=========================================================== Ubuntu Security Notice USN-288-2 June 09, 2006 postgresql-8.1 vulnerabilities CVE-2006-2313, CVE-2006-2314 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpq-dev 8.1.4-0ubuntu1 libpq4 8.1.4-0ubuntu1 postgresql-8.1 8.1.4-0ubuntu1 postgresql-client-8.1 8.1.4-0ubuntu1 postgresql-contrib-8.1 8.1.4-0ubuntu1 After a standard system upgrade you need to restart all services that use PostgreSQL to effect the necessary changes. If you can afford it, rebooting the computer is the easiest way of ensuring that all running services use the updated client library. Details follow: USN-288-1 fixed two vulnerabilities in Ubuntu 5.04 and Ubuntu 5.10. This update fixes the same vulnerabilities for Ubuntu 6.06 LTS. For reference, these are the details of the original USN: CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data. If a client application processed untrusted input without respecting its encoding and applied standard string escaping techniques (such as replacing a single quote >>'<< with >>\'<< or >>''<<), the PostgreSQL server could interpret the resulting string in a way that allowed an attacker to inject arbitrary SQL commands into the resulting SQL query. The PostgreSQL server has been modified to reject such invalidly encoded strings now, which completely fixes the problem for some 'safe' multibyte encodings like UTF-8. CVE-2006-2314: However, there are some less popular and client-only multibyte encodings (such as SJIS, BIG5, GBK, GB18030, and UHC) which contain valid multibyte characters that end with the byte 0x5c, which is the representation of the backslash character >>\<< in ASCII. Many client libraries and applications use the non-standard, but popular way of escaping the >>'<< character by replacing all occurences of it with >>\'<<. If a client application uses one of the affected encodings and does not interpret multibyte characters, and an attacker supplies a specially crafted byte sequence as an input string parameter, this escaping method would then produce a validly-encoded character and an excess >>'<< character which would end the string. All subsequent characters would then be interpreted as SQL code, so the attacker could execute arbitrary SQL commands. To fix this vulnerability end-to-end, client-side applications must be fixed to properly interpret multibyte encodings and use >>''<< instead of >>\'<<. However, as a precautionary measure, the sequence >>\'<< is now regarded as invalid when one of the affected client encodings is in use. If you depend on the previous behaviour, you can restore it by setting 'backslash_quote = on' in postgresql.conf. However, please be aware that this could render you vulnerable again. This issue does not affect you if you only use single-byte (like SQL_ASCII or the ISO-8859-X family) or unaffected multibyte (like UTF-8) encodings. Please see http://www.postgresql.org/docs/techdocs.50 for further details. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.diff.gz Size/MD5: 23774 50475bf9e83adaa54956b32fbeedbdca http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.dsc Size/MD5: 1111 e1b77d64f44d3293f650b126ff624565 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4.orig.tar.gz Size/MD5: 11312643 c6554a0ef948ab2b18b617954e1788fe Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.4-0ubuntu1_all.deb Size/MD5: 1440630 81de1288298a0b1540b995db84d639db amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1_amd64.deb Size/MD5: 151534 1a2d7dbbb8be5b9c8a5839a9602ca654 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1_amd64.deb Size/MD5: 343524 06e9895e5575d0abdc2d90c504d0f60c http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1_amd64.deb Size/MD5: 172050 6d8c0db031695b43daedf1ba0ccf1db4 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1_amd64.deb Size/MD5: 173882 4df3a6b067ac6979ac5520d0413bc493 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1_amd64.deb Size/MD5: 306786 1659c4ee4db18971aff2b5a2bcdc4b56 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1_amd64.deb Size/MD5: 205400 c6bd156297d319abebd705d92640f4c9 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1_amd64.deb Size/MD5: 3218988 63d0827c9d61a756c186e5d44b713ea0 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1_amd64.deb Size/MD5: 757632 4c02e9664c2ca0b527e57f2726fa47fd http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1_amd64.deb Size/MD5: 611878 eac0f723a04af452f02d1bb1948e9c30 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1_amd64.deb Size/MD5: 168338 e299d9af4753d071fe343edf27685f60 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1_amd64.deb Size/MD5: 162474 26dd97db0be8a10f1c861ab291afc41a http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1_amd64.deb Size/MD5: 162520 b9d2304b4e93887e2ce8647e6804d026 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1_amd64.deb Size/MD5: 595282 8fa18c5eadc19b64a9f307981bf63a33 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1_i386.deb Size/MD5: 150450 4308cc03785ddc36623644d37f4ed2f2 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1_i386.deb Size/MD5: 333388 ead70ebfdf7cf813ed9551fb58e1c2e7 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1_i386.deb Size/MD5: 169614 58d6525bbccf22ceaceb118f64edc91c http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1_i386.deb Size/MD5: 171976 9256a9eaec5e17cd6cf1e3e69c98aa0a http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1_i386.deb Size/MD5: 295280 9cdd48c40b695263a367a31ff22eeffd http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1_i386.deb Size/MD5: 198684 b72475c826853f2676a5518c7e702bf7 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1_i386.deb Size/MD5: 3022878 daf5169e99a2cbf25e5a613afee0b296 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1_i386.deb Size/MD5: 685600 6a005aa69ab71ea33782c39c69523907 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1_i386.deb Size/MD5: 566298 df459621574a04c48f2c2972777a50db http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1_i386.deb Size/MD5: 166520 24fd6273ebffe0af3f090e765238704f http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1_i386.deb Size/MD5: 159724 3a833dff1a65ab9923e9acfb040404de http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1_i386.deb Size/MD5: 161096 1a765c8eb3d6ebedcfd2e1efe847cf07 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1_i386.deb Size/MD5: 595268 14f544386e5076a6e57088b354c5646d powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1_powerpc.deb Size/MD5: 152324 cf9f10cdecdd03d1f66b4445bf382493 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1_powerpc.deb Size/MD5: 339216 e505f08a27c1bbe13799102fb28d7262 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1_powerpc.deb Size/MD5: 172726 ed879da2529805b3c98287d4a3e8618d http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1_powerpc.deb Size/MD5: 176224 8484c967f7c60fd6de2621fb1c9a4495 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1_powerpc.deb Size/MD5: 301178 83a59bf08f5d39112d7be624dd3053e7 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1_powerpc.deb Size/MD5: 202196 24f20882e7da00e4f95d32c4d27d2d73 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1_powerpc.deb Size/MD5: 3513706 bc11d0427377123d8cbdb96e4926a9f6 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1_powerpc.deb Size/MD5: 757604 68b6a354f07899ad3788e6bf5ef2f176 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1_powerpc.deb Size/MD5: 627768 8ae27c8bde7c932003a1e62d7e96b42d http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1_powerpc.deb Size/MD5: 168034 0c4af8a8ec36ba3ebf72c4752242fe84 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1_powerpc.deb Size/MD5: 162468 9886e8b0145ac3a4e36d66e3dda5d7b6 http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1_powerpc.deb Size/MD5: 163372 c4604a840871721420e5e19f1bc9a65d http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1_powerpc.deb Size/MD5: 595298 aec97a7928a0d84b4197eb868b354a43
Attachment:
signature.asc
Description: Digital signature