---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: Debian update for libdbd-pg-perl SECUNIA ADVISORY ID: SA34909 VERIFY ADVISORY: http://secunia.com/advisories/34909/ DESCRIPTION: Debian has issued an update for libdbd-pg-perl. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) A boundary error exists within the "pg_db_putline()" function in dbdimp.c. This can be exploited to cause a heap-based buffer overflow if malicious rows are retrieved from the database using the "pg_getline()" or "getline()" function. 2) A memory leak exists within the function "dequote_bytea()" in quote.c, which can be exploited to cause a memory exhaustion. SOLUTION: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49.orig.tar.gz Size/MD5 checksum: 147310 76b9d6a2f4cbaefcba23380f83998215 http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz Size/MD5 checksum: 7869 56a99e2007bf916001c3f25e666b5eb1 http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.dsc Size/MD5 checksum: 1137 27572a9adacd09243cbc9a6cbd8b32cf amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_amd64.deb Size/MD5 checksum: 131228 f4c6b39a15df7b264e4fec6c84348a00 arm architecture (ARM) http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_arm.deb Size/MD5 checksum: 125596 071c0261e3c53c0c58d7c49deda91c4d hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_hppa.deb Size/MD5 checksum: 136324 c523cf9f116595cf92087694018eeaeb i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_i386.deb Size/MD5 checksum: 128756 99639a5e94713216d7ab656569c3a1d9 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_ia64.deb Size/MD5 checksum: 155694 5cc52a6a7a2f20659a7c1a0a2202b4c9 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_mips.deb Size/MD5 checksum: 116780 da0d63d78a9b71edf49a49d9ca931887 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_mipsel.deb Size/MD5 checksum: 116568 e23a1521db5192b9029d67c8f05bfd8f powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_powerpc.deb Size/MD5 checksum: 131058 2dfd7e0569b0b712dcdc195788a86c9b s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_s390.deb Size/MD5 checksum: 123850 a42d01e742d27217d859c883c2a38ef1 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_sparc.deb Size/MD5 checksum: 129566 f4194cffcb723109eea117e1397d1e43 PROVIDED AND/OR DISCOVERED BY: 1) Reported in the Debian advisory. 2) Stephen Marshall ORIGINAL ADVISORY: DSA-1780-1: http://lists.debian.org/debian-security-announce/2009/msg00091.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------