Mandrake alert: Updated postgresql packages fix buffer overflow vulnerability

Posted by dave on Nov 3, 2003 3:18 PM EDT
Mailing list
Mail this story
Print this story

Two bugs were discovered that lead to a buffer overflow in PostgreSQL versions 7.2.x and 7.3.x prior to 7.3.4, in the abstract data type (ADT) to ASCII conversion functions. It is believed that, under the right circumstances, an attacker may use this vulnerability to execute arbitrary instructions on the PostgreSQL server.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandrake Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           postgresql
 Advisory ID:            MDKSA-2003:102
 Date:                   November 3rd, 2003

 Affected versions:	 9.0, 9.1, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Two bugs were discovered that lead to a buffer overflow in PostgreSQL
 versions 7.2.x and 7.3.x prior to 7.3.4, in the abstract data type
 (ADT) to ASCII conversion functions.  It is believed that, under the
 right circumstances, an attacker may use this vulnerability to execute
 arbitrary instructions on the PostgreSQL server.
 
 The provided packages are patched to protect against this vulnerability
 and all users are encouraged to upgrade immediately.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0901
 ______________________________________________________________________

 Updated Packages:
  
 Corporate Server 2.1:
 e591fb89bc43fa4e3291fcbad6930b87  corporate/2.1/RPMS/libecpg3-7.3.2-5.1.91mdk.i586.rpm
 fc37cce6f829431760ad4fe41f7ce7e8  corporate/2.1/RPMS/libecpg3-devel-7.3.2-5.1.91mdk.i586.rpm
 c44e0efc8911fb99e6538f9360585dc4  corporate/2.1/RPMS/libpgtcl2-7.3.2-5.1.91mdk.i586.rpm
 c99df3f7ef1728b83f41190fc8b2ed69  corporate/2.1/RPMS/libpgtcl2-devel-7.3.2-5.1.91mdk.i586.rpm
 0350a36703d64f82fc699c570de7001c  corporate/2.1/RPMS/postgresql-7.3.2-5.1.91mdk.i586.rpm
 8ecd3c833e2d2c82156430720e13288d  corporate/2.1/RPMS/postgresql-contrib-7.3.2-5.1.91mdk.i586.rpm
 7f38bdfe7eed73ab4deaa760335a5e71  corporate/2.1/RPMS/postgresql-devel-7.3.2-5.1.91mdk.i586.rpm
 cc73137d6fb5df9ecb01d5607ff60bd2  corporate/2.1/RPMS/postgresql-docs-7.3.2-5.1.91mdk.i586.rpm
 a26beb15e34660b662b2a509a9336210  corporate/2.1/RPMS/postgresql-jdbc-7.3.2-5.1.91mdk.i586.rpm
 426ec9323b240d4baa987bca6f34c479  corporate/2.1/RPMS/postgresql-pl-7.3.2-5.1.91mdk.i586.rpm
 60ea7e82f346e47b037ba9a4fd97d7b1  corporate/2.1/RPMS/postgresql-python-7.3.2-5.1.91mdk.i586.rpm
 474cf9a61e66fc7743da7495946271eb  corporate/2.1/RPMS/postgresql-server-7.3.2-5.1.91mdk.i586.rpm
 cbdb2a4e89600e44fbaa85c51b9a0ca0  corporate/2.1/RPMS/postgresql-tcl-7.3.2-5.1.91mdk.i586.rpm
 c6ab57bacda6b7770bd613703c7e7c15  corporate/2.1/RPMS/postgresql-test-7.3.2-5.1.91mdk.i586.rpm
 d46e26ad5f8efd7e49fad3245ffecd16  corporate/2.1/SRPMS/postgresql-7.3.2-5.1.91mdk.src.rpm

 Corporate Server 2.1/x86_64:
 9b118c47e0f9cc0dcbe91a9e92f81cb1  x86_64/corporate/2.1/RPMS/libecpg3-7.2.2-1.3.90mdk.x86_64.rpm
 ef17c82488728f298052822179b0c34d  x86_64/corporate/2.1/RPMS/libpgperl-7.2.2-1.3.90mdk.x86_64.rpm
 eb9c5b84b0e03f187c116fadc974025c  x86_64/corporate/2.1/RPMS/libpgsql2-7.2.2-1.3.90mdk.x86_64.rpm
 c8fecbd885139bcac04ad71c5762be49  x86_64/corporate/2.1/RPMS/libpgsqlodbc0-7.2.2-1.3.90mdk.x86_64.rpm
 548f94d43874529e048368b9d49d3ce1  x86_64/corporate/2.1/RPMS/libpgtcl2-7.2.2-1.3.90mdk.x86_64.rpm
 0757a33d172bb8def5a29067a68b54ab  x86_64/corporate/2.1/RPMS/postgresql-7.2.2-1.3.90mdk.x86_64.rpm
 bd1287ccfbd9973759cce48beb706be2  x86_64/corporate/2.1/RPMS/postgresql-contrib-7.2.2-1.3.90mdk.x86_64.rpm
 1306c8ff9c0de7e2fd5796c50237f050  x86_64/corporate/2.1/RPMS/postgresql-devel-7.2.2-1.3.90mdk.x86_64.rpm
 beeb75b19b8b7925ba67bd5f56846965  x86_64/corporate/2.1/RPMS/postgresql-docs-7.2.2-1.3.90mdk.x86_64.rpm
 6bd74df5d69b585c64de76c1bd169f3c  x86_64/corporate/2.1/RPMS/postgresql-jdbc-7.2.2-1.3.90mdk.x86_64.rpm
 eded9d9a28250cce394cd18df653dbe9  x86_64/corporate/2.1/RPMS/postgresql-python-7.2.2-1.3.90mdk.x86_64.rpm
 ef142fb51b35731705a94e23ffba0a3b  x86_64/corporate/2.1/RPMS/postgresql-server-7.2.2-1.3.90mdk.x86_64.rpm
 1374a773ebdbed4a2f7fb7d41c3a3937  x86_64/corporate/2.1/RPMS/postgresql-tcl-7.2.2-1.3.90mdk.x86_64.rpm
 32d910684f0a27b43c484e3309548b08  x86_64/corporate/2.1/RPMS/postgresql-test-7.2.2-1.3.90mdk.x86_64.rpm
 8495e1f801b8a7b0005ff7da6ece7e8f  x86_64/corporate/2.1/RPMS/postgresql-tk-7.2.2-1.3.90mdk.x86_64.rpm
 d46e26ad5f8efd7e49fad3245ffecd16  x86_64/corporate/2.1/SRPMS/postgresql-7.3.2-5.1.91mdk.src.rpm

 Mandrake Linux 9.0:
 6a95df30a5e67c53918e13793b999072  9.0/RPMS/libecpg3-7.2.2-1.3.90mdk.i586.rpm
 3880f5b78ae7485a92cc6caf53ac79ca  9.0/RPMS/libpgperl-7.2.2-1.3.90mdk.i586.rpm
 86912355e0159e3eb3fba11e4986bb89  9.0/RPMS/libpgsql2-7.2.2-1.3.90mdk.i586.rpm
 7ceadd1df64b5a71d002ce502404cfd5  9.0/RPMS/libpgsqlodbc0-7.2.2-1.3.90mdk.i586.rpm
 de0a42de1d67237a217621aebeaac23e  9.0/RPMS/libpgtcl2-7.2.2-1.3.90mdk.i586.rpm
 5a09ccc7f4d77bc4d6662b5c962a749e  9.0/RPMS/postgresql-7.2.2-1.3.90mdk.i586.rpm
 5826549584227abcb371c0fcac60cc7d  9.0/RPMS/postgresql-contrib-7.2.2-1.3.90mdk.i586.rpm
 08d68115b57763a6674a35658ae797b7  9.0/RPMS/postgresql-devel-7.2.2-1.3.90mdk.i586.rpm
 c1d41fedb26f6fafb15bc72fbf36333d  9.0/RPMS/postgresql-docs-7.2.2-1.3.90mdk.i586.rpm
 5df0861eb5e19252dc0488925b656df1  9.0/RPMS/postgresql-jdbc-7.2.2-1.3.90mdk.i586.rpm
 a2ce4314a7b182daa924e4962bf3f23d  9.0/RPMS/postgresql-python-7.2.2-1.3.90mdk.i586.rpm
 9cea38e106a59f3094fb4494cefe731f  9.0/RPMS/postgresql-server-7.2.2-1.3.90mdk.i586.rpm
 52530986f54aa49f2db9e0fc7308b21a  9.0/RPMS/postgresql-tcl-7.2.2-1.3.90mdk.i586.rpm
 ef10371c4cb0a8af78752b9a97a527eb  9.0/RPMS/postgresql-test-7.2.2-1.3.90mdk.i586.rpm
 3208e32653aa0c9be90f02c2aeb30584  9.0/RPMS/postgresql-tk-7.2.2-1.3.90mdk.i586.rpm
 0e06ca7aef72f902b9f21096913f9830  9.0/SRPMS/postgresql-7.2.2-1.3.90mdk.src.rpm

 Mandrake Linux 9.1:
 e591fb89bc43fa4e3291fcbad6930b87  9.1/RPMS/libecpg3-7.3.2-5.1.91mdk.i586.rpm
 fc37cce6f829431760ad4fe41f7ce7e8  9.1/RPMS/libecpg3-devel-7.3.2-5.1.91mdk.i586.rpm
 c44e0efc8911fb99e6538f9360585dc4  9.1/RPMS/libpgtcl2-7.3.2-5.1.91mdk.i586.rpm
 c99df3f7ef1728b83f41190fc8b2ed69  9.1/RPMS/libpgtcl2-devel-7.3.2-5.1.91mdk.i586.rpm
 a9b79c6d8bbb645cebb05aff478e866e  9.1/RPMS/libpq3-7.3.2-5.1.91mdk.i586.rpm
 83d05170aefcf19f33ed4abe6fd36fb4  9.1/RPMS/libpq3-devel-7.3.2-5.1.91mdk.i586.rpm
 0350a36703d64f82fc699c570de7001c  9.1/RPMS/postgresql-7.3.2-5.1.91mdk.i586.rpm
 8ecd3c833e2d2c82156430720e13288d  9.1/RPMS/postgresql-contrib-7.3.2-5.1.91mdk.i586.rpm
 7f38bdfe7eed73ab4deaa760335a5e71  9.1/RPMS/postgresql-devel-7.3.2-5.1.91mdk.i586.rpm
 cc73137d6fb5df9ecb01d5607ff60bd2  9.1/RPMS/postgresql-docs-7.3.2-5.1.91mdk.i586.rpm
 a26beb15e34660b662b2a509a9336210  9.1/RPMS/postgresql-jdbc-7.3.2-5.1.91mdk.i586.rpm
 426ec9323b240d4baa987bca6f34c479  9.1/RPMS/postgresql-pl-7.3.2-5.1.91mdk.i586.rpm
 60ea7e82f346e47b037ba9a4fd97d7b1  9.1/RPMS/postgresql-python-7.3.2-5.1.91mdk.i586.rpm
 474cf9a61e66fc7743da7495946271eb  9.1/RPMS/postgresql-server-7.3.2-5.1.91mdk.i586.rpm
 cbdb2a4e89600e44fbaa85c51b9a0ca0  9.1/RPMS/postgresql-tcl-7.3.2-5.1.91mdk.i586.rpm
 c6ab57bacda6b7770bd613703c7e7c15  9.1/RPMS/postgresql-test-7.3.2-5.1.91mdk.i586.rpm
 d46e26ad5f8efd7e49fad3245ffecd16  9.1/SRPMS/postgresql-7.3.2-5.1.91mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by MandrakeSoft for security.  You can obtain
 the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver http://www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

 MandrakeSoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/pu6EmqjQ0CJFipgRApmGAKDImViBj+u+J0wXnk0XWZkZ1jEbUwCglYSg
sqr/jgOq3ZxJC/1aEmfP/qk=
=ztq+
-----END PGP SIGNATURE-----

  Nav
» Read more about: Story Type: Security; Groups: Mandriva

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.