<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2006:098 ] - Updated postgresql packages fixes SQL injection vulnerabilities.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:098
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : postgresql
 Date    : June 7, 2006
 Affected: 10.2, 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 
 7.3.x before 7.3.15, and earlier versions allows context-dependent 
 attackers to bypass SQL injection protection methods in applications 
 via invalid encodings of multibyte characters, aka one variant of 
 "Encoding-Based SQL Injection." (CVE-2006-2313)
 
 PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 
 7.3.x before 7.3.15, and earlier versions allows context-dependent 
 attackers to bypass SQL injection protection methods in applications 
 that use multibyte encodings that allow the "\" (backslash) byte 0x5c to 
 be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, 
 GB18030, and UHC, which cannot be handled correctly by a client that does 
 not understand multibyte encodings, aka a second variant of "Encoding-Based 
 SQL Injection." NOTE: it could be argued that this is a class of issue 
 related to interaction errors between the client and PostgreSQL, but a 
 CVE has been assigned since PostgreSQL is treating this as a preventative 
 measure against this class of problem. (CVE-2006-2314)
 
 Packages have been patched or updated to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2313
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2314
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 7d7748c7f83651e1a31e111d7da0ffc4  10.2/RPMS/libecpg5-8.0.8-0.1.102mdk.i586.rpm
 4a0e6f957da380bdd548785a069df2fa  
10.2/RPMS/libecpg5-devel-8.0.8-0.1.102mdk.i586.rpm
 7b15c9cf319e0eb6c5160bd6ae2f094c  10.2/RPMS/libpq4-8.0.8-0.1.102mdk.i586.rpm
 b4bc2a4cc570f460b583bedac744655e  
10.2/RPMS/libpq4-devel-8.0.8-0.1.102mdk.i586.rpm
 46f522cbf070062413a59783d185551e  
10.2/RPMS/postgresql-8.0.8-0.1.102mdk.i586.rpm
 cf6d3b66f83c08f9285f05929e44eac0  
10.2/RPMS/postgresql-contrib-8.0.8-0.1.102mdk.i586.rpm
 a213ae15b71714cc7471a475dff69dec  
10.2/RPMS/postgresql-devel-8.0.8-0.1.102mdk.i586.rpm
 a778d339105a4a51d9457cf80758d539  
10.2/RPMS/postgresql-docs-8.0.8-0.1.102mdk.i586.rpm
 c57042c163736aa50ca3f94acdb812b6  
10.2/RPMS/postgresql-jdbc-8.0.8-0.1.102mdk.i586.rpm
 0a3d055bff42d982a28c33c9785c7534  
10.2/RPMS/postgresql-pl-8.0.8-0.1.102mdk.i586.rpm
 c4ce05d84d96ea30f520e03052c2b9af  
10.2/RPMS/postgresql-plperl-8.0.8-0.1.102mdk.i586.rpm
 3fa919d2a099eb4df0b05150b7d9187c  
10.2/RPMS/postgresql-plpgsql-8.0.8-0.1.102mdk.i586.rpm
 557a6ecae7b745bb96117209b00f548c  
10.2/RPMS/postgresql-plpython-8.0.8-0.1.102mdk.i586.rpm
 dba76cc2c9e39a58924a1311ae0d2642  
10.2/RPMS/postgresql-pltcl-8.0.8-0.1.102mdk.i586.rpm
 7087b905bbc1c217dbb3442a6c028f0b  
10.2/RPMS/postgresql-server-8.0.8-0.1.102mdk.i586.rpm
 ff16fa0a010db99ce67994bc94b5536a  
10.2/RPMS/postgresql-test-8.0.8-0.1.102mdk.i586.rpm
 0806b379df8b7c9b955f0bd519cf213f  
10.2/SRPMS/postgresql-8.0.8-0.1.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 5c49f14f6581d8be74619a342c3e2526  
x86_64/10.2/RPMS/lib64ecpg5-8.0.8-0.1.102mdk.x86_64.rpm
 913b509d69a4814d039d662f70af1a9f  
x86_64/10.2/RPMS/lib64ecpg5-devel-8.0.8-0.1.102mdk.x86_64.rpm
 68939e3bea560c1152144adb9ec53c05  
x86_64/10.2/RPMS/lib64pq4-8.0.8-0.1.102mdk.x86_64.rpm
 5c5058a573ff735fbf55f66b36070525  
x86_64/10.2/RPMS/lib64pq4-devel-8.0.8-0.1.102mdk.x86_64.rpm
 870d11274b7e44c0a640254c66186e7d  
x86_64/10.2/RPMS/postgresql-8.0.8-0.1.102mdk.x86_64.rpm
 c0b236b3758bc047c7cb89a1bf2e19cf  
x86_64/10.2/RPMS/postgresql-contrib-8.0.8-0.1.102mdk.x86_64.rpm
 de72f56defe74e0e636b9f9f9a542dda  
x86_64/10.2/RPMS/postgresql-devel-8.0.8-0.1.102mdk.x86_64.rpm
 2335bcdcae87d9210594d1c7e52b5719  
x86_64/10.2/RPMS/postgresql-docs-8.0.8-0.1.102mdk.x86_64.rpm
 d6db4aa274296935a3c52ac4250e097e  
x86_64/10.2/RPMS/postgresql-jdbc-8.0.8-0.1.102mdk.x86_64.rpm
 7309113d835e1facf24f07600ea4e0bb  
x86_64/10.2/RPMS/postgresql-pl-8.0.8-0.1.102mdk.x86_64.rpm
 b6c476b046c1a3c83252210f62b6fa7a  
x86_64/10.2/RPMS/postgresql-plperl-8.0.8-0.1.102mdk.x86_64.rpm
 c79be6051bd388783c067c69cf9784e3  
x86_64/10.2/RPMS/postgresql-plpgsql-8.0.8-0.1.102mdk.x86_64.rpm
 33e9e0047ff25fe0b1d866bb1d2b9043  
x86_64/10.2/RPMS/postgresql-plpython-8.0.8-0.1.102mdk.x86_64.rpm
 13a7c2a73beea45caba038572fb77508  
x86_64/10.2/RPMS/postgresql-pltcl-8.0.8-0.1.102mdk.x86_64.rpm
 54f0c1c62319716d3d6d372162656c0e  
x86_64/10.2/RPMS/postgresql-server-8.0.8-0.1.102mdk.x86_64.rpm
 8ed0ce1d8932b1d1b5e47300cf436ae5  
x86_64/10.2/RPMS/postgresql-test-8.0.8-0.1.102mdk.x86_64.rpm
 0806b379df8b7c9b955f0bd519cf213f  
x86_64/10.2/SRPMS/postgresql-8.0.8-0.1.102mdk.src.rpm

 Mandriva Linux 2006.0:
 2b9e406b4646a1ae6657b1bd0fafe0a3  
2006.0/RPMS/libecpg5-8.0.8-0.1.20060mdk.i586.rpm
 243ddb16f72e02221c2188b0d5b09594  
2006.0/RPMS/libecpg5-devel-8.0.8-0.1.20060mdk.i586.rpm
 10a9c8bce7c1361d2a9e1e213e628e2a  
2006.0/RPMS/libpq4-8.0.8-0.1.20060mdk.i586.rpm
 0ba3382f18b64288b1314fdf337c05ee  
2006.0/RPMS/libpq4-devel-8.0.8-0.1.20060mdk.i586.rpm
 13c88ef9b006a32ce6cccb5e6a20edcf  
2006.0/RPMS/postgresql-8.0.8-0.1.20060mdk.i586.rpm
 04c1e95d8a38ef41ab44d6fd1925cca3  
2006.0/RPMS/postgresql-contrib-8.0.8-0.1.20060mdk.i586.rpm
 e9af4ed2860766dea84f09e97f3238da  
2006.0/RPMS/postgresql-devel-8.0.8-0.1.20060mdk.i586.rpm
 adfdd91733e3aa04d86d25a40a101381  
2006.0/RPMS/postgresql-docs-8.0.8-0.1.20060mdk.i586.rpm
 b49599532eee6d806f644ca833e01217  
2006.0/RPMS/postgresql-jdbc-8.0.8-0.1.20060mdk.i586.rpm
 5ec0d9ce965a5cdad6456d628977c39b  
2006.0/RPMS/postgresql-pl-8.0.8-0.1.20060mdk.i586.rpm
 978c15526ba8a61fef212796ddc61463  
2006.0/RPMS/postgresql-plperl-8.0.8-0.1.20060mdk.i586.rpm
 91830da3acb37b022c4fbdb5836bf632  
2006.0/RPMS/postgresql-plpgsql-8.0.8-0.1.20060mdk.i586.rpm
 cc0f900c787437928f380e645d17d37c  
2006.0/RPMS/postgresql-plpython-8.0.8-0.1.20060mdk.i586.rpm
 3708cb949b4c8603960ed44c9b513df5  
2006.0/RPMS/postgresql-pltcl-8.0.8-0.1.20060mdk.i586.rpm
 696143a0a2883c8ced5437f21c5dbdf2  
2006.0/RPMS/postgresql-server-8.0.8-0.1.20060mdk.i586.rpm
 16d7bdc245d2ce5b1811222bf1c6e360  
2006.0/RPMS/postgresql-test-8.0.8-0.1.20060mdk.i586.rpm
 903a96aaa883cb62f0be8c0ba26d6b0c  
2006.0/SRPMS/postgresql-8.0.8-0.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 3c6c8898c78e75eba130fa873f938535  
x86_64/2006.0/RPMS/lib64ecpg5-8.0.8-0.1.20060mdk.x86_64.rpm
 3e670208f7426f7269a861840e3f442b  
x86_64/2006.0/RPMS/lib64ecpg5-devel-8.0.8-0.1.20060mdk.x86_64.rpm
 4b773b4fcc75c32827e0f0e0ecb77250  
x86_64/2006.0/RPMS/lib64pq4-8.0.8-0.1.20060mdk.x86_64.rpm
 ad28bfc29df3a742724ef29b0d1ba0fd  
x86_64/2006.0/RPMS/lib64pq4-devel-8.0.8-0.1.20060mdk.x86_64.rpm
 538aa8c9317953b6484fd6a190f6d89c  
x86_64/2006.0/RPMS/postgresql-8.0.8-0.1.20060mdk.x86_64.rpm
 c75a24e068fd9405ef942d9c081dcb4f  
x86_64/2006.0/RPMS/postgresql-contrib-8.0.8-0.1.20060mdk.x86_64.rpm
 f7247dc49eb9693eaadb24aa317fd20d  
x86_64/2006.0/RPMS/postgresql-devel-8.0.8-0.1.20060mdk.x86_64.rpm
 442188ad9654ce43eed5f4475bfcb38c  
x86_64/2006.0/RPMS/postgresql-docs-8.0.8-0.1.20060mdk.x86_64.rpm
 936340667b8c25af2a3991361e53b83e  
x86_64/2006.0/RPMS/postgresql-jdbc-8.0.8-0.1.20060mdk.x86_64.rpm
 e9d824016ecb58efffe335c6d26d7f18  
x86_64/2006.0/RPMS/postgresql-pl-8.0.8-0.1.20060mdk.x86_64.rpm
 ddb424def79f631061365d3cbe85ef09  
x86_64/2006.0/RPMS/postgresql-plperl-8.0.8-0.1.20060mdk.x86_64.rpm
 0b6426978856e248528b791652fe880c  
x86_64/2006.0/RPMS/postgresql-plpgsql-8.0.8-0.1.20060mdk.x86_64.rpm
 99ef20d223d5ba314ff90eac22fa4d33  
x86_64/2006.0/RPMS/postgresql-plpython-8.0.8-0.1.20060mdk.x86_64.rpm
 fbce3702380d2ff8eb89e47e792142b0  
x86_64/2006.0/RPMS/postgresql-pltcl-8.0.8-0.1.20060mdk.x86_64.rpm
 9bceb314082b2800a710157cce5b80f9  
x86_64/2006.0/RPMS/postgresql-server-8.0.8-0.1.20060mdk.x86_64.rpm
 540a0e2cb80e4aada968f09633dbbcfc  
x86_64/2006.0/RPMS/postgresql-test-8.0.8-0.1.20060mdk.x86_64.rpm
 903a96aaa883cb62f0be8c0ba26d6b0c  
x86_64/2006.0/SRPMS/postgresql-8.0.8-0.1.20060mdk.src.rpm

 Corporate 3.0:
 cd86a91e81c16b73b56e22795cc75ac1  
corporate/3.0/RPMS/libecpg3-7.4.1-2.6.C30mdk.i586.rpm
 81032809705e397ff92a36473cac3d46  
corporate/3.0/RPMS/libecpg3-devel-7.4.1-2.6.C30mdk.i586.rpm
 8ed7ddb1e22609f94619fb5ebf8f7a58  
corporate/3.0/RPMS/libpgtcl2-7.4.1-2.6.C30mdk.i586.rpm
 e1a85f2ebb03443f752e2ddd1c0b778d  
corporate/3.0/RPMS/libpgtcl2-devel-7.4.1-2.6.C30mdk.i586.rpm
 b0ef1692772d939198d84cccdcfc30da  
corporate/3.0/RPMS/libpq3-7.4.1-2.6.C30mdk.i586.rpm
 f076ba31f6a477b8be7a74f793293770  
corporate/3.0/RPMS/libpq3-devel-7.4.1-2.6.C30mdk.i586.rpm
 be6f85d3fd05ee59f482b90c00e79225  
corporate/3.0/RPMS/postgresql-7.4.1-2.6.C30mdk.i586.rpm
 f4f9b314a43f04c93ba6a456c46eec3f  
corporate/3.0/RPMS/postgresql-contrib-7.4.1-2.6.C30mdk.i586.rpm
 cb0baf3e3b998127640e7c3573eda77b  
corporate/3.0/RPMS/postgresql-devel-7.4.1-2.6.C30mdk.i586.rpm
 16fe11d7990e297e56ffb2f8e34eb3ff  
corporate/3.0/RPMS/postgresql-docs-7.4.1-2.6.C30mdk.i586.rpm
 f6acadb8c1d3c3e78bb5a7d7e233b73b  
corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.6.C30mdk.i586.rpm
 cd1088e858b39ac9c86865048e6e91dc  
corporate/3.0/RPMS/postgresql-pl-7.4.1-2.6.C30mdk.i586.rpm
 2a2f6db2c65c6ec72a00cf22c77d25ed  
corporate/3.0/RPMS/postgresql-server-7.4.1-2.6.C30mdk.i586.rpm
 e6dbad550a75cbdaafb882646094b18e  
corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.6.C30mdk.i586.rpm
 1d9bfb14ee7e32157364c02fdb5d39c8  
corporate/3.0/RPMS/postgresql-test-7.4.1-2.6.C30mdk.i586.rpm
 9e2f9744dbdd29fb5005585f8f0b9c08  
corporate/3.0/SRPMS/postgresql-7.4.1-2.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 d8ed626768c69eb97004d42d47322a4a  
x86_64/corporate/3.0/RPMS/lib64ecpg3-7.4.1-2.6.C30mdk.x86_64.rpm
 19639e5f855af780586871e60365b8f1  
x86_64/corporate/3.0/RPMS/lib64ecpg3-devel-7.4.1-2.6.C30mdk.x86_64.rpm
 79163d1d52df819b3807445a28a4748f  
x86_64/corporate/3.0/RPMS/lib64pgtcl2-7.4.1-2.6.C30mdk.x86_64.rpm
 b4356183d45cdb448e7e8c2195a419e6  
x86_64/corporate/3.0/RPMS/lib64pgtcl2-devel-7.4.1-2.6.C30mdk.x86_64.rpm
 04732f900babe887c77606063dfe78a0  
x86_64/corporate/3.0/RPMS/lib64pq3-7.4.1-2.6.C30mdk.x86_64.rpm
 a86004f195f5bd3d910b80bd2194b503  
x86_64/corporate/3.0/RPMS/lib64pq3-devel-7.4.1-2.6.C30mdk.x86_64.rpm
 da154afe1362c980ede81914ccf412be  
x86_64/corporate/3.0/RPMS/postgresql-7.4.1-2.6.C30mdk.x86_64.rpm
 0517399d099bd7aa39c0000b5b7eaa73  
x86_64/corporate/3.0/RPMS/postgresql-contrib-7.4.1-2.6.C30mdk.x86_64.rpm
 094cd54dd316f12b0dc45710f5ec4e22  
x86_64/corporate/3.0/RPMS/postgresql-devel-7.4.1-2.6.C30mdk.x86_64.rpm
 98f90c8828ae548035cab3dc1a633aa6  
x86_64/corporate/3.0/RPMS/postgresql-docs-7.4.1-2.6.C30mdk.x86_64.rpm
 2434237858aec19e8e65a4c7b429df9c  
x86_64/corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.6.C30mdk.x86_64.rpm
 4414a59d5929668161aa932ea6e74787  
x86_64/corporate/3.0/RPMS/postgresql-pl-7.4.1-2.6.C30mdk.x86_64.rpm
 202b10907a8c365fb9408ab31ec4b7f4  
x86_64/corporate/3.0/RPMS/postgresql-server-7.4.1-2.6.C30mdk.x86_64.rpm
 ef3f8cb2101ce12ef4a9d39dba3ef69d  
x86_64/corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.6.C30mdk.x86_64.rpm
 5f38e8842f16de0a78d297542f36381f  
x86_64/corporate/3.0/RPMS/postgresql-test-7.4.1-2.6.C30mdk.x86_64.rpm
 9e2f9744dbdd29fb5005585f8f0b9c08  
x86_64/corporate/3.0/SRPMS/postgresql-7.4.1-2.6.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEhwzEmqjQ0CJFipgRAlpPAKDtS/0zzX1FQ5TNZJiomg794t8PuACg5Sy/
MbetQ0f3hu2qISycixCUipE=
=t6wa
-----END PGP SIGNATURE-----