=========================================================== Ubuntu Security Notice USN-79-1 February 10, 2005 postgresql vulnerabilities CAN-2005-0244 CAN-2005-0245 CAN-2005-0246 CAN-2005-0247 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: postgresql postgresql-contrib The problem can be corrected by upgrading the affected package to version 7.4.5-3ubuntu0.4. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: The execution of custom PostgreSQL functions can be restricted with the EXECUTE privilege. However, previous versions did not check this privilege when executing a function which was part of an aggregate. As a result, any database user could circumvent the EXECUTE restriction of functions with a particular (but very common) parameter structure by creating an aggregate wrapper around the function. (CAN-2005-0244) Several buffer overflows have been discovered in the SQL parser. These could be exploited by any database user to crash the PostgreSQL server or execute arbitrary code with the privileges of the server. (CAN-2005-0245, CAN-2005-0247) Finally, this update fixes a Denial of Service vulnerability of the contributed "intagg" module. By constructing specially crafted arrays, a database user was able to corrupt and crash the PostgreSQL server. (CAN-2005-0246). Please note that this module is part of the "postgresql-contrib" package, which is not officially supported by Ubuntu. Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.4.diff.gz Size/MD5: 147348 eb787b982a2fce502e8c1c7aa55c3576 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.4.dsc Size/MD5: 991 30358e2ea343002967cf2f3213b9d1a2 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5.orig.tar.gz Size/MD5: 9895913 a295885a36ed8e7ec7a7e887218ceabc Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-doc_7.4.5-3ubuntu0.4_all.deb Size/MD5: 2256436 1c9ed621c3ac0dc2a00b26c58d2a3c07 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.5-3ubuntu0.4_amd64.deb Size/MD5: 206808 1e9bc9dc3cdc1cf79c9ef599ce265cba http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.5-3ubuntu0.4_amd64.deb Size/MD5: 91246 5533e6428b30d353bf3526be2829f4f2 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.5-3ubuntu0.4_amd64.deb Size/MD5: 48944 73a24322ee5588d75bdea7a516df6f77 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.5-3ubuntu0.4_amd64.deb Size/MD5: 73842 4f0fdbc694b096f09382c65dfb4dd206 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5-3ubuntu0.4_amd64.deb Size/MD5: 115736 958218a2a2b8a0dcf0dd6fa770d56b3d http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.5-3ubuntu0.4_amd64.deb Size/MD5: 518388 b0379cca9944bb2c6982d2f17d279052 http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.5-3ubuntu0.4_amd64.deb Size/MD5: 624558 b79caefd6810cc614417932482bd522e http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.5-3ubuntu0.4_amd64.deb Size/MD5: 509454 f474b7a6266e89277cbfa61f163b71fd http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.4_amd64.deb Size/MD5: 3880354 5702813c84b8ed415f84b6256a6b04f6 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.5-3ubuntu0.4_i386.deb Size/MD5: 194924 6c938748460c8fcd7b5d37a394263600 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.5-3ubuntu0.4_i386.deb Size/MD5: 85752 157dd27476e72f60ee01735801904956 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.5-3ubuntu0.4_i386.deb Size/MD5: 47926 b7abfc71a11e604732b6773bce037eac http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.5-3ubuntu0.4_i386.deb Size/MD5: 70730 8f25f953703068cc97924c339a5232b8 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5-3ubuntu0.4_i386.deb Size/MD5: 108982 a786da05d2d92418550c108b2565d40d http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.5-3ubuntu0.4_i386.deb Size/MD5: 492222 589dff2665eadeb0ea4c2920e5d63a95 http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.5-3ubuntu0.4_i386.deb Size/MD5: 577778 4a37c5989e0c7bc2ddf31d0e1be7017e http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.5-3ubuntu0.4_i386.deb Size/MD5: 502618 68eabd4e511edbc839a33c1b5f549760 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.4_i386.deb Size/MD5: 3703434 70665efa7b0e107fced12f1dafcceea6 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.5-3ubuntu0.4_powerpc.deb Size/MD5: 203326 4bff9a2f466eeb420a2598479e1863d7 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.5-3ubuntu0.4_powerpc.deb Size/MD5: 92782 3ed41b6926e9ce5291d85a180f10ac2b http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.5-3ubuntu0.4_powerpc.deb Size/MD5: 48680 e82965a2ab2066257c50313d00e73ccd http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.5-3ubuntu0.4_powerpc.deb Size/MD5: 77338 805f090c7abb09954b0f64c55dae69f6 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5-3ubuntu0.4_powerpc.deb Size/MD5: 109990 2f6a558821fb44058992821a38d3c620 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.5-3ubuntu0.4_powerpc.deb Size/MD5: 511140 7c6f178d64f49f1e9761dba7be2a421a http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.5-3ubuntu0.4_powerpc.deb Size/MD5: 636722 4781ee88b2c58c8eb25921a86b21f4b0 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.5-3ubuntu0.4_powerpc.deb Size/MD5: 506202 1133027e8da57b754ae1ff21d79e923a http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.4_powerpc.deb Size/MD5: 4103732 6af566d887140b80873568c649ac852a
Attachment:
signature.asc
Description: Digital signature