Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: postgresql-8.1 vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu USN-369-1 fixed three minor PostgreSQL 8.1 vulnerabilities for Ubuntu 6.06 LTS. This update provides the corresponding update for Ubuntu 6.10.
Ubuntu Security Notice USN-369-2          November 01, 2006
postgresql-8.1 vulnerabilities
CVE-2006-5540, CVE-2006-5541, CVE-2006-5542

A security issue affects the following Ubuntu releases:

Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:
  postgresql-8.1                           8.1.4-7ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-369-1 fixed three minor PostgreSQL 8.1 vulnerabilities for Ubuntu 6.06 LTS.
This update provides the corresponding update for Ubuntu 6.10.

Original advisory details:

  Michael Fuhr discovered an incorrect type check when handling unknown
  literals. By attempting to coerce such a literal to the ANYARRAY type,
  a local authenticated attacker could cause a server crash. (CVE-2006-5541)
  Josh Drake and Alvaro Herrera reported a crash when using aggregate
  functions in UPDATE statements. A local authenticated attacker could
  exploit this to crash the server backend. This update disables this
  construct, since it is not very well defined and forbidden by the SQL
  standard. (CVE-2006-5540)
  Sergey Koposov discovered a flaw in the duration logging. This could
  cause a server crash under certain circumstances. (CVE-2006-5542)
  Please note that these flaws can usually not be exploited through web
  and other applications that use a database and are exposed to
  untrusted input, so these flaws do not pose a threat in usual setups.

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:    52401 af21a893e2947a1e467d5e98663031e7
      Size/MD5:     1176 04b8d59e5fdb061ebc2a0b1e86c4220d
      Size/MD5: 11312643 c6554a0ef948ab2b18b617954e1788fe

  Architecture independent packages:
      Size/MD5:  1442056 4263930dd4391fd81944a82c372f3cba

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   152924 5fb69c85456514e2f78072efc3956ec0
      Size/MD5:   344912 a34d581ae43ce95f0758f3128d2c07e5
      Size/MD5:   173428 733938955a0112fb6fedc835f5456052
      Size/MD5:   175450 5412a17f17d49c3090cb7fcbcc136e7b
      Size/MD5:   312606 3b5e8a5d6cffa8b48f82575458503d22
      Size/MD5:   206680 559c766535f53918647783563d797582
      Size/MD5:  3256168 a0bbda514074cd42271529eb07e94ecd
      Size/MD5:   769328 3323f21f5fd11c660e74e0b2a3d480f6
      Size/MD5:   619156 08c3d6be3fa11d19eccdbb9986e659d4
      Size/MD5:   169362 d5cec1f551207e2e734bf6fab2317ef9
      Size/MD5:   163748 b99d7a9fafcfd3e8b616ef1f483c4da9
      Size/MD5:   164056 17bb99f0f7ab3edf2391271d64e0feda
      Size/MD5:   596412 1d3f23de9e73e3f3c97b2532d7b4c5c8

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   152234 5ec67e24a0c39547dd1a4594f43c9ba2
      Size/MD5:   342026 a3628ec749e0d789575496d8ef383a31
      Size/MD5:   172122 21c2f681f5c623d65d8a8a83ca5ee4fe
      Size/MD5:   175124 547e40b4cdb2fb8f6c01a443b21a9edb
      Size/MD5:   305840 49c8db9e9ee18d99ce45c1b4cc64c3b6
      Size/MD5:   202648 e02cd0e97ea04f3ed9808562cdd61b16
      Size/MD5:  3155738 8b8a255cfc36bb6207d4972d30114c4f
      Size/MD5:   739926 42db79545ef912384d45a9e321aa7889
      Size/MD5:   587552 7b3612cd963fd40b7626f19940f5cc85
      Size/MD5:   168202 da95c00f91be43d6c4651144fd5d78ce
      Size/MD5:   161630 f781234805909d6efabcd1e0ec42bfc5
      Size/MD5:   163002 76e987350cb8feb799663e0b72c77a4f
      Size/MD5:   596394 460bfba660947b82c1616353d5171e96

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   153756 f269e9370aa649d122994aa7907104b5
      Size/MD5:   339348 af5a24b146f61084c6b94b796d3a653a
      Size/MD5:   174288 5142ebdd438cf151e0f405ff4855f2dc
      Size/MD5:   178260 0d0a813c48e899bb9cff5a41a8398fbd
      Size/MD5:   308032 c11439a9a23ead70ddb60fd1b2264003
      Size/MD5:   204732 019d45db40122878bd2f64e25b58702f
      Size/MD5:  3555700 d07b565f5be335ff6761da96b7d88f26
      Size/MD5:   779658 251e7a8eed17c33eb868dcf0018970d7
      Size/MD5:   639686 bea4a0e9f449f75f56554c79f252e9fd
      Size/MD5:   169106 16226facd3e893b889cb72eb9e8df42c
      Size/MD5:   163948 d9996a974e94652834ca4c1d1df5013d
      Size/MD5:   165024 2df3b4f4878f006eec5ce7305672d752
      Size/MD5:   596432 d35808efc5c022dab90461e0dccfccca

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   151610 d7e6bb8c226664538a41c05bd8efcc80
      Size/MD5:   335088 b0309c99b0f904414afaf29e27ef4aa0
      Size/MD5:   171724 474c5c7903229f404bc042d00910fe34
      Size/MD5:   173454 dcd4fc4f2550bf80130fb7e1b02da2b4
      Size/MD5:   305174 268c509165f58d3ef83491e49cfbdda2
      Size/MD5:   201412 d5e3d6dcca7b83ba18a90da314443c26
      Size/MD5:  3482382 515aaee1feeda7549efb2543cf30b167
      Size/MD5:   754506 cc62cd3ba7ecb37f88a0a13abb0c7a49
      Size/MD5:   598348 fb2b4f26146e27d75c2ed580f2b59be0
      Size/MD5:   167762 69bfb050570fc151fb2d251855ded8f4
      Size/MD5:   162366 4a38b861e8eb528bc4e96e1f64b27a04
      Size/MD5:   163042 68c9e99678283f3b2cf0f73db8b845e2
      Size/MD5:   596424 5a9b3e7626e3664578060f8292199f62

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
MongoDB Patches Remote Denial-of-Service Vulnerability
DDoS Attack Against GitHub Continues After More Than Four Days
5 keys to hiring security talent
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.