[CLA-2002:524] Conectiva Linux Security Announcement - postgresql
Date: Thu, 19 Sep 2002 16:18:59 -0300
From: [email protected]
To: [email protected], [email protected],
Subject: [CLA-2002:524] Conectiva Linux Security Announcement - postgresql
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------
PACKAGE : postgresql
SUMMARY : Buffer overflow vulnerabilities
DATE : 2002-09-19 16:17:00
ID : CLA-2002:524
RELEVANT
RELEASES : 6.0, 7.0, 8
- -------------------------------------------------------------------------
DESCRIPTION
Postgresql[1] is a sophisticated relational database which supports
almost all SQL constructs, including subselects, transactions and
user-defined types and functions.
Mordred Labs <[email protected]> announced[3][4][5] several
vulnerabilities in the postgresql database:
- buffer overflow in the rpad() and lpad() functions;
- buffer overflow in the repeat() function;
- buffer overflow in the cash_words() function;
Other vulnerabilities were also fixed[2] by the postgresql
developers:
- buffer overflow in functions dealing with date/time and timezone;
- more buffer overflows, this time in the circle_poly(),
path_encode() and path_addr() functions, reported again by
<[email protected]>. Fixes for these overflows are available only in
CVS[6] at this time and were not included in the official 7.2.2
release, but are included in this update. Thanks to Martin Schulze
<[email protected]> for alerting us about these last-minute fixes.
In order to exploit any of these vulnerabilities, it is necessary for
the attacker to be able to query the database somehow. Some scenarios
where this could happen:
- the attacker already has an account in the database server and can
execute queries;
- for example, web applications which query the database but do not
adequately filter form or URL data and are vulnerable to SQL command
injection.
Whatever the scenario is, it is not possible to directly obtain root
privileges through these vulnerabilities, because the postgresql
service runs as a non-root user specifically created for it. But it
is likely possible to compromise the data in the database and/or
execute other attacks after exploring the above vulnerabilities.
SOLUTION
It is recommended that all postgresql users upgrade their packages.
Conectiva Linux 8 was shipped with postgresql 7.2.1, and this update
upgrades the packages to version 7.2.2. According to the authors,
there is no need to dump the database before upgrading 7.2.1 to
7.2.2. However, this is a recommended practice with every upgrade.
Conectiva Linux 7.0 and 6.0 have older versions which have been
patched instead to fix these vulnerabilities.
IMPORTANT: please restart the service after the upgrade if it was
already running. To do so, execute, as root:
/sbin/service postgresql restart
REFERENCES
1.http://www.postgresql.com
2.http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php
3.http://online.securityfocus.com/archive/1/288305
4.http://online.securityfocus.com/archive/1/288334
5.http://online.securityfocus.com/archive/1/288036
6.http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/geo_ops.c.diff?r1=1.63&r2=1.64
DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/postgresql-7.0.3-11U60_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-clients-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-clients-X11-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-devel-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-devel-static-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-doc-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-jdbc-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-lib-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-odbc-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-perl-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-python-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-tcl-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-test-7.0.3-11U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/postgresql-7.1.3-1U70_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-clients-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-clients-X11-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-contrib-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-devel-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-devel-static-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-doc-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-lib-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-odbc-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-perl-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-python-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-tcl-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-test-7.1.3-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/postgresql-7.2.2-1U80_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-clients-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-clients-X11-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-contrib-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-devel-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-devel-static-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-doc-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-lib-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-odbc-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-perl-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-python-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-tcl-7.2.2-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-test-7.2.2-1U80_2cl.i386.rpm
ADDITIONAL INSTRUCTIONS
Users of Conectiva Linux version 6.0 or higher may use apt to perform
upgrades of RPM packages:
- add the following line to /etc/apt/sources.list if it is not there yet
(you may also use linuxconf to do this):
rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
(replace 6.0 with the correct version number if you are not running CL6.0)
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- -------------------------------------------------------------------------
subscribe: [email protected]
unsubscribe: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9iiMi42jd0JmAcZARAufXAJ91VkSiWf8Y77XWJxtluRONhf2rlQCg65DR
jOI0v/myeb0fbHk4xHCs5Fk=
=Hzpz
-----END PGP SIGNATURE-----
