[CLA-2002:524] Conectiva Linux Security Announcement - postgresql

From: secure@conectiva.com.br
Date: 09/19/02


Date: Thu, 19 Sep 2002 16:18:59 -0300
To: conectiva-updates@papaleguas.conectiva.com.br, lwn@lwn.net, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com
From: secure@conectiva.com.br


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------

PACKAGE : postgresql
SUMMARY : Buffer overflow vulnerabilities
DATE : 2002-09-19 16:17:00
ID : CLA-2002:524
RELEVANT
RELEASES : 6.0, 7.0, 8

- -------------------------------------------------------------------------

DESCRIPTION
 Postgresql[1] is a sophisticated relational database which supports
 almost all SQL constructs, including subselects, transactions and
 user-defined types and functions.
 
 Mordred Labs <mordred@s-mail.com> announced[3][4][5] several
 vulnerabilities in the postgresql database:
 - buffer overflow in the rpad() and lpad() functions;
 - buffer overflow in the repeat() function;
 - buffer overflow in the cash_words() function;
 
 Other vulnerabilities were also fixed[2] by the postgresql
 developers:
 - buffer overflow in functions dealing with date/time and timezone;
 - more buffer overflows, this time in the circle_poly(),
 path_encode() and path_addr() functions, reported again by
 <mordred@s-mail.com>. Fixes for these overflows are available only in
 CVS[6] at this time and were not included in the official 7.2.2
 release, but are included in this update. Thanks to Martin Schulze
 <joey@infodrom.org> for alerting us about these last-minute fixes.
 
 In order to exploit any of these vulnerabilities, it is necessary for
 the attacker to be able to query the database somehow. Some scenarios
 where this could happen:
 - the attacker already has an account in the database server and can
 execute queries;
 - for example, web applications which query the database but do not
 adequately filter form or URL data and are vulnerable to SQL command
 injection.
 
 Whatever the scenario is, it is not possible to directly obtain root
 privileges through these vulnerabilities, because the postgresql
 service runs as a non-root user specifically created for it. But it
 is likely possible to compromise the data in the database and/or
 execute other attacks after exploring the above vulnerabilities.

SOLUTION
 It is recommended that all postgresql users upgrade their packages.
 
 Conectiva Linux 8 was shipped with postgresql 7.2.1, and this update
 upgrades the packages to version 7.2.2. According to the authors,
 there is no need to dump the database before upgrading 7.2.1 to
 7.2.2. However, this is a recommended practice with every upgrade.
 Conectiva Linux 7.0 and 6.0 have older versions which have been
 patched instead to fix these vulnerabilities.
 
 IMPORTANT: please restart the service after the upgrade if it was
 already running. To do so, execute, as root:
 
 /sbin/service postgresql restart
 
 
 REFERENCES
 1.http://www.postgresql.com
 2.http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php
 3.http://online.securityfocus.com/archive/1/288305
 4.http://online.securityfocus.com/archive/1/288334
 5.http://online.securityfocus.com/archive/1/288036
 6.http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/geo_ops.c.diff?r1=1.63&r2=1.64

DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/postgresql-7.0.3-11U60_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-clients-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-clients-X11-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-devel-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-devel-static-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-doc-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-jdbc-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-lib-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-odbc-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-perl-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-python-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-tcl-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-test-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/postgresql-7.1.3-1U70_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-clients-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-clients-X11-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-contrib-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-devel-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-devel-static-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-doc-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-lib-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-odbc-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-perl-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-python-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-tcl-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-test-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/postgresql-7.2.2-1U80_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-clients-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-clients-X11-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-contrib-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-devel-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-devel-static-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-doc-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-lib-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-odbc-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-perl-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-python-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-tcl-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-test-7.2.2-1U80_2cl.i386.rpm

ADDITIONAL INSTRUCTIONS
 Users of Conectiva Linux version 6.0 or higher may use apt to perform
 upgrades of RPM packages:
 - add the following line to /etc/apt/sources.list if it is not there yet
   (you may also use linuxconf to do this):

 rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

(replace 6.0 with the correct version number if you are not running CL6.0)

 - run: apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9iiMi42jd0JmAcZARAufXAJ91VkSiWf8Y77XWJxtluRONhf2rlQCg65DR
jOI0v/myeb0fbHk4xHCs5Fk=
=Hzpz
-----END PGP SIGNATURE-----



Relevant Pages

  • [USN-118-1] PostgreSQL vulnerabilities
    ... postgresql vulnerabilities ... Ubuntu 4.10 ... These vulnerabilities must also be fixed in all existing databases ... Updated packages for Ubuntu 4.10: ...
    (Bugtraq)
  • [Full-disclosure] [USN-118-1] PostgreSQL vulnerabilities
    ... postgresql vulnerabilities ... Ubuntu 4.10 ... These vulnerabilities must also be fixed in all existing databases ... Updated packages for Ubuntu 4.10: ...
    (Full-Disclosure)
  • Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release
    ... Due to recent security vulnerabilities reported on BugTraq, ... several buffer overruns found in PostgreSQL, ... require the ability to be able to connect to the database before they can ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2012:026 ] postgresql
    ... Package: postgresql ... Mandriva Linux 2010.1/X86_64: ... All packages are signed by Mandriva for security. ... If you want to report vulnerabilities, ...
    (Full-Disclosure)
  • [ MDVSA-2012:026 ] postgresql
    ... Package: postgresql ... Mandriva Linux 2010.1/X86_64: ... All packages are signed by Mandriva for security. ... If you want to report vulnerabilities, ...
    (Bugtraq)