Date: 4 Nov 2003 00:10:44 -0000
From: Mandrake Linux Security Team <[email protected]>
To: [email protected]Subject: MDKSA-2003:102 - Updated postgresql packages fix buffer overflow vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrake Linux Security Update Advisory
_______________________________________________________________________
Package name: postgresql
Advisory ID: MDKSA-2003:102
Date: November 3rd, 2003
Affected versions: 9.0, 9.1, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Two bugs were discovered that lead to a buffer overflow in PostgreSQL
versions 7.2.x and 7.3.x prior to 7.3.4, in the abstract data type
(ADT) to ASCII conversion functions. It is believed that, under the
right circumstances, an attacker may use this vulnerability to execute
arbitrary instructions on the PostgreSQL server.
The provided packages are patched to protect against this vulnerability
and all users are encouraged to upgrade immediately.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0901
______________________________________________________________________
Updated Packages:
Corporate Server 2.1:
e591fb89bc43fa4e3291fcbad6930b87 corporate/2.1/RPMS/libecpg3-7.3.2-5.1.91mdk.i586.rpm
fc37cce6f829431760ad4fe41f7ce7e8 corporate/2.1/RPMS/libecpg3-devel-7.3.2-5.1.91mdk.i586.rpm
c44e0efc8911fb99e6538f9360585dc4 corporate/2.1/RPMS/libpgtcl2-7.3.2-5.1.91mdk.i586.rpm
c99df3f7ef1728b83f41190fc8b2ed69 corporate/2.1/RPMS/libpgtcl2-devel-7.3.2-5.1.91mdk.i586.rpm
0350a36703d64f82fc699c570de7001c corporate/2.1/RPMS/postgresql-7.3.2-5.1.91mdk.i586.rpm
8ecd3c833e2d2c82156430720e13288d corporate/2.1/RPMS/postgresql-contrib-7.3.2-5.1.91mdk.i586.rpm
7f38bdfe7eed73ab4deaa760335a5e71 corporate/2.1/RPMS/postgresql-devel-7.3.2-5.1.91mdk.i586.rpm
cc73137d6fb5df9ecb01d5607ff60bd2 corporate/2.1/RPMS/postgresql-docs-7.3.2-5.1.91mdk.i586.rpm
a26beb15e34660b662b2a509a9336210 corporate/2.1/RPMS/postgresql-jdbc-7.3.2-5.1.91mdk.i586.rpm
426ec9323b240d4baa987bca6f34c479 corporate/2.1/RPMS/postgresql-pl-7.3.2-5.1.91mdk.i586.rpm
60ea7e82f346e47b037ba9a4fd97d7b1 corporate/2.1/RPMS/postgresql-python-7.3.2-5.1.91mdk.i586.rpm
474cf9a61e66fc7743da7495946271eb corporate/2.1/RPMS/postgresql-server-7.3.2-5.1.91mdk.i586.rpm
cbdb2a4e89600e44fbaa85c51b9a0ca0 corporate/2.1/RPMS/postgresql-tcl-7.3.2-5.1.91mdk.i586.rpm
c6ab57bacda6b7770bd613703c7e7c15 corporate/2.1/RPMS/postgresql-test-7.3.2-5.1.91mdk.i586.rpm
d46e26ad5f8efd7e49fad3245ffecd16 corporate/2.1/SRPMS/postgresql-7.3.2-5.1.91mdk.src.rpm
Corporate Server 2.1/x86_64:
9b118c47e0f9cc0dcbe91a9e92f81cb1 x86_64/corporate/2.1/RPMS/libecpg3-7.2.2-1.3.90mdk.x86_64.rpm
ef17c82488728f298052822179b0c34d x86_64/corporate/2.1/RPMS/libpgperl-7.2.2-1.3.90mdk.x86_64.rpm
eb9c5b84b0e03f187c116fadc974025c x86_64/corporate/2.1/RPMS/libpgsql2-7.2.2-1.3.90mdk.x86_64.rpm
c8fecbd885139bcac04ad71c5762be49 x86_64/corporate/2.1/RPMS/libpgsqlodbc0-7.2.2-1.3.90mdk.x86_64.rpm
548f94d43874529e048368b9d49d3ce1 x86_64/corporate/2.1/RPMS/libpgtcl2-7.2.2-1.3.90mdk.x86_64.rpm
0757a33d172bb8def5a29067a68b54ab x86_64/corporate/2.1/RPMS/postgresql-7.2.2-1.3.90mdk.x86_64.rpm
bd1287ccfbd9973759cce48beb706be2 x86_64/corporate/2.1/RPMS/postgresql-contrib-7.2.2-1.3.90mdk.x86_64.rpm
1306c8ff9c0de7e2fd5796c50237f050 x86_64/corporate/2.1/RPMS/postgresql-devel-7.2.2-1.3.90mdk.x86_64.rpm
beeb75b19b8b7925ba67bd5f56846965 x86_64/corporate/2.1/RPMS/postgresql-docs-7.2.2-1.3.90mdk.x86_64.rpm
6bd74df5d69b585c64de76c1bd169f3c x86_64/corporate/2.1/RPMS/postgresql-jdbc-7.2.2-1.3.90mdk.x86_64.rpm
eded9d9a28250cce394cd18df653dbe9 x86_64/corporate/2.1/RPMS/postgresql-python-7.2.2-1.3.90mdk.x86_64.rpm
ef142fb51b35731705a94e23ffba0a3b x86_64/corporate/2.1/RPMS/postgresql-server-7.2.2-1.3.90mdk.x86_64.rpm
1374a773ebdbed4a2f7fb7d41c3a3937 x86_64/corporate/2.1/RPMS/postgresql-tcl-7.2.2-1.3.90mdk.x86_64.rpm
32d910684f0a27b43c484e3309548b08 x86_64/corporate/2.1/RPMS/postgresql-test-7.2.2-1.3.90mdk.x86_64.rpm
8495e1f801b8a7b0005ff7da6ece7e8f x86_64/corporate/2.1/RPMS/postgresql-tk-7.2.2-1.3.90mdk.x86_64.rpm
d46e26ad5f8efd7e49fad3245ffecd16 x86_64/corporate/2.1/SRPMS/postgresql-7.3.2-5.1.91mdk.src.rpm
Mandrake Linux 9.0:
6a95df30a5e67c53918e13793b999072 9.0/RPMS/libecpg3-7.2.2-1.3.90mdk.i586.rpm
3880f5b78ae7485a92cc6caf53ac79ca 9.0/RPMS/libpgperl-7.2.2-1.3.90mdk.i586.rpm
86912355e0159e3eb3fba11e4986bb89 9.0/RPMS/libpgsql2-7.2.2-1.3.90mdk.i586.rpm
7ceadd1df64b5a71d002ce502404cfd5 9.0/RPMS/libpgsqlodbc0-7.2.2-1.3.90mdk.i586.rpm
de0a42de1d67237a217621aebeaac23e 9.0/RPMS/libpgtcl2-7.2.2-1.3.90mdk.i586.rpm
5a09ccc7f4d77bc4d6662b5c962a749e 9.0/RPMS/postgresql-7.2.2-1.3.90mdk.i586.rpm
5826549584227abcb371c0fcac60cc7d 9.0/RPMS/postgresql-contrib-7.2.2-1.3.90mdk.i586.rpm
08d68115b57763a6674a35658ae797b7 9.0/RPMS/postgresql-devel-7.2.2-1.3.90mdk.i586.rpm
c1d41fedb26f6fafb15bc72fbf36333d 9.0/RPMS/postgresql-docs-7.2.2-1.3.90mdk.i586.rpm
5df0861eb5e19252dc0488925b656df1 9.0/RPMS/postgresql-jdbc-7.2.2-1.3.90mdk.i586.rpm
a2ce4314a7b182daa924e4962bf3f23d 9.0/RPMS/postgresql-python-7.2.2-1.3.90mdk.i586.rpm
9cea38e106a59f3094fb4494cefe731f 9.0/RPMS/postgresql-server-7.2.2-1.3.90mdk.i586.rpm
52530986f54aa49f2db9e0fc7308b21a 9.0/RPMS/postgresql-tcl-7.2.2-1.3.90mdk.i586.rpm
ef10371c4cb0a8af78752b9a97a527eb 9.0/RPMS/postgresql-test-7.2.2-1.3.90mdk.i586.rpm
3208e32653aa0c9be90f02c2aeb30584 9.0/RPMS/postgresql-tk-7.2.2-1.3.90mdk.i586.rpm
0e06ca7aef72f902b9f21096913f9830 9.0/SRPMS/postgresql-7.2.2-1.3.90mdk.src.rpm
Mandrake Linux 9.1:
e591fb89bc43fa4e3291fcbad6930b87 9.1/RPMS/libecpg3-7.3.2-5.1.91mdk.i586.rpm
fc37cce6f829431760ad4fe41f7ce7e8 9.1/RPMS/libecpg3-devel-7.3.2-5.1.91mdk.i586.rpm
c44e0efc8911fb99e6538f9360585dc4 9.1/RPMS/libpgtcl2-7.3.2-5.1.91mdk.i586.rpm
c99df3f7ef1728b83f41190fc8b2ed69 9.1/RPMS/libpgtcl2-devel-7.3.2-5.1.91mdk.i586.rpm
a9b79c6d8bbb645cebb05aff478e866e 9.1/RPMS/libpq3-7.3.2-5.1.91mdk.i586.rpm
83d05170aefcf19f33ed4abe6fd36fb4 9.1/RPMS/libpq3-devel-7.3.2-5.1.91mdk.i586.rpm
0350a36703d64f82fc699c570de7001c 9.1/RPMS/postgresql-7.3.2-5.1.91mdk.i586.rpm
8ecd3c833e2d2c82156430720e13288d 9.1/RPMS/postgresql-contrib-7.3.2-5.1.91mdk.i586.rpm
7f38bdfe7eed73ab4deaa760335a5e71 9.1/RPMS/postgresql-devel-7.3.2-5.1.91mdk.i586.rpm
cc73137d6fb5df9ecb01d5607ff60bd2 9.1/RPMS/postgresql-docs-7.3.2-5.1.91mdk.i586.rpm
a26beb15e34660b662b2a509a9336210 9.1/RPMS/postgresql-jdbc-7.3.2-5.1.91mdk.i586.rpm
426ec9323b240d4baa987bca6f34c479 9.1/RPMS/postgresql-pl-7.3.2-5.1.91mdk.i586.rpm
60ea7e82f346e47b037ba9a4fd97d7b1 9.1/RPMS/postgresql-python-7.3.2-5.1.91mdk.i586.rpm
474cf9a61e66fc7743da7495946271eb 9.1/RPMS/postgresql-server-7.3.2-5.1.91mdk.i586.rpm
cbdb2a4e89600e44fbaa85c51b9a0ca0 9.1/RPMS/postgresql-tcl-7.3.2-5.1.91mdk.i586.rpm
c6ab57bacda6b7770bd613703c7e7c15 9.1/RPMS/postgresql-test-7.3.2-5.1.91mdk.i586.rpm
d46e26ad5f8efd7e49fad3245ffecd16 9.1/SRPMS/postgresql-7.3.2-5.1.91mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE/pu6EmqjQ0CJFipgRApmGAKDImViBj+u+J0wXnk0XWZkZ1jEbUwCglYSg
sqr/jgOq3ZxJC/1aEmfP/qk=
=ztq+
-----END PGP SIGNATURE-----