Date: Mon, 26 Aug 2002 11:40:59 +0200
From: Daniel Ahlberg <[email protected]>
To: [email protected]Subject: GLSA: PostgreSQL
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------
PACKAGE :postgresql
SUMMARY :buffer overruns
DATE :2002-08-26 09:40 UTC
- - --------------------------------------------------------------------
OVERVIEW
Several buffer overruns found in PostgreSQL
DETAIL
The PostgreSQL Global Development Team has identified and
addressed the following buffer overruns in PostgreSQL:
* in handling long datetime input
* in repeat()
* in lpad() and rpad() with multibyte
* in SET TIME ZONE and TZ env var
More information can be found on the following adresses:
http://online.securityfocus.com/archive/1/288305/2002-08-16/2002-08-22/0http://online.securityfocus.com/archive/1/288334/2002-08-16/2002-08-22/0
The advisory sent by The PostgreSQL Global Development Team can be read a=
t
http://online.securityfocus.com/archive/1/288998/2002-08-23/2002-08-29/0
SOLUTION
It is recommended that all Gentoo Linux users who are running
dev-db/postgresql-7.2.1-r2 and earlier update their systems
as follows:
emerge rsync
emerge postgresql
emerge clean
postgresql-7.2.2 is currently only available for x86. Sparc and ppc will
be available when it's been tested on these archs.
- - --------------------------------------------------------------------
Daniel Ahlberg
[email protected] - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9aferfT7nyhUpoZMRAvekAJ9UjtWr7K5934otXCWVujKOrK9m5QCghSE5
W7ksuXGlIoPx2QexaxEcUEY=3D
=3Dnrn6
-----END PGP SIGNATURE-----
