
---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated PostgreSQL packages fix buffer overrun vulnerabilities
Advisory ID:       RHSA-2003:010-10
Issue date:        2003-01-14
Updated on:        2003-01-14
Product:           Red Hat Linux
Keywords:          PostgreSQL datetime lpad rpad multibyte
Cross references:  RHSA-2002:301 RHSA-2003:001
Obsoletes:         
CVE Names:         CAN-2002-0972 CAN-2002-1397 CAN-2002-1398 CAN-2002-1400 CAN-2002-1401 CAN-2002-1402
---------------------------------------------------------------------

1. Topic:

Updated PostgreSQL packages are available for Red Hat Linux 6.2, 7, 7.1,
and 7.2 where we have backported a number of security fixes.  A separate
advisory  deals with updated PostgreSQL packages for Red Hat Linux 7.3 and 8.0.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - i386
Red Hat Linux 7.0 - i386
Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64

3. Problem description:

PostgreSQL is an advanced Object-Relational database management system
(DBMS).  A number of security issues have been found that affect PostgreSQL
versions shipped with Red Hat Linux.  

Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of
service and possibly execute arbitrary code via long arguments to the lpad
or rpad functions. CAN-2002-0972

Buffer overflow in the cash_words() function for PostgreSQL 7.2 and
earlier allows local users to cause a denial of service and possibly
execute arbitrary code via a malformed argument.  CAN-2002-1397

Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows
attackers to cause a denial of service and possibly execute arbitrary
code via a long date string, also known as a vulnerability "in handling
long datetime input."  CAN-2002-1398

Heap-based buffer overflow in the repeat() function for PostgreSQL
before 7.2.2 allows attackers to execute arbitrary code by causing
repeat() to generate a large string.  CAN-2002-1400

Buffer overflows in circle_poly, path_encode and path_add allow attackersto cause a denial of service and possibly execute arbitrary code.   Note
that these issues have been fixed in our packages and in PostgreSQL CVS,
but are not included in PostgreSQL version 7.2.2 or 7.2.3.  CAN-2002-1401

Buffer overflows in the TZ and SET TIME ZONE enivronment variables for
PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service
and possibly execute arbitrary code.  CAN-2002-1402

Note that these vulnerabilities are only critical on open or shared systems
because connecting to the database is required before the vulnerabilities
can be exploited.

The PostgreSQL Global Development Team has released versions of PostgreSQL
that fixes these vulnerabilities, and these fixes have been isolated and
backported to the various versions of PostgreSQL that originally shipped
with each Red Hat Linux distribution.  All users of  PostgreSQL are advised
to install these updated packages.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Please note that this update is available via Red Hat Network.  To use Red
Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Note that no initdb will be necessary from previous PostgreSQL packages.

5. RPMs required:

Red Hat Linux 6.2:

SRPMS: 
 

i386: 
  
  
  
  
  
  
  
  
 

Red Hat Linux 7.0:

SRPMS: 
 

i386: 
  
  
  
  
  
  
  
  
 

Red Hat Linux 7.1:

SRPMS: 
 

i386: 
  
  
  
  
  
  
  
  
 

Red Hat Linux 7.2:

SRPMS: 
 

i386: 
  
  
  
  
  
  
  
  
  
  
  
 

ia64: 
  
  
  
  
  
  
  
  
  
  
  
 



6. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
732b8eae39abc767f205a1b3cf16ab77 6.2/en/os/SRPMS/postgresql-6.5.3-7.3.src.rpm
e7409539b4793a88f6ca068c67ad930a 6.2/en/os/i386/postgresql-6.5.3-7.3.i386.rpm
8af6a1d62449e06d397bf4996a3f510e 6.2/en/os/i386/postgresql-devel-6.5.3-7.3.i386.rpm
110007dd317f9b1ae7b0554c1713e3a4 6.2/en/os/i386/postgresql-jdbc-6.5.3-7.3.i386.rpm
17dcc19ff76f273110fbac5a0208e512 6.2/en/os/i386/postgresql-odbc-6.5.3-7.3.i386.rpm
971bc763d760f8b115fba9298521e96a 6.2/en/os/i386/postgresql-perl-6.5.3-7.3.i386.rpm
b24f8d7e80ee9ab3c8e373adab507256 6.2/en/os/i386/postgresql-python-6.5.3-7.3.i386.rpm
3024dd8f8628b7af20218d6f3891d2ec 6.2/en/os/i386/postgresql-server-6.5.3-7.3.i386.rpm
6616e93a6b7a29930aa8414d812beb24 6.2/en/os/i386/postgresql-tcl-6.5.3-7.3.i386.rpm
194d0ce61f98f52dd1baf56bbd6443a8 6.2/en/os/i386/postgresql-test-6.5.3-7.3.i386.rpm
ac0d75c27ebcd36170f63c60e037f489 7.0/en/os/SRPMS/postgresql-7.0.2-18.2.src.rpm
40f699d6f548c6a90a46f3e85feba1ee 7.0/en/os/i386/postgresql-7.0.2-18.2.i386.rpm
ef2087d781505c3c038d8b24bed94540 7.0/en/os/i386/postgresql-devel-7.0.2-18.2.i386.rpm
4e6ce0a5abff847f96203a1c5b61c8ec 7.0/en/os/i386/postgresql-jdbc-7.0.2-18.2.i386.rpm
3cb5ff6e810db8fdcf249f5b150c5d22 7.0/en/os/i386/postgresql-odbc-7.0.2-18.2.i386.rpm
fa4a04603929c41c9f27f6db6c13e840 7.0/en/os/i386/postgresql-perl-7.0.2-18.2.i386.rpm
3c3b41c7138aa0c33817324f91296127 7.0/en/os/i386/postgresql-python-7.0.2-18.2.i386.rpm
83e81d641b6fb1d803579d35bd1bcb72 7.0/en/os/i386/postgresql-server-7.0.2-18.2.i386.rpm
c6423d569bfed888052c2d8089b6831f 7.0/en/os/i386/postgresql-tcl-7.0.2-18.2.i386.rpm
3bd6a70af12569f7664191e6822059cc 7.0/en/os/i386/postgresql-tk-7.0.2-18.2.i386.rpm
92251aabd8b1e84d14e318914f3a5d2d 7.1/en/os/SRPMS/postgresql-7.0.3-9.2.src.rpm
dcb353615e8f57e389f48f3e4bf26bc8 7.1/en/os/i386/postgresql-7.0.3-9.2.i386.rpm
e73b9ebc33c2d007abbf10cc50db591e 7.1/en/os/i386/postgresql-devel-7.0.3-9.2.i386.rpm
ed79953de3b1af9a27834376456cd4b7 7.1/en/os/i386/postgresql-jdbc-7.0.3-9.2.i386.rpm
3f4ee5dcefb0719a34e89fb036820399 7.1/en/os/i386/postgresql-odbc-7.0.3-9.2.i386.rpm
8e4cfea0f12eaed1294d923982581c2e 7.1/en/os/i386/postgresql-perl-7.0.3-9.2.i386.rpm
612dadb4b08805f2a4b661b4e43be923 7.1/en/os/i386/postgresql-python-7.0.3-9.2.i386.rpm
569cf3720c28f1971d6d090ca65da993 7.1/en/os/i386/postgresql-server-7.0.3-9.2.i386.rpm
5f3137d3ce73e129abbbd9f1b4d5541b 7.1/en/os/i386/postgresql-tcl-7.0.3-9.2.i386.rpm
f358ff4687c07cb82d9264af8ae79a91 7.1/en/os/i386/postgresql-tk-7.0.3-9.2.i386.rpm
27ec75858d8f15e4333c78ca816186dc 7.2/en/os/SRPMS/postgresql-7.1.3-4bp.2.src.rpm
88ca89fd6c48d158604cb19c4721b8fb 7.2/en/os/i386/postgresql-7.1.3-4bp.2.i386.rpm
673229fe4d65ad583213fbad4199921a 7.2/en/os/i386/postgresql-contrib-7.1.3-4bp.2.i386.rpm
901624d92faeadbc56597a465e23313a 7.2/en/os/i386/postgresql-devel-7.1.3-4bp.2.i386.rpm
31008741d14629a520c99db5c3637f99 7.2/en/os/i386/postgresql-docs-7.1.3-4bp.2.i386.rpm
ada8e8568e3626a2f7355543765e8317 7.2/en/os/i386/postgresql-jdbc-7.1.3-4bp.2.i386.rpm
96062e762166c1990448caf6c3334881 7.2/en/os/i386/postgresql-libs-7.1.3-4bp.2.i386.rpm
f0b3cf36ce4467c0dc4ca5a1e0b78b29 7.2/en/os/i386/postgresql-odbc-7.1.3-4bp.2.i386.rpm
539669074df1afb9d6c7fac0ac51ed3d 7.2/en/os/i386/postgresql-perl-7.1.3-4bp.2.i386.rpm
fa64bdf8c2b2626fcdedbe1def872b01 7.2/en/os/i386/postgresql-python-7.1.3-4bp.2.i386.rpm
67fe5d278a89c5cffb490d5e803390d2 7.2/en/os/i386/postgresql-server-7.1.3-4bp.2.i386.rpm
f4ff49541ccf2cee6ab9f5d72c0a3003 7.2/en/os/i386/postgresql-tcl-7.1.3-4bp.2.i386.rpm
7682e8c17b6658be3cb102f3ddb06fd9 7.2/en/os/i386/postgresql-tk-7.1.3-4bp.2.i386.rpm
04af46f5c9f0cfcd1e4c12c8363bfffd 7.2/en/os/ia64/postgresql-7.1.3-4bp.2.ia64.rpm
f0b512e2da303b9450fc686d50fe8c9a 7.2/en/os/ia64/postgresql-contrib-7.1.3-4bp.2.ia64.rpm
976a6297da982a1c381a2c2edee2f6fe 7.2/en/os/ia64/postgresql-devel-7.1.3-4bp.2.ia64.rpm
90609e955c4a271820be3948b45489f7 7.2/en/os/ia64/postgresql-docs-7.1.3-4bp.2.ia64.rpm
988963a98acd91b25b8eb927229af65b 7.2/en/os/ia64/postgresql-jdbc-7.1.3-4bp.2.ia64.rpm
667849e8e0cd899451b46bd7fad26b59 7.2/en/os/ia64/postgresql-libs-7.1.3-4bp.2.ia64.rpm
0328a3c04aba598d48251ccd2816498a 7.2/en/os/ia64/postgresql-odbc-7.1.3-4bp.2.ia64.rpm
aea10ae95c6e2f3c319f16fabc2023eb 7.2/en/os/ia64/postgresql-perl-7.1.3-4bp.2.ia64.rpm
228a329364b0cff9a2517042527907fe 7.2/en/os/ia64/postgresql-python-7.1.3-4bp.2.ia64.rpm
bbe6bee4fdec718afb57e94d7410795a 7.2/en/os/ia64/postgresql-server-7.1.3-4bp.2.ia64.rpm
9ca311fbdbe517743e98d78fd3e90fc6 7.2/en/os/ia64/postgresql-tcl-7.1.3-4bp.2.ia64.rpm
ad36915a19a545d10197976b6753bd28 7.2/en/os/ia64/postgresql-tk-7.1.3-4bp.2.ia64.rpm


These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at  About

You can verify each package with the following command:
    
    rpm --checksig -v 

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum 


7. References:
 
PostgreSQL 7.2.2: Security Release [LWN.net] 
http://marc.theaimsgroup.com/?l=postgresql-announce&m=103062536330644 
http://marc.theaimsgroup.com/?l=bugtraq&m=102978152712430 
http://marc.theaimsgroup.com/?l=bugtraq&m=102987306029821 
http://marc.theaimsgroup.com/?l=postgresql-general&m=102995302604086 
  
  
  
CVE -CVE-2002-0972 
CVE -CVE-2002-1397 
CVE -CVE-2002-1398 
CVE -CVE-2002-1400 
CVE -CVE-2002-1401 
CVE -CVE-2002-1402

8. Contact:

The Red Hat security contact is <security@RedHat.com>.  More contact
details at  All Red Hat products

Copyright 2003 Red Hat, Inc.



_______________________________________________
Red Hat-watch-list mailing list
To unsubscribe, visit: https://listman.RedHat.com/mailman/listinfo/RedHat-watch-list

RedHat: PostgreSQL data loss vulnerability

PostgreSQL versions 7.2.1 and 7.2.2 contain a serious issue with the VACUUM command when it is run by a non-superuser.

Summary

PostgreSQL is an advanced Object-Relational database management system(DBMS). A number of security issues have been found that affect PostgreSQLversions shipped with Red Hat Linux. Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial ofservice and possibly execute arbitrary code via long arguments to the lpador rpad functions. CAN-2002-0972Buffer overflow in the cash_words() function for PostgreSQL 7.2 andearlier allows local users to cause a denial of service and possiblyexecute arbitrary code via a malformed argument. CAN-2002-1397Buffer overflow in the date parser for PostgreSQL before 7.2.2 allowsattackers to cause a denial of service and possibly execute arbitrarycode via a long date string, also known as a vulnerability "in handlinglong datetime input." CAN-2002-1398Heap-based buffer overflow in the repeat() function for PostgreSQLbefore 7.2.2 allows attackers to execute arbitrary code by causingrepeat() to generate a large string. CAN-2002-1400Buffer overflows in circle_poly, path_encode and path_add allow attackersto cause a denial of service and possibly execute arbitrary code. Notethat these issues have been fixed in our packages and in PostgreSQL CVS,but are not included in PostgreSQL version 7.2.2 or 7.2.3. CAN-2002-1401Buffer overflows in the TZ and SET TIME ZONE enivronment variables forPostgreSQL 7.2.1 and earlier allow local users to cause a denial of serviceand possibly execute arbitrary code. CAN-2002-1402Note that these vulnerabilities are only critical on open or shared systemsbecause connecting to the database is required before the vulnerabilitiescan be exploited.The PostgreSQL Global Development Team has released versions of PostgreSQLthat fixes these vulnerabilities, and these fixes have been isolated andbackported to the various versions of PostgreSQL that originally shippedwith each Red Hat Linux distribution. All users of PostgreSQL are advisedto install these updated packages.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
Note that no initdb will be necessary from previous PostgreSQL packages.
5. RPMs required:
Red Hat Linux 6.2:
SRPMS:

i386:

Red Hat Linux 7.0:
SRPMS:

i386:

Red Hat Linux 7.1:
SRPMS:

i386:

Red Hat Linux 7.2:
SRPMS:

i386:

ia64:

6. Verification:
MD5 sum Package Name 732b8eae39abc767f205a1b3cf16ab77 6.2/en/os/SRPMS/postgresql-6.5.3-7.3.src.rpm e7409539b4793a88f6ca068c67ad930a 6.2/en/os/i386/postgresql-6.5.3-7.3.i386.rpm 8af6a1d62449e06d397bf4996a3f510e 6.2/en/os/i386/postgresql-devel-6.5.3-7.3.i386.rpm 110007dd317f9b1ae7b0554c1713e3a4 6.2/en/os/i386/postgresql-jdbc-6.5.3-7.3.i386.rpm 17dcc19ff76f273110fbac5a0208e512 6.2/en/os/i386/postgresql-odbc-6.5.3-7.3.i386.rpm 971bc763d760f8b115fba9298521e96a 6.2/en/os/i386/postgresql-perl-6.5.3-7.3.i386.rpm b24f8d7e80ee9ab3c8e373adab507256 6.2/en/os/i386/postgresql-python-6.5.3-7.3.i386.rpm 3024dd8f8628b7af20218d6f3891d2ec 6.2/en/os/i386/postgresql-server-6.5.3-7.3.i386.rpm 6616e93a6b7a29930aa8414d812beb24 6.2/en/os/i386/postgresql-tcl-6.5.3-7.3.i386.rpm 194d0ce61f98f52dd1baf56bbd6443a8 6.2/en/os/i386/postgresql-test-6.5.3-7.3.i386.rpm ac0d75c27ebcd36170f63c60e037f489 7.0/en/os/SRPMS/postgresql-7.0.2-18.2.src.rpm 40f699d6f548c6a90a46f3e85feba1ee 7.0/en/os/i386/postgresql-7.0.2-18.2.i386.rpm ef2087d781505c3c038d8b24bed94540 7.0/en/os/i386/postgresql-devel-7.0.2-18.2.i386.rpm 4e6ce0a5abff847f96203a1c5b61c8ec 7.0/en/os/i386/postgresql-jdbc-7.0.2-18.2.i386.rpm 3cb5ff6e810db8fdcf249f5b150c5d22 7.0/en/os/i386/postgresql-odbc-7.0.2-18.2.i386.rpm fa4a04603929c41c9f27f6db6c13e840 7.0/en/os/i386/postgresql-perl-7.0.2-18.2.i386.rpm 3c3b41c7138aa0c33817324f91296127 7.0/en/os/i386/postgresql-python-7.0.2-18.2.i386.rpm 83e81d641b6fb1d803579d35bd1bcb72 7.0/en/os/i386/postgresql-server-7.0.2-18.2.i386.rpm c6423d569bfed888052c2d8089b6831f 7.0/en/os/i386/postgresql-tcl-7.0.2-18.2.i386.rpm 3bd6a70af12569f7664191e6822059cc 7.0/en/os/i386/postgresql-tk-7.0.2-18.2.i386.rpm 92251aabd8b1e84d14e318914f3a5d2d 7.1/en/os/SRPMS/postgresql-7.0.3-9.2.src.rpm dcb353615e8f57e389f48f3e4bf26bc8 7.1/en/os/i386/postgresql-7.0.3-9.2.i386.rpm e73b9ebc33c2d007abbf10cc50db591e 7.1/en/os/i386/postgresql-devel-7.0.3-9.2.i386.rpm ed79953de3b1af9a27834376456cd4b7 7.1/en/os/i386/postgresql-jdbc-7.0.3-9.2.i386.rpm 3f4ee5dcefb0719a34e89fb036820399 7.1/en/os/i386/postgresql-odbc-7.0.3-9.2.i386.rpm 8e4cfea0f12eaed1294d923982581c2e 7.1/en/os/i386/postgresql-perl-7.0.3-9.2.i386.rpm 612dadb4b08805f2a4b661b4e43be923 7.1/en/os/i386/postgresql-python-7.0.3-9.2.i386.rpm 569cf3720c28f1971d6d090ca65da993 7.1/en/os/i386/postgresql-server-7.0.3-9.2.i386.rpm 5f3137d3ce73e129abbbd9f1b4d5541b 7.1/en/os/i386/postgresql-tcl-7.0.3-9.2.i386.rpm f358ff4687c07cb82d9264af8ae79a91 7.1/en/os/i386/postgresql-tk-7.0.3-9.2.i386.rpm 27ec75858d8f15e4333c78ca816186dc 7.2/en/os/SRPMS/postgresql-7.1.3-4bp.2.src.rpm 88ca89fd6c48d158604cb19c4721b8fb 7.2/en/os/i386/postgresql-7.1.3-4bp.2.i386.rpm 673229fe4d65ad583213fbad4199921a 7.2/en/os/i386/postgresql-contrib-7.1.3-4bp.2.i386.rpm 901624d92faeadbc56597a465e23313a 7.2/en/os/i386/postgresql-devel-7.1.3-4bp.2.i386.rpm 31008741d14629a520c99db5c3637f99 7.2/en/os/i386/postgresql-docs-7.1.3-4bp.2.i386.rpm ada8e8568e3626a2f7355543765e8317 7.2/en/os/i386/postgresql-jdbc-7.1.3-4bp.2.i386.rpm 96062e762166c1990448caf6c3334881 7.2/en/os/i386/postgresql-libs-7.1.3-4bp.2.i386.rpm f0b3cf36ce4467c0dc4ca5a1e0b78b29 7.2/en/os/i386/postgresql-odbc-7.1.3-4bp.2.i386.rpm 539669074df1afb9d6c7fac0ac51ed3d 7.2/en/os/i386/postgresql-perl-7.1.3-4bp.2.i386.rpm fa64bdf8c2b2626fcdedbe1def872b01 7.2/en/os/i386/postgresql-python-7.1.3-4bp.2.i386.rpm 67fe5d278a89c5cffb490d5e803390d2 7.2/en/os/i386/postgresql-server-7.1.3-4bp.2.i386.rpm f4ff49541ccf2cee6ab9f5d72c0a3003 7.2/en/os/i386/postgresql-tcl-7.1.3-4bp.2.i386.rpm 7682e8c17b6658be3cb102f3ddb06fd9 7.2/en/os/i386/postgresql-tk-7.1.3-4bp.2.i386.rpm 04af46f5c9f0cfcd1e4c12c8363bfffd 7.2/en/os/ia64/postgresql-7.1.3-4bp.2.ia64.rpm f0b512e2da303b9450fc686d50fe8c9a 7.2/en/os/ia64/postgresql-contrib-7.1.3-4bp.2.ia64.rpm 976a6297da982a1c381a2c2edee2f6fe 7.2/en/os/ia64/postgresql-devel-7.1.3-4bp.2.ia64.rpm 90609e955c4a271820be3948b45489f7 7.2/en/os/ia64/postgresql-docs-7.1.3-4bp.2.ia64.rpm 988963a98acd91b25b8eb927229af65b 7.2/en/os/ia64/postgresql-jdbc-7.1.3-4bp.2.ia64.rpm 667849e8e0cd899451b46bd7fad26b59 7.2/en/os/ia64/postgresql-libs-7.1.3-4bp.2.ia64.rpm 0328a3c04aba598d48251ccd2816498a 7.2/en/os/ia64/postgresql-odbc-7.1.3-4bp.2.ia64.rpm aea10ae95c6e2f3c319f16fabc2023eb 7.2/en/os/ia64/postgresql-perl-7.1.3-4bp.2.ia64.rpm 228a329364b0cff9a2517042527907fe 7.2/en/os/ia64/postgresql-python-7.1.3-4bp.2.ia64.rpm bbe6bee4fdec718afb57e94d7410795a 7.2/en/os/ia64/postgresql-server-7.1.3-4bp.2.ia64.rpm 9ca311fbdbe517743e98d78fd3e90fc6 7.2/en/os/ia64/postgresql-tcl-7.1.3-4bp.2.ia64.rpm ad36915a19a545d10197976b6753bd28 7.2/en/os/ia64/postgresql-tk-7.1.3-4bp.2.ia64.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at About
You can verify each package with the following command:
rpm --checksig -v
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:
md5sum

References

PostgreSQL 7.2.2: Security Release [LWN.net] http://marc.theaimsgroup.com/?l=postgresql-announce&m=103062536330644 http://marc.theaimsgroup.com/?l=bugtraq&m=102978152712430 http://marc.theaimsgroup.com/?l=bugtraq&m=102987306029821 http://marc.theaimsgroup.com/?l=postgresql-general&m=102995302604086 CVE -CVE-2002-0972 CVE -CVE-2002-1397 CVE -CVE-2002-1398 CVE -CVE-2002-1400 CVE -CVE-2002-1401 CVE -CVE-2002-1402