oss-sec mailing list archives
Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 09 Mar 2012 23:10:29 -0700
On 03/09/2012 04:10 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors, Case #1: ======== Two format string flaws were found in the way perl-DBD-Pg, a Perl language PostgreSQL DBI implementation, performed: 1) turning of database notices into appropriate Perl language warning messages, 2) preparation of particular DBD statement. A rogue server could provide a specially-crafted database warning or specially-crafted DBD statement, which once processed by the perl-DBD-Pg interface would lead to perl-DBD-Pg based process crash. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536 [2] https://bugzilla.redhat.com/show_bug.cgi?id=801733 CPAN ticket: [3] https://rt.cpan.org/Public/Bug/Display.html?id=75642 Patch proposed by Niko Tyni: [4] https://rt.cpan.org/Ticket/Attachment/1047954/547725/0001-Explicitly-warn-and-croak-with-controlled-format-str.patch
Please use CVE-2012-1151 for this issue.
Case #2: ======== Multiple format string flaws were found in the way perl-YAML-LibYAML, Perl YAML serialization using XS and libyaml, performed: 1) error reporting by loading of general YAML stream, 2) error reporting by loading of YAML node, 3) error reporting by loading of YAML mapping into a Perl hash, and 4) error reporting by loading of YAML sequence into a Perl array. A remote attacker could provide a specially-crafted YAML document, which once processed by the perl-YAML-LibYAML interface would lead to perl-YAML-LibYAML based process crash. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661548 [2] https://bugzilla.redhat.com/show_bug.cgi?id=801738 CPAN tickets: [3] https://rt.cpan.org/Public/Bug/Display.html?id=75365 [4] https://rt.cpan.org/Public/Bug/Display.html?id=46507 Proposed patch: [5] https://rt.cpan.org/Ticket/Attachment/920541/477607/YAML-LibYAML-0.35-format-error.patch
Please use CVE-2012-1152 for this issue.
Could you allocate two CVE ids for these? (one for libdbd-pg-perl / perl-DBD-Pg and one for libyaml-libyaml-perl / perl-YAML-LibYAML) Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
-- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws Jan Lieskovsky (Mar 09)
- Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws Kurt Seifried (Mar 09)