--------------------------------------------------------------------------- Peachtree Linux Security Notice PLSN-0004 April 20, 2005 Buffer overflow in PL/PGSQL parser allowing database users to run arbitrary code as pgsql user CAN-2005-0245, CAN-2005-0247 --------------------------------------------------------------------------- The following Peachtree Linux releases are affected: Peachtree Linux release 1 ("Atlanta") Description: CAN-2005-0245, CAN-2005-0247: Two buffer overflow vulnerabilities are present in the PL/PGSL parser gram.y which allow anyone with the ability to run SQL statements to execute arbitrary code as the pgsql user. Packages: alpha 1e36e9d2d64e9ff7a85c99a539ab1f61 postgresql-7.4.7.alpha.dist i386 430f9cc3b162bba75bb970e288c80dac postgresql-7.4.7.i686.dist ppc 9e805d9a73becf8da6910ac493bb37a1 postgresql-7.4.7.ppc.dist Solution: Download the appropriate package for your release of Peachtree linux. Upgrade your system to the new package: distadd -u packagename Where package name is the name of the package file from the list above. After installation of the new package, restart any running postgresql services. This new version of postgresql does not change the layout of the database on the filesystem, and therefore does not require a dump/restore. -- Peachtree Linux Security Team http://peachtree.burdell.org/
Attachment:
pgpl2dIb1CMh2.pgp
Description: PGP signature