TSLSA-2005-0015 - postgresql

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: TSLSA-2005-0015 - postgresql
From: Trustix Security Advisor <tsl@xxxxxxxxxxx>
Date: Mon, 25 Apr 2005 17:17:59 +0200
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mutt/1.4.2.1i

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2005-0015

Package name:      postgresql
Summary:           Buffer overflows
Date:              2005-04-25
Affected versions: Trustix Secure Linux 2.1
                   Trustix Secure Linux 2.2
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
   PostgreSQL is an advanced Object-Relational database management system
   (DBMS) that supports almost all SQL constructs (including
   transactions, subselects and user-defined types and functions). The
   postgresql package includes the client programs and libraries that
   you'll need to access a PostgreSQL DBMS server.  These PostgreSQL
   client programs are programs that directly manipulate the internal
   structure of PostgreSQL databases on a PostgreSQL server. These client
   programs can be located on the same machine with the PostgreSQL
   server, or may be on a remote machine which accesses a PostgreSQL
   server over a network connection. This package contains the docs
   in HTML for the whole package, as well as command-line utilities for
   managing PostgreSQL databases on a PostgreSQL server.


Problem description:
  From the CVE entry:
  Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier
  may allow attackers to execute arbitrary code via 
  (1) a large number of variables in a SQL statement being handled by the
      read_sql_construct function, 
  (2) a large number of INTO variables in a SELECT statement being handled
      by the make_select_stmt function, 
  (3) a large number of arbitrary variables in a SELECT statement being
      handled by the make_select_stmt function, and 
  (4) a large number of INTO variables in a FETCH statement being handled
      by the make_fetch_stmt function, a different set of vulnerabilities
      than CAN-2005-0245.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2005-0247 to this issue.


Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.1/> and
  <URI:http://www.trustix.org/errata/trustix-2.2/>
  or directly at
  <URI:http://www.trustix.org/errata/2005/0015/>


MD5sums of the packages:
- --------------------------------------------------------------------------
ae97590cbbfaf9ddb499df4b7ff8a724  2.2/rpms/postgresql-8.0.2-1tr.i586.rpm
96bd050e6c13f95783bbb14db1b7f823  
2.2/rpms/postgresql-contrib-8.0.2-1tr.i586.rpm385f140f0f0ed8afd4a50f4fc0e7168c  
2.2/rpms/postgresql-devel-8.0.2-1tr.i586.rpm
47d777b28ca7fd9d6d1f6d70bdeee1bd  2.2/rpms/postgresql-docs-8.0.2-1tr.i586.rpm
e21977a6c00ce833535f87dd83a2cb81  2.2/rpms/postgresql-libs-8.0.2-1tr.i586.rpm
0fb04aefeefebfb7b605e89df69decf6  2.2/rpms/postgresql-plperl-8.0.2-1tr.i586.rpm
6246eaa848f220d26a42d038e5d279a5  2.2/rpms/postgresql-python-8.0.2-1tr.i586.rpm
6c62ac731ebb66bad7918071b09c502f  2.2/rpms/postgresql-server-8.0.2-1tr.i586.rpm
3c6cd09af1e3a5da689e5ac8ee7312e6  2.2/rpms/postgresql-test-8.0.2-1tr.i586.rpm

fc12e7b85fcf0203181746fb68464d4b  2.1/rpms/postgresql-7.4.7-2tr.i586.rpm
bb112681b6c053ee79da62fd78381b06  
2.1/rpms/postgresql-contrib-7.4.7-2tr.i586.rpm79c6ce642a138572f9bdc8ddc1c281a5  
2.1/rpms/postgresql-devel-7.4.7-2tr.i586.rpm
bd95677c56aa3121478591b75c0136b5  2.1/rpms/postgresql-docs-7.4.7-2tr.i586.rpm
47341fb3293df9adb831ed62dc04cacd  2.1/rpms/postgresql-libs-7.4.7-2tr.i586.rpm
0088b2bc60c155058abe33e1961a4218  2.1/rpms/postgresql-plperl-7.4.7-2tr.i586.rpm
5860f3f6a307f82fe0873cb02cf555ee  2.1/rpms/postgresql-python-7.4.7-2tr.i586.rpm
75d4cff5f7137f4fe7868d40e43dee75  2.1/rpms/postgresql-server-7.4.7-2tr.i586.rpm
a23c22e957cc5a55fb9ded24d96d83ec  2.1/rpms/postgresql-test-7.4.7-2tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCbQXci8CEzsK9IksRApscAJ4+E8t4VcXl7EUv5XOs61EY1Ui6owCgj5QC
/n/9Rn4G4xLsjL2OcwM3rio=
=qvtm
-----END PGP SIGNATURE-----

Prev by Date: Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted
Next by Date: [SNS Advisory No.80] nProtect:Netizen Arbitrary File Download Vulnerability
Previous by thread: E-Cart v1.1 Remote Command Execution
Next by thread: [SNS Advisory No.80] nProtect:Netizen Arbitrary File Download Vulnerability
Index(es):
- Date
- Thread