Two format string flaws were found in the way perl-DBD-Pg, a Perl language PostgreSQL DBI implementation, performed:
1) turning of database notices into appropriate Perl language warning messages,
2) preparation of particular DBD statement.
A rogue server could provide a specially-crafted database warning or specially-crafted DBD statement, which once processed by the perl-DBD-Pg interface would lead to perl-DBD-Pg based process crash.
Patch proposed by Niko Tyni:
This issue affects the versions of the perl-DBD-Pg package, as shipped with Red Hat Enterprise Linux 5 and 6.
This issue affects the versions of the perl-DBD-Pg package, as shipped with Fedora release of 15 and 16.
This issue affects the version of the perl-DBD-Pg package, as shipped with Red Hat Application Stack-v2.
Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/10/4
warn() function is not protected by fortify source format string protections,
(read bug 836931), hence assuming that format string exploitation can cause ACE
Created perl-DBD-Pg tracking bugs for this issue
Affects: fedora-all [bug 841133]
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Via RHSA-2012:1116 https://rhn.redhat.com/errata/RHSA-2012-1116.html