Package : libdbd-pg-perl
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2009-0663 CVE-2009-134
Two vulnerabilities have been discovered in libdbd-pg-perl, the DBI
driver module for PostgreSQL database access (DBD::Pg).
CVE-2009-0663
A heap-based buffer overflow may allow attackers to execute arbitrary
code through applications which read rows from the database using the
pg_getline and getline functions. (More common retrieval methods,
such as selectall_arrayref and fetchrow_array, are not affected.)
CVE-2009-1341
A memory leak in the routine which unquotes BYTEA values returned from
the database allows attackers to cause a denial of service.
For the old stable distribution (etch), these problems have been fixed
in version 1.49-2+etch1.
For the stable distribution (lenny) and the unstable distribution (sid),
these problems have been fixed in version 2.1.3-1 before the release of
lenny.
We recommend that you upgrade your libdbd-pg-perl package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------