64.rpm     MD5: bbe4d93e3415a6491b4e8efcccdfc9aa
SHA-256: 96ffac4c645b429b3844addf90e4930479b882abe7c152931e34790592a0af2f
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
perl-DBD-Pg-2.15.1-4.el6_3.src.rpm     MD5: cc64a52d7b6cb42b58a7939533a1f89c
SHA-256: c6bd4db836ef5c4ce23167c96ced1ea857cf8ebf4a9f52592a822a75dccc51ec
 
x86_64:
perl-DBD-Pg-2.15.1-4.el6_3.x86_64.rpm     MD5: 0cfc9e8390eddd12ed1e815d1357f711
SHA-256: f6a2fe2ca54a825dadd61038ba9e21d50a7277790a4fca1149b8be8bd0ed157b
perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.x86_64.rpm     MD5: a68f366c1c91d1fd581041f37c504576
SHA-256: d6604492955b8ce7c8eeba2b15a4cd8a11fca3e86cc55425eda21627b2a81764
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
perl-DBD-Pg-2.15.1-4.el6_3.src.rpm     MD5: cc64a52d7b6cb42b58a7939533a1f89c
SHA-256: c6bd4db836ef5c4ce23167c96ced1ea857cf8ebf4a9f52592a822a75dccc51ec
 
IA-32:
perl-DBD-Pg-2.15.1-4.el6_3.i686.rpm     MD5: d02318fbf4c5377657d43d8308118da4
SHA-256: c960a8918a3715f33d6fd6af63e0d17dee35762882d286fc52bd537b132ce7b9
perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.i686.rpm     MD5: 7f5538919485cf75dcb7300f7238b607
SHA-256: 4c64c338e621bb06733c480b35634ea686ce287b15b5943469136e896a1aed80
 
PPC:
perl-DBD-Pg-2.15.1-4.el6_3.ppc64.rpm     MD5: 000af445b1bbfe4b603002a7d13d8a57
SHA-256: c4005c471b56d587aa4597ea5656cfd609b6f3591a4f01035a6522014d6e76fd
perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.ppc64.rpm     MD5: 3d4cd077a397cc13aaac8d7e09bd27a7
SHA-256: d21aa1f9037efd8fef865b1c11c55f7545880a57fae2ca55297c9067c260fd45
 
s390x:
perl-DBD-Pg-2.15.1-4.el6_3.s390x.rpm     MD5: 2a57a0b3981451412a658eb0f1f703af
SHA-256: bad325cfa7e0b1d889ed2a129e54303dc653de0415865429a5c7168a5ce44a73
perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.s390x.rpm     MD5: b79633eacf99b4d7ab05ea52469ea954
SHA-256: cf1a5e836dca035fcbb21878f74797c312af321f7ed4e0a2c44f6606685ef5ad
 
x86_64:
perl-DBD-Pg-2.15.1-4.el6_3.x86_64.rpm     MD5: 0cfc9e8390eddd12ed1e815d1357f711
SHA-256: f6a2fe2ca54a825dadd61038ba9e21d50a7277790a4fca1149b8be8bd0ed157b
perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.x86_64.rpm     MD5: a68f366c1c91d1fd581041f37c504576
SHA-256: d6604492955b8ce7c8eeba2b15a4cd8a11fca3e86cc55425eda21627b2a81764
 
Red Hat Enterprise Linux Server EUS (v. 6.3.z)

SRPMS:
perl-DBD-Pg-2.15.1-4.el6_3.src.rpm     MD5: cc64a52d7b6cb42b58a7939533a1f89c
SHA-256: c6bd4db836ef5c4ce23167c96ced1ea857cf8ebf4a9f52592a822a75dccc51ec
 
IA-32:
perl-DBD-Pg-2.15.1-4.el6_3.i686.rpm     MD5: d02318fbf4c5377657d43d8308118da4
SHA-256: c960a8918a3715f33d6fd6af63e0d17dee35762882d286fc52bd537b132ce7b9
perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.i686.rpm     MD5: 7f5538919485cf75dcb7300f7238b607
SHA-256: 4c64c338e621bb06733c480b35634ea686ce287b15b5943469136e896a1aed80
 
PPC:
perl-DBD-Pg-2.15.1-4.el6_3.ppc64.rpm     MD5: 000af445b1bbfe4b603002a7d13d8a57
SHA-256: c4005c471b56d587aa4597ea5656cfd609b6f3591a4f01035a6522014d6e76fd
perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.ppc64.rpm     MD5: 3d4cd077a397cc13aaac8d7e09bd27a7
SHA-256: d21aa1f9037efd8fef865b1c11c55f7545880a57fae2ca55297c9067c260fd45
 
s390x:
perl-DBD-Pg-2.15.1-4.el6_3.s390x.rpm     MD5: 2a57a0b3981451412a658eb0f1f703af
SHA-256: bad325cfa7e0b1d889ed2a129e54303dc653de0415865429a5c7168a5ce44a73
perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.s390x.rpm     MD5: b79633eacf99b4d7ab05ea52469ea954
SHA-256: cf1a5e836dca035fcbb21878f74797c312af321f7ed4e0a2c44f6606685ef5ad
 
x86_64:
perl-DBD-Pg-2.15.1-4.el6_3.x86_64.rpm     MD5: 0cfc9e8390eddd12ed1e815d1357f711
SHA-256: f6a2fe2ca54a825dadd61038ba9e21d50a7277790a4fca1149b8be8bd0ed157b
perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.x86_64.rpm     MD5: a68f366c1c91d1fd581041f37c504576
SHA-256: d6604492955b8ce7c8eeba2b15a4cd8a11fca3e86cc55425eda21627b2a81764
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
perl-DBD-Pg-2.15.1-4.el6_3.src.rpm     MD5: cc64a52d7b6cb42b58a7939533a1f89c
SHA-256: c6bd4db836ef5c4ce23167c96ced1ea857cf8ebf4a9f52592a822a75dccc51ec
 
IA-32:
perl-DBD-Pg-2.15.1-4.el6_3.i686.rpm     MD5: d02318fbf4c5377657d43d8308118da4
SHA-256: c960a8918a3715f33d6fd6af63e0d17dee35762882d286fc52bd537b132ce7b9
perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.i686.rpm     MD5: 7f5538919485cf75dcb7300f7238b607
SHA-256: 4c64c338e621bb06733c480b35634ea686ce287b15b5943469136e896a1aed80
 
x86_64:
perl-DBD-Pg-2.15.1-4.el6_3.x86_64.rpm     MD5: 0cfc9e8390eddd12ed1e815d1357f711
SHA-256: f6a2fe2ca54a825dadd61038ba9e21d50a7277790a4fca1149b8be8bd0ed157b
perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.x86_64.rpm     MD5: a68f366c1c91d1fd581041f37c504576
SHA-256: d6604492955b8ce7c8eeba2b15a4cd8a11fca3e86cc55425eda21627b2a81764
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

801733 - CVE-2012-1151 perl-DBD-Pg: Format string flaws by turning db notices into Perl warnings and by preparing DBD statement


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/