LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: postgresql Buffer overflow vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Mandrake Two bugs were discovered that lead to a buffer overflow in PostgreSQL versions 7.2.x and 7.3.x prior to 7.3.4, in the abstract data type (ADT) to ASCII conversion functions.

_______________________________________________________________________

                Mandrake Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           postgresql
 Advisory ID:            MDKSA-2003:102
 Date:                   November 3rd, 2003

 Affected versions:	 9.0, 9.1, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Two bugs were discovered that lead to a buffer overflow in PostgreSQL
 versions 7.2.x and 7.3.x prior to 7.3.4, in the abstract data type
 (ADT) to ASCII conversion functions.  It is believed that, under the
 right circumstances, an attacker may use this vulnerability to execute
 arbitrary instructions on the PostgreSQL server.
 
 The provided packages are patched to protect against this vulnerability
 and all users are encouraged to upgrade immediately.
 _______________________________________________________________________

 References:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0901
 ______________________________________________________________________

 Updated Packages:
  
 Corporate Server 2.1:
 e591fb89bc43fa4e3291fcbad6930b87  corporate/2.1/RPMS/libecpg3-7.3.2-5.1.91mdk.i586.rpm
 fc37cce6f829431760ad4fe41f7ce7e8  corporate/2.1/RPMS/libecpg3-devel-7.3.2-5.1.91mdk.i586.rpm
 c44e0efc8911fb99e6538f9360585dc4  corporate/2.1/RPMS/libpgtcl2-7.3.2-5.1.91mdk.i586.rpm
 c99df3f7ef1728b83f41190fc8b2ed69  corporate/2.1/RPMS/libpgtcl2-devel-7.3.2-5.1.91mdk.i586.rpm
 0350a36703d64f82fc699c570de7001c  corporate/2.1/RPMS/postgresql-7.3.2-5.1.91mdk.i586.rpm
 8ecd3c833e2d2c82156430720e13288d  corporate/2.1/RPMS/postgresql-contrib-7.3.2-5.1.91mdk.i586.rpm
 7f38bdfe7eed73ab4deaa760335a5e71  corporate/2.1/RPMS/postgresql-devel-7.3.2-5.1.91mdk.i586.rpm
 cc73137d6fb5df9ecb01d5607ff60bd2  corporate/2.1/RPMS/postgresql-docs-7.3.2-5.1.91mdk.i586.rpm
 a26beb15e34660b662b2a509a9336210  corporate/2.1/RPMS/postgresql-jdbc-7.3.2-5.1.91mdk.i586.rpm
 426ec9323b240d4baa987bca6f34c479  corporate/2.1/RPMS/postgresql-pl-7.3.2-5.1.91mdk.i586.rpm
 60ea7e82f346e47b037ba9a4fd97d7b1  corporate/2.1/RPMS/postgresql-python-7.3.2-5.1.91mdk.i586.rpm
 474cf9a61e66fc7743da7495946271eb  corporate/2.1/RPMS/postgresql-server-7.3.2-5.1.91mdk.i586.rpm
 cbdb2a4e89600e44fbaa85c51b9a0ca0  corporate/2.1/RPMS/postgresql-tcl-7.3.2-5.1.91mdk.i586.rpm
 c6ab57bacda6b7770bd613703c7e7c15  corporate/2.1/RPMS/postgresql-test-7.3.2-5.1.91mdk.i586.rpm
 d46e26ad5f8efd7e49fad3245ffecd16  corporate/2.1/SRPMS/postgresql-7.3.2-5.1.91mdk.src.rpm

 Corporate Server 2.1/x86_64:
 9b118c47e0f9cc0dcbe91a9e92f81cb1  x86_64/corporate/2.1/RPMS/libecpg3-7.2.2-1.3.90mdk.x86_64.rpm
 ef17c82488728f298052822179b0c34d  x86_64/corporate/2.1/RPMS/libpgperl-7.2.2-1.3.90mdk.x86_64.rpm
 eb9c5b84b0e03f187c116fadc974025c  x86_64/corporate/2.1/RPMS/libpgsql2-7.2.2-1.3.90mdk.x86_64.rpm
 c8fecbd885139bcac04ad71c5762be49  x86_64/corporate/2.1/RPMS/libpgsqlodbc0-7.2.2-1.3.90mdk.x86_64.rpm
 548f94d43874529e048368b9d49d3ce1  x86_64/corporate/2.1/RPMS/libpgtcl2-7.2.2-1.3.90mdk.x86_64.rpm
 0757a33d172bb8def5a29067a68b54ab  x86_64/corporate/2.1/RPMS/postgresql-7.2.2-1.3.90mdk.x86_64.rpm
 bd1287ccfbd9973759cce48beb706be2  x86_64/corporate/2.1/RPMS/postgresql-contrib-7.2.2-1.3.90mdk.x86_64.rpm
 1306c8ff9c0de7e2fd5796c50237f050  x86_64/corporate/2.1/RPMS/postgresql-devel-7.2.2-1.3.90mdk.x86_64.rpm
 beeb75b19b8b7925ba67bd5f56846965  x86_64/corporate/2.1/RPMS/postgresql-docs-7.2.2-1.3.90mdk.x86_64.rpm
 6bd74df5d69b585c64de76c1bd169f3c  x86_64/corporate/2.1/RPMS/postgresql-jdbc-7.2.2-1.3.90mdk.x86_64.rpm
 eded9d9a28250cce394cd18df653dbe9  x86_64/corporate/2.1/RPMS/postgresql-python-7.2.2-1.3.90mdk.x86_64.rpm
 ef142fb51b35731705a94e23ffba0a3b  x86_64/corporate/2.1/RPMS/postgresql-server-7.2.2-1.3.90mdk.x86_64.rpm
 1374a773ebdbed4a2f7fb7d41c3a3937  x86_64/corporate/2.1/RPMS/postgresql-tcl-7.2.2-1.3.90mdk.x86_64.rpm
 32d910684f0a27b43c484e3309548b08  x86_64/corporate/2.1/RPMS/postgresql-test-7.2.2-1.3.90mdk.x86_64.rpm
 8495e1f801b8a7b0005ff7da6ece7e8f  x86_64/corporate/2.1/RPMS/postgresql-tk-7.2.2-1.3.90mdk.x86_64.rpm
 d46e26ad5f8efd7e49fad3245ffecd16  x86_64/corporate/2.1/SRPMS/postgresql-7.3.2-5.1.91mdk.src.rpm

 Mandrake Linux 9.0:
 6a95df30a5e67c53918e13793b999072  9.0/RPMS/libecpg3-7.2.2-1.3.90mdk.i586.rpm
 3880f5b78ae7485a92cc6caf53ac79ca  9.0/RPMS/libpgperl-7.2.2-1.3.90mdk.i586.rpm
 86912355e0159e3eb3fba11e4986bb89  9.0/RPMS/libpgsql2-7.2.2-1.3.90mdk.i586.rpm
 7ceadd1df64b5a71d002ce502404cfd5  9.0/RPMS/libpgsqlodbc0-7.2.2-1.3.90mdk.i586.rpm
 de0a42de1d67237a217621aebeaac23e  9.0/RPMS/libpgtcl2-7.2.2-1.3.90mdk.i586.rpm
 5a09ccc7f4d77bc4d6662b5c962a749e  9.0/RPMS/postgresql-7.2.2-1.3.90mdk.i586.rpm
 5826549584227abcb371c0fcac60cc7d  9.0/RPMS/postgresql-contrib-7.2.2-1.3.90mdk.i586.rpm
 08d68115b57763a6674a35658ae797b7  9.0/RPMS/postgresql-devel-7.2.2-1.3.90mdk.i586.rpm
 c1d41fedb26f6fafb15bc72fbf36333d  9.0/RPMS/postgresql-docs-7.2.2-1.3.90mdk.i586.rpm
 5df0861eb5e19252dc0488925b656df1  9.0/RPMS/postgresql-jdbc-7.2.2-1.3.90mdk.i586.rpm
 a2ce4314a7b182daa924e4962bf3f23d  9.0/RPMS/postgresql-python-7.2.2-1.3.90mdk.i586.rpm
 9cea38e106a59f3094fb4494cefe731f  9.0/RPMS/postgresql-server-7.2.2-1.3.90mdk.i586.rpm
 52530986f54aa49f2db9e0fc7308b21a  9.0/RPMS/postgresql-tcl-7.2.2-1.3.90mdk.i586.rpm
 ef10371c4cb0a8af78752b9a97a527eb  9.0/RPMS/postgresql-test-7.2.2-1.3.90mdk.i586.rpm
 3208e32653aa0c9be90f02c2aeb30584  9.0/RPMS/postgresql-tk-7.2.2-1.3.90mdk.i586.rpm
 0e06ca7aef72f902b9f21096913f9830  9.0/SRPMS/postgresql-7.2.2-1.3.90mdk.src.rpm

 Mandrake Linux 9.1:
 e591fb89bc43fa4e3291fcbad6930b87  9.1/RPMS/libecpg3-7.3.2-5.1.91mdk.i586.rpm
 fc37cce6f829431760ad4fe41f7ce7e8  9.1/RPMS/libecpg3-devel-7.3.2-5.1.91mdk.i586.rpm
 c44e0efc8911fb99e6538f9360585dc4  9.1/RPMS/libpgtcl2-7.3.2-5.1.91mdk.i586.rpm
 c99df3f7ef1728b83f41190fc8b2ed69  9.1/RPMS/libpgtcl2-devel-7.3.2-5.1.91mdk.i586.rpm
 a9b79c6d8bbb645cebb05aff478e866e  9.1/RPMS/libpq3-7.3.2-5.1.91mdk.i586.rpm
 83d05170aefcf19f33ed4abe6fd36fb4  9.1/RPMS/libpq3-devel-7.3.2-5.1.91mdk.i586.rpm
 0350a36703d64f82fc699c570de7001c  9.1/RPMS/postgresql-7.3.2-5.1.91mdk.i586.rpm
 8ecd3c833e2d2c82156430720e13288d  9.1/RPMS/postgresql-contrib-7.3.2-5.1.91mdk.i586.rpm
 7f38bdfe7eed73ab4deaa760335a5e71  9.1/RPMS/postgresql-devel-7.3.2-5.1.91mdk.i586.rpm
 cc73137d6fb5df9ecb01d5607ff60bd2  9.1/RPMS/postgresql-docs-7.3.2-5.1.91mdk.i586.rpm
 a26beb15e34660b662b2a509a9336210  9.1/RPMS/postgresql-jdbc-7.3.2-5.1.91mdk.i586.rpm
 426ec9323b240d4baa987bca6f34c479  9.1/RPMS/postgresql-pl-7.3.2-5.1.91mdk.i586.rpm
 60ea7e82f346e47b037ba9a4fd97d7b1  9.1/RPMS/postgresql-python-7.3.2-5.1.91mdk.i586.rpm
 474cf9a61e66fc7743da7495946271eb  9.1/RPMS/postgresql-server-7.3.2-5.1.91mdk.i586.rpm
 cbdb2a4e89600e44fbaa85c51b9a0ca0  9.1/RPMS/postgresql-tcl-7.3.2-5.1.91mdk.i586.rpm
 c6ab57bacda6b7770bd613703c7e7c15  9.1/RPMS/postgresql-test-7.3.2-5.1.91mdk.i586.rpm
 d46e26ad5f8efd7e49fad3245ffecd16  9.1/SRPMS/postgresql-7.3.2-5.1.91mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

   http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by MandrakeSoft for security.  You can obtain
 the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrake Linux at:

   http://www.mandrakesecure.net/en/advisories/

 MandrakeSoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

   http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google Releases Open Source Tool for Testing Web App Security Scanners
Most Targeted Attacks Exploit Privileged Accounts
NotCompable sets new standards for mobile botnet sophistication
Hands on with Caine Linux: Pentesting and UEFI compatible
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.