LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: 'postgresql' Multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Debian Several buffer overflows and integer overflows have been fixed in the latest version. Special upgrade instructions enclosed within advisory.

--------------------------------------------------------------------------
Debian Security Advisory DSA 165-1                     security@debian.org 
http://www.debian.org/security/                             Martin Schulze
September 12th, 2002                     http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : postgresql
Vulnerability  : buffer overflows
Problem-Type   : remote
Debian-specific: no
CVE Id         : CAN-2002-0972

Mordred Labs and others found several vulnerabilities in PostgreSQL,
an object-relational SQL database.  They are inherited from several
buffer overflows and integer overflows.  Specially crafted long date
and time input, currency, repeat data and long timezone names could
cause the PostgreSQL server to crash as well as specially crafted
input data for lpad() and rpad().  More buffer/integer overflows were
found in circle_poly(), path_encode() and path_addr().

Except for the last three, these problems are fixed in the upstream
release 7.2.2 of PostgreSQL which is the recommended version to use.

Most of these problems do not exist in the version of PostgreSQL that
Debian ships in the potato release since the corresponding
functionality is not yet implemented.  However, PostgreSQL 6.5.3 is
quite old and may bear more risks than we are aware of, which may
include further buffer overflows, and certainly include bugs that
threaten the integrity of your data.

You are strongly advised not to use this release but to upgrade your
system to Debian 3.0 (stable) including PostgreSQL release 7.2.1
instead, where many bugs have been fixed and new features introduced
to increase compatibility with the SQL standards.

If you consider an upgrade, please make sure to dump the entire
database system using the pg_dumpall utility.  Please take into
consideration that the newer PostgreSQL is more strict in its input
handling.  This means that tests line "foo = NULL" which are not valid
won't be accepted anymore.  It also means that when using UNICODE
encoding, ISO 8859-1 and ISO 8859-15 are no longer valid incoding to
use when inserting data into the relation.  In such a case you are
advised to convert the dump in question using recode latin1..utf-16.

These problems have been fixed in version 7.2.1-2woody2 for the
current stable distribution (woody) and in version 7.2.2-2 for the
unstable distribution (sid).  The old stable distribution (potato) is
partially affected and we ship a fixed version 6.5.3-27.2 for it.

We recommend that you upgrade your PostgreSQL packages.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
---------------------------------

  Source archives:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3-27.2.dsc
      Size/MD5 checksum:      898 0c0e93f2ccf5ce9facc4a465b6292cd8
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3-27.2.diff.gz
      Size/MD5 checksum:   156968 5f2ef24ed154bd4de57dc5726ac3cc86
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3.orig.tar.gz
      Size/MD5 checksum:  6833791 098d1ee4316500a2d033ced3ebd5b831

  Architecture independent components:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_6.5.3-27.2_all.deb
      Size/MD5 checksum:  2174496 79be7470e7ed11d31a42fc39c9a2d31c

  Alpha architecture:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3-27.2_alpha.deb
      Size/MD5 checksum:   881594 8e998e45147625c1193cdd2d76ce2180
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_6.5.3-27.2_alpha.deb
      Size/MD5 checksum:    99800 de594d91602d7488e15b17c791177b3c
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_6.5.3-27.2_alpha.deb
      Size/MD5 checksum:   105720 fb4db53673387a3d2316be3c2c712553
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_6.5.3-27.2_alpha.deb
      Size/MD5 checksum:   263928 9236097a2fd2563f553eddc1837dcec0

  ARM architecture:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3-27.2_arm.deb
      Size/MD5 checksum:   722526 007e62202fdc2e90e035089dffd72b14
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_6.5.3-27.2_arm.deb
      Size/MD5 checksum:    89978 fcf9df5c2492ab78004327e001ef2c1f
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_6.5.3-27.2_arm.deb
      Size/MD5 checksum:    97820 01a66c480ee709733b28fe052f2c2374
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_6.5.3-27.2_arm.deb
      Size/MD5 checksum:   239052 971adf428f0eb32f57e6ac028f653c2d

  Intel IA-32 architecture:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3-27.2_i386.deb
      Size/MD5 checksum:   687334 8b448ec3a6c1e6cd52bca10b5cc48cc3
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_6.5.3-27.2_i386.deb
      Size/MD5 checksum:    88128 4d3b874a135665ff355001fada0fddef
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_6.5.3-27.2_i386.deb
      Size/MD5 checksum:    95942 0ebcebc831c984a7b18d61cbed5875a0
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_6.5.3-27.2_i386.deb
      Size/MD5 checksum:   233256 a15449922f2ac541b2ef6c5d108c9e80

  Motorola 680x0 architecture:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3-27.2_m68k.deb
      Size/MD5 checksum:   648568 04bfd07630393444bf0fe0fe9cddec46
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_6.5.3-27.2_m68k.deb
      Size/MD5 checksum:    83542 13ff333a8d436d4c35a9edbcf609c695
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_6.5.3-27.2_m68k.deb
      Size/MD5 checksum:    95810 dbe390fa02b7e6fd8c851504e9ee038f
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_6.5.3-27.2_m68k.deb
      Size/MD5 checksum:   231918 20a4eb3180cae532ecbcd0746606c324

  PowerPC architecture:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3-27.2_powerpc.deb
      Size/MD5 checksum:   730152 1e02e009522175777d1e07baadf19278
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_6.5.3-27.2_powerpc.deb
      Size/MD5 checksum:    87736 3ebcf8ca5a0865b5098cd38a5bd21330
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_6.5.3-27.2_powerpc.deb
      Size/MD5 checksum:    99108 f18306dbdc39f59fec68ebe698200b24
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_6.5.3-27.2_powerpc.deb
      Size/MD5 checksum:   251990 c55b7e233046b78b82f14312b3bd7ef5

  Sun Sparc architecture:


     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3-27.2_sparc.deb
      Size/MD5 checksum:   715944 7508c6790fa0a27d2c1f0e3aeee05a7a
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_6.5.3-27.2_sparc.deb
      Size/MD5 checksum:    94714 764b44e5556ddf84f8bbabc76932d3f2
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_6.5.3-27.2_sparc.deb
      Size/MD5 checksum:    99438 7f9e005d970e914886a796733e8fb9d7
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_6.5.3-27.2_sparc.deb
      Size/MD5 checksum:   235090 412d135c6f5b2f811ca1829fc58971cc


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2.dsc
      Size/MD5 checksum:      966 608f67b79934e98459ca278879f6b742
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2.diff.gz
      Size/MD5 checksum:   108324 c02c93a8b361d3da4c0703aeb68618ba
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1.orig.tar.gz
      Size/MD5 checksum:  9237680 d075e9c49135899645dff57bc58d6233

  Architecture independent components:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.2.1-2woody2_all.deb
      Size/MD5 checksum:  1962362 e881e3b62e524dcfd36fc20624939ab5

  Alpha architecture:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_alpha.deb
      Size/MD5 checksum:  1816268 50ac206e7e3493b672014f6ecc70010d
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_alpha.deb
      Size/MD5 checksum:   319026 130d19aee5351f6411c8af835ddbf7bc
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_alpha.deb
      Size/MD5 checksum:   386660 ec7f4c9403549db4664722aea7e68f3d
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_alpha.deb
      Size/MD5 checksum:   539598 426361b14677071337cda4782720b7e1

  ARM architecture:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_arm.deb
      Size/MD5 checksum:  1599594 2bb62ee39fdb23117a668a42efbf61e0
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_arm.deb
      Size/MD5 checksum:   284670 b570f4e391beba66b94bed46e238b210
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_arm.deb
      Size/MD5 checksum:   340194 279f464364be344e21122cefbb409e49
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_arm.deb
      Size/MD5 checksum:   509944 2997e961cad38ebaed1462885a33964e

  Intel IA-32 architecture:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_i386.deb
      Size/MD5 checksum:  1550462 57b8949853a7b1b85b91c40e0ff6f50f
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_i386.deb
      Size/MD5 checksum:   280466 d0322e0e9297ed7f93e742c3a7c87e3e
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_i386.deb
      Size/MD5 checksum:   329492 a499acbee40aee5044a9777f6f208cf0
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_i386.deb
      Size/MD5 checksum:   495648 4cbe718afd5717d2b463a799a7963c48

  Intel IA-64 architecture:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_ia64.deb
      Size/MD5 checksum:  2091424 ae4a192a487d27d92365905e6b6a140c
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_ia64.deb
      Size/MD5 checksum:   362760 2f369d4f74f31c0ee49f253ace0ba341
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_ia64.deb
      Size/MD5 checksum:   434010 97aa15eaf45c8126455410832aace650
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_ia64.deb
      Size/MD5 checksum:   554460 cc2b261cbc7d74395955787538ee1be4

  HP Precision architecture:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_hppa.deb
      Size/MD5 checksum:  1825936 d4123b1fb38be1b5f590c7647ac67d09
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_hppa.deb
      Size/MD5 checksum:   303976 2ed721a638cc122e9df2c7c8d9c3136c
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_hppa.deb
      Size/MD5 checksum:   371292 eca7dda3a5770e9559431c91591bd011
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_hppa.deb
      Size/MD5 checksum:   523432 39037260439d1a0e7657057081b025ac

  Motorola 680x0 architecture:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_m68k.deb
      Size/MD5 checksum:  1582574 0821e366132154d678a265eb905fafea
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_m68k.deb
      Size/MD5 checksum:   269228 4f0d8a52aab71f35ed927ecb8b459a04
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_m68k.deb
      Size/MD5 checksum:   324506 defc39e7b301a0e8e3eaa31e95f44bd1
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_m68k.deb
      Size/MD5 checksum:   489576 d0e07f1c808bcea4b079ee666af89e18

  Big endian MIPS architecture:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_mips.deb
      Size/MD5 checksum:  1749892 038f144371c532a7054310ebafc0fabf
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_mips.deb
      Size/MD5 checksum:   293452 5f2933c441851dc091e5fd3689883333
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_mips.deb
      Size/MD5 checksum:   343074 88123045ac6311fcaf75a04123d99a11
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_mips.deb
      Size/MD5 checksum:   514694 87275f4241190fef029bd5550b1bc60f

  Little endian MIPS architecture:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_mipsel.deb
      Size/MD5 checksum:  1661496 549f289431252de4a3f568e70ea239aa
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_mipsel.deb
      Size/MD5 checksum:   293778 cd3985f57d9146bf029e8b1341305ba3
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_mipsel.deb
      Size/MD5 checksum:   342846 27b7dc830124cd7172da925d2cd41a28
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_mipsel.deb
      Size/MD5 checksum:   511992 ce6368fcf94ea24f99b03ed966ae3a1b

  PowerPC architecture:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_powerpc.deb
      Size/MD5 checksum:  1700298 110f547a75ef7e029cf0a85f6d0371b4
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_powerpc.deb
      Size/MD5 checksum:   287804 89157efe96d18948dc2be1e3197c6ce8
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_powerpc.deb
      Size/MD5 checksum:   341156 62010d6c0229a9be34dfadba6d596a27
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_powerpc.deb
      Size/MD5 checksum:   510338 62a64b00fa3d6778684e9d09ea1a7184

  IBM S/390 architecture:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_s390.deb
      Size/MD5 checksum:  1655658 338ea4946f02a733a5847fa21691a69b
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_s390.deb
      Size/MD5 checksum:   281394 7d1dd1d5cc597d0a4cd3ce4fce711c1f
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_s390.deb
      Size/MD5 checksum:   337208 cbecafbcf64329be5f1427c1dfd53611
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_s390.deb
      Size/MD5 checksum:   500784 b96c9bc7ef7f7f6af453c97bc1847c3d

  Sun Sparc architecture:

     http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_sparc.deb
      Size/MD5 checksum:  1671132 f7ce98738c9fffd61d249b25e85e64d4
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_sparc.deb
      Size/MD5 checksum:   288190 ed62e7c92a30fd818e4758ab5c37ceaa
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_sparc.deb
      Size/MD5 checksum:   370490 7416f29f108b2583a040c0211d2050ac
     http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_sparc.deb
      Size/MD5 checksum:   501558 8c0f2688e7cdc815c49b88a2772c3ceb

  Please note that all python source packages produce more binary
  packages than the ones listed above.  They are not relevant for the
  fixed problems, though.

  These files will probably be moved into the stable distribution on
  its next revision.

---------------------------------------------------------------------------------
For apt-get: deb  http://security.debian.org/ stable/updates main
For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says
What a hacker can learn about your life from the coffee shop’s Wi-Fi network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.