LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 29th, 2014
Linux Security Week: August 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: PostgreSQL multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Mandrake There are multiple vulnerabilities in PostgreSQL package.

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           postgresql
Advisory ID:            MDKSA-2002:062-1
Date:                   February 11th, 2003
Original Advisory Date: October 1st, 2002
Affected versions:      7.2, 8.0, 8.1, 8.2, 9.0,
                        Single Network Firewall 7.2
________________________________________________________________________

Problem Description:

 Vulnerabilities were discovered in the Postgresql relational database
 by Mordred Labs.  These vulnerabilities are buffer overflows in the
 rpad(), lpad(), repeat(), and cash_words() functions.  The Postgresql
 developers also fixed a buffer overflow in functions that deal with
 time/date and timezone.
 
 Finally, more buffer overflows were discovered by Mordred Labs in the
 7.2.2 release that are currently only fixed in CVS.  These buffer
 overflows exist in the circle_poly(), path_encode(), and path_addr()
 functions.
 
 In order for these vulnerabilities to be exploited, an attacker must be
 able to query the server somehow.  However, this cannot directly lead
 to root privilege because the server runs as the postgresql user.
 
 Prior to upgrading, users should dump their database and retain it as
 backup.  You can dump the database by using:
 
   $ pg_dumpall > db.out
 
 If you need to restore from the backup, you can do so by using:
 
   $ psql -f db.out template1
  
Update:

 The previous update missed a few small fixes, including a buffer overflow
 in the cash_words() function that allows local users to cause a DoS and
 possibly execute arbitrary code via a malformed argument in Postgresql 7.2
 and earlier.  As well, buffer overflows in the TZ and SET TIME ZONE 
 environment variables for Postgresql 7.2.1 and earlier can allow local
 users to cause a DoS and possibly execute arbitrary code.
________________________________________________________________________

References:
  
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0972
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1397
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1398
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1400
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1401
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1402
   http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php
   http://online.securityfocus.com/archive/1/288036
   http://online.securityfocus.com/archive/1/288305
   http://online.securityfocus.com/archive/1/288334
________________________________________________________________________

Updated Packages:
  
 Linux-Mandrake 7.2:
 16f6ad77e613d9c69eb953711ecae596  7.2/RPMS/postgresql-7.0.2-6.2mdk.i586.rpm
 fe299c787297a701c70be0c59698107c  7.2/RPMS/postgresql-devel-7.0.2-6.2mdk.i586.rpm
 a29d7d45e6e344b5a62a19b24820ee6d  7.2/RPMS/postgresql-jdbc-7.0.2-6.2mdk.i586.rpm
 1b298b043a3f7da08d119d5acc831e43  7.2/RPMS/postgresql-odbc-7.0.2-6.2mdk.i586.rpm
 bd40b3b65086aba62dc2fb85cc14de07  7.2/RPMS/postgresql-perl-7.0.2-6.2mdk.i586.rpm
 f11d2a8bb7e7b885bcdeddddf96fa8b2  7.2/RPMS/postgresql-python-7.0.2-6.2mdk.i586.rpm
 09bd4bd5ba414ddb8f29dd6cd17d7437  7.2/RPMS/postgresql-server-7.0.2-6.2mdk.i586.rpm
 66dcfa74038a5ea2c182f0a656539a13  7.2/RPMS/postgresql-tcl-7.0.2-6.2mdk.i586.rpm
 042c9b97cfbc766307c397430c44df9a  7.2/RPMS/postgresql-test-7.0.2-6.2mdk.i586.rpm
 e8e59f5ce6276887da8d99d93f6bed32  7.2/RPMS/postgresql-tk-7.0.2-6.2mdk.i586.rpm
 7994b32ad704c1eca1d826526c539cc7  7.2/SRPMS/postgresql-7.0.2-6.2mdk.src.rpm

 Mandrake Linux 8.0:
 bf2acc64035b1821d1b17dbe2bfc5f8f  8.0/RPMS/postgresql-7.0.3-12.3mdk.i586.rpm
 66f2658ccb68c3f7dec5a8b994a42afc  8.0/RPMS/postgresql-devel-7.0.3-12.3mdk.i586.rpm
 a522ab7fa208235c17509400f6ee5a6c  8.0/RPMS/postgresql-jdbc-7.0.3-12.3mdk.i586.rpm
 63073956e8e6792c541799e5a38789cb  8.0/RPMS/postgresql-odbc-7.0.3-12.3mdk.i586.rpm
 a2c32ed4effbb69e2c0f912d7068d1c0  8.0/RPMS/postgresql-perl-7.0.3-12.3mdk.i586.rpm
 593ba7e87e72a89fa068eecfdc76dae5  8.0/RPMS/postgresql-python-7.0.3-12.3mdk.i586.rpm
 d2903a4ed75679749713f1ccb50a0325  8.0/RPMS/postgresql-server-7.0.3-12.3mdk.i586.rpm
 3f23db200a658c5b08044f0efb9583b5  8.0/RPMS/postgresql-tcl-7.0.3-12.3mdk.i586.rpm
 6f493533534e68d6e56a4714d2eff81e  8.0/RPMS/postgresql-test-7.0.3-12.3mdk.i586.rpm
 644f165ad06cd62a309548298981d1e9  8.0/RPMS/postgresql-tk-7.0.3-12.3mdk.i586.rpm
 2b918a143b51a306ca9132233373c5d0  8.0/SRPMS/postgresql-7.0.3-12.3mdk.src.rpm

 Mandrake Linux 8.0/PPC:
 cb7745ab7ec608ac796ff55cf516884f  ppc/8.0/RPMS/postgresql-7.0.3-12.3mdk.ppc.rpm
 a55c4d8c2e97abd9ada72015c367f753  ppc/8.0/RPMS/postgresql-devel-7.0.3-12.3mdk.ppc.rpm
 006c7fb46d4cf62a40209bee1e4bdca5  ppc/8.0/RPMS/postgresql-jdbc-7.0.3-12.3mdk.ppc.rpm
 a3392a4a27443edea9059a38512518c8  ppc/8.0/RPMS/postgresql-odbc-7.0.3-12.3mdk.ppc.rpm
 709d9eeeb484099ba65551a41219ec7f  ppc/8.0/RPMS/postgresql-perl-7.0.3-12.3mdk.ppc.rpm
 edfe27d1661db92a6511b4541bd40949  ppc/8.0/RPMS/postgresql-python-7.0.3-12.3mdk.ppc.rpm
 c7c22eb21bfc0cff2f3b28873e967730  ppc/8.0/RPMS/postgresql-server-7.0.3-12.3mdk.ppc.rpm
 904006be899f6105cc888b212118ae5d  ppc/8.0/RPMS/postgresql-tcl-7.0.3-12.3mdk.ppc.rpm
 1a2d2f042788dd15cbf4d43e9c64064c  ppc/8.0/RPMS/postgresql-test-7.0.3-12.3mdk.ppc.rpm
 6e90a4031efd1f01185914f4de72e5ae  ppc/8.0/RPMS/postgresql-tk-7.0.3-12.3mdk.ppc.rpm
 2b918a143b51a306ca9132233373c5d0  ppc/8.0/SRPMS/postgresql-7.0.3-12.3mdk.src.rpm

 Mandrake Linux 8.1:
 97de10790f301b68eaca59c697809ea9  8.1/RPMS/postgresql-7.1.2-19.3mdk.i586.rpm
 aec70115c9cc02624434b093c5d90c5c  8.1/RPMS/postgresql-contrib-7.1.2-19.3mdk.i586.rpm
 6ab2d88eb5fee0c693bfe6d471f97e20  8.1/RPMS/postgresql-devel-7.1.2-19.3mdk.i586.rpm
 4754eb788df84d946d08d289436010dd  8.1/RPMS/postgresql-docs-7.1.2-19.3mdk.i586.rpm
 025457b3aaa43d490fed74dbdd72eb9f  8.1/RPMS/postgresql-jdbc-7.1.2-19.3mdk.i586.rpm
 676676267be42eccb12c58f597f00e58  8.1/RPMS/postgresql-libs-7.1.2-19.3mdk.i586.rpm
 d496dd85e2ff5c9461b62e03182331fd  8.1/RPMS/postgresql-odbc-7.1.2-19.3mdk.i586.rpm
 a1eed5f8fcca84191468ec9cd30a2aae  8.1/RPMS/postgresql-perl-7.1.2-19.3mdk.i586.rpm
 07966ec3c52708ad9fb24998a39cc397  8.1/RPMS/postgresql-plperl-7.1.2-19.3mdk.i586.rpm
 57ba9c81df82ff486031dbd0fd04e87c  8.1/RPMS/postgresql-python-7.1.2-19.3mdk.i586.rpm
 43964e8e013e88312505d437cc36e775  8.1/RPMS/postgresql-server-7.1.2-19.3mdk.i586.rpm
 a6b24839a25edae67cd89b23640c5e13  8.1/RPMS/postgresql-tcl-7.1.2-19.3mdk.i586.rpm
 57cc51dca34fc289790432f975c529b3  8.1/RPMS/postgresql-test-7.1.2-19.3mdk.i586.rpm
 268c76eb7fe37063b550309e3a1cbdb2  8.1/RPMS/postgresql-tk-7.1.2-19.3mdk.i586.rpm
 9bd07818ed29d3a4805881102b738cfa  8.1/SRPMS/postgresql-7.1.2-19.3mdk.src.rpm

 Mandrake Linux 8.1/IA64:
 a0ab2205f1fe47bad88cea600916b871  ia64/8.1/RPMS/postgresql-7.1.2-19.3mdk.ia64.rpm
 5844b3344d57af2e330865e9031c0d4b  ia64/8.1/RPMS/postgresql-contrib-7.1.2-19.3mdk.ia64.rpm
 40225b5838c33029bd8cf5d6f276e22f  ia64/8.1/RPMS/postgresql-devel-7.1.2-19.3mdk.ia64.rpm
 d5d0543a93d1c071375c1c07c5d5c33f  ia64/8.1/RPMS/postgresql-docs-7.1.2-19.3mdk.ia64.rpm
 dc4665e113e696ef8a30a3ef9257681e  ia64/8.1/RPMS/postgresql-jdbc-7.1.2-19.3mdk.ia64.rpm
 6c993e445bed97e3b1f8bb053ac4ff60  ia64/8.1/RPMS/postgresql-libs-7.1.2-19.3mdk.ia64.rpm
 ef7a7ca8460e4b2de3beb7a551cc3d76  ia64/8.1/RPMS/postgresql-odbc-7.1.2-19.3mdk.ia64.rpm
 1f67a742649c0bc6efc64f6803681a27  ia64/8.1/RPMS/postgresql-perl-7.1.2-19.3mdk.ia64.rpm
 0be4a57073b651d366866317370e3c54  ia64/8.1/RPMS/postgresql-plperl-7.1.2-19.3mdk.ia64.rpm
 1332ad74b2abd3b5b028f501e115b3e0  ia64/8.1/RPMS/postgresql-python-7.1.2-19.3mdk.ia64.rpm
 ed4cb3a263eb1d0507ab1cb29a15dc37  ia64/8.1/RPMS/postgresql-server-7.1.2-19.3mdk.ia64.rpm
 f30c087b1cd9aeddcdb0acee64d42437  ia64/8.1/RPMS/postgresql-tcl-7.1.2-19.3mdk.ia64.rpm
 3dba7af5b1f92c088f69f234480f3755  ia64/8.1/RPMS/postgresql-test-7.1.2-19.3mdk.ia64.rpm
 50b000869e5058323e790ecb18049f75  ia64/8.1/RPMS/postgresql-tk-7.1.2-19.3mdk.ia64.rpm
 9bd07818ed29d3a4805881102b738cfa  ia64/8.1/SRPMS/postgresql-7.1.2-19.3mdk.src.rpm

 Mandrake Linux 8.2:
 8b27c79afbd8fd32def0eb6feb6c0d9a  8.2/RPMS/libecpg3-7.2-12.2mdk.i586.rpm
 595cec2baf3b71d4fac9de920c7fabfa  8.2/RPMS/libpgperl-7.2-12.2mdk.i586.rpm
 d52d7e7bab94d255c2a304acdef87789  8.2/RPMS/libpgsql2-7.2-12.2mdk.i586.rpm
 5dc506936db8e32a08ec4249c1814d81  8.2/RPMS/libpgsqlodbc0-7.2-12.2mdk.i586.rpm
 949789c4c0569cf79a3652ba294057d2  8.2/RPMS/libpgtcl2-7.2-12.2mdk.i586.rpm
 389afb26bcbe82dd0db84d6179749b1e  8.2/RPMS/postgresql-7.2-12.2mdk.i586.rpm
 84a443bce98bf8872e25a844f2602b2c  8.2/RPMS/postgresql-contrib-7.2-12.2mdk.i586.rpm
 6646a6461dd3654ed6cf51968512360c  8.2/RPMS/postgresql-devel-7.2-12.2mdk.i586.rpm
 902851489c741dfefef18de2c1263ba0  8.2/RPMS/postgresql-docs-7.2-12.2mdk.i586.rpm
 0e305d02c5ef1420a3fcd158e84deab6  8.2/RPMS/postgresql-jdbc-7.2-12.2mdk.i586.rpm
 d3d9b5dd8277178d4c98ad108676488c  8.2/RPMS/postgresql-python-7.2-12.2mdk.i586.rpm
 0fdcedbdcdd1d780c5799c02620b5539  8.2/RPMS/postgresql-server-7.2-12.2mdk.i586.rpm
 f5233fd92501b37120730155a7497a21  8.2/RPMS/postgresql-tcl-7.2-12.2mdk.i586.rpm
 ac1badad8cc870e8613435c8e7e9d432  8.2/RPMS/postgresql-test-7.2-12.2mdk.i586.rpm
 f5f2ac87de0cd373c9a8a208cf60f004  8.2/RPMS/postgresql-tk-7.2-12.2mdk.i586.rpm
 14f6696f5d41104d0d10c27e1f3d7988  8.2/SRPMS/postgresql-7.2-12.2mdk.src.rpm

 Mandrake Linux 8.2/PPC:
 77d6ccc120c67b6178014a328b427130  ppc/8.2/RPMS/libecpg3-7.2-12.2mdk.ppc.rpm
 426a2b8e85d929f2ab4a732d24ea3955  ppc/8.2/RPMS/libpgperl-7.2-12.2mdk.ppc.rpm
 061df62587ce1b164e045becf6da1a29  ppc/8.2/RPMS/libpgsql2-7.2-12.2mdk.ppc.rpm
 1f1b2696c7a42f8069d7a8df999bd1d2  ppc/8.2/RPMS/libpgsqlodbc0-7.2-12.2mdk.ppc.rpm
 1a851295e15c4c5419998b8d036cac62  ppc/8.2/RPMS/libpgtcl2-7.2-12.2mdk.ppc.rpm
 155cfe5d55f3e584e85095232961cf6d  ppc/8.2/RPMS/postgresql-7.2-12.2mdk.ppc.rpm
 e493b4aaceff78671e9a65c2dd776ea7  ppc/8.2/RPMS/postgresql-contrib-7.2-12.2mdk.ppc.rpm
 08d0e66b0d0565dcfa1adb632c07c730  ppc/8.2/RPMS/postgresql-devel-7.2-12.2mdk.ppc.rpm
 21904a35b8076be3bad3187af15a1440  ppc/8.2/RPMS/postgresql-docs-7.2-12.2mdk.ppc.rpm
 ccc669f434df60024c8f2cf1d53be994  ppc/8.2/RPMS/postgresql-jdbc-7.2-12.2mdk.ppc.rpm
 cc50d01c305bb5bc418a99d94546728e  ppc/8.2/RPMS/postgresql-python-7.2-12.2mdk.ppc.rpm
 9b510ff074a190cdeace20a006948566  ppc/8.2/RPMS/postgresql-server-7.2-12.2mdk.ppc.rpm
 2c655f88c1683a644f97dfbf0ddb4a2f  ppc/8.2/RPMS/postgresql-tcl-7.2-12.2mdk.ppc.rpm
 b31814cf01ba11f63e44d66b99797392  ppc/8.2/RPMS/postgresql-test-7.2-12.2mdk.ppc.rpm
 6eb3d839bbef278b0e6435143c714c02  ppc/8.2/RPMS/postgresql-tk-7.2-12.2mdk.ppc.rpm
 14f6696f5d41104d0d10c27e1f3d7988  ppc/8.2/SRPMS/postgresql-7.2-12.2mdk.src.rpm

 Mandrake Linux 9.0:
 47e6da609c810370ab03e7e1ffc5d259  9.0/RPMS/libecpg3-7.2.2-1.2mdk.i586.rpm
 e68a0b313fd8e375faaa0b7623c3a2c2  9.0/RPMS/libpgperl-7.2.2-1.2mdk.i586.rpm
 2e3f2bf4fb815d7eb694980fa6d08dfe  9.0/RPMS/libpgsql2-7.2.2-1.2mdk.i586.rpm
 4221bc2f2e6eade8fe61a42a365f99fb  9.0/RPMS/libpgsqlodbc0-7.2.2-1.2mdk.i586.rpm
 937337453a19394face29b862019141b  9.0/RPMS/libpgtcl2-7.2.2-1.2mdk.i586.rpm
 dbed9918b4b03ed654c5b018b4d756b2  9.0/RPMS/postgresql-7.2.2-1.2mdk.i586.rpm
 4fd6458ba68949755de443fa19c3b673  9.0/RPMS/postgresql-contrib-7.2.2-1.2mdk.i586.rpm
 faf3650ff3bfae6e52a7bca8f16ec43a  9.0/RPMS/postgresql-devel-7.2.2-1.2mdk.i586.rpm
 a09cae1efa38d5efd579545e120e14e4  9.0/RPMS/postgresql-docs-7.2.2-1.2mdk.i586.rpm
 5363320a91e676f5e18973d1a7f32047  9.0/RPMS/postgresql-jdbc-7.2.2-1.2mdk.i586.rpm
 8aea657a4e8539e4d8736c1ad4128f43  9.0/RPMS/postgresql-python-7.2.2-1.2mdk.i586.rpm
 05cbcb2c82942dba3e80f0cd6d77c217  9.0/RPMS/postgresql-server-7.2.2-1.2mdk.i586.rpm
 2e695048467212f7274fa26b2d283169  9.0/RPMS/postgresql-tcl-7.2.2-1.2mdk.i586.rpm
 bf3aa4c250e9e69c017c50b145623b5a  9.0/RPMS/postgresql-test-7.2.2-1.2mdk.i586.rpm
 10bdfd1c9db6651b76d1f91893193b2f  9.0/RPMS/postgresql-tk-7.2.2-1.2mdk.i586.rpm
 a61a0c2d5d5c223860f50302e7dbdb93  9.0/SRPMS/postgresql-7.2.2-1.2mdk.src.rpm

 Single Network Firewall 7.2:
 16f6ad77e613d9c69eb953711ecae596  snf7.2/RPMS/postgresql-7.0.2-6.2mdk.i586.rpm
 7994b32ad704c1eca1d826526c539cc7  snf7.2/SRPMS/postgresql-7.0.2-6.2mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:

   http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:

  rpm --checksig 

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:

  https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

   http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

   http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
How Cops and Hackers Could Abuse California’s New Phone Kill-Switch Law
Why Russian hackers are beating us
DQ Breach? HQ Says No, But Would it Know?
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.