=========================================================================Ubuntu Security Notice USN-1789-1
April 04, 2013

postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

Several security issues were fixed in PostgreSQL.

Software Description:
- postgresql-9.1: Object-relational SQL database
- postgresql-8.4: Object-relational SQL database
- postgresql-8.3: Object-relational SQL database

Details:

Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL
incorrectly handled certain connection requests containing database names
starting with a dash. A remote attacker could use this flaw to damage or
destroy files within a server's data directory. This issue only applied to
Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2013-1899)

Marko Kreen discovered that PostgreSQL incorrectly generated random
numbers. An authenticated attacker could use this flaw to possibly guess
another database user's random numbers. (CVE-2013-1900)

Noah Misch discovered that PostgreSQL incorrectly handled certain privilege
checks. An unprivileged attacker could use this flaw to possibly interfere
with in-progress backups. This issue only applied to Ubuntu 11.10,
Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2013-1901)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
  postgresql-9.1                  9.1.9-0ubuntu12.10

Ubuntu 12.04 LTS:
  postgresql-9.1                  9.1.9-0ubuntu12.04

Ubuntu 11.10:
  postgresql-9.1                  9.1.9-0ubuntu11.10

Ubuntu 10.04 LTS:
  postgresql-8.4                  8.4.17-0ubuntu10.04

Ubuntu 8.04 LTS:
  postgresql-8.3                  8.3.23-0ubuntu8.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
  https://ubuntu.com/security/notices/USN-1789-1
  CVE-2013-1899, CVE-2013-1900, CVE-2013-1901

Package Information:
  https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.9-0ubuntu12.10
  https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.9-0ubuntu12.04
  https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.9-0ubuntu11.10
  https://launchpad.net/ubuntu/+source/postgresql-8.4/8.4.17-0ubuntu10.04
  https://launchpad.net/ubuntu/+source/postgresql-8.3/8.3.23-0ubuntu8.04.1

Ubuntu 1789-1: PostgreSQL vulnerabilities

April 4, 2013
Several security issues were fixed in PostgreSQL.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: postgresql-9.1 9.1.9-0ubuntu12.10 Ubuntu 12.04 LTS: postgresql-9.1 9.1.9-0ubuntu12.04 Ubuntu 11.10: postgresql-9.1 9.1.9-0ubuntu11.10 Ubuntu 10.04 LTS: postgresql-8.4 8.4.17-0ubuntu10.04 Ubuntu 8.04 LTS: postgresql-8.3 8.3.23-0ubuntu8.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-1789-1

CVE-2013-1899, CVE-2013-1900, CVE-2013-1901

Severity
April 04, 2013

Package Information

https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.9-0ubuntu12.10 https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.9-0ubuntu12.04 https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.9-0ubuntu11.10 https://launchpad.net/ubuntu/+source/postgresql-8.4/8.4.17-0ubuntu10.04 https://launchpad.net/ubuntu/+source/postgresql-8.3/8.3.23-0ubuntu8.04.1

Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved