[USN-288-2] PostgreSQL server/client vulnerabilities

To: ubuntu-security-announce@xxxxxxxxxxxxxxxx
Subject: [USN-288-2] PostgreSQL server/client vulnerabilities
From: Martin Pitt <martin.pitt@xxxxxxxxxxxxx>
Date: Fri, 9 Jun 2006 09:51:13 +0200
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mutt/1.5.11
=========================================================== 
Ubuntu Security Notice USN-288-2              June 09, 2006
postgresql-8.1 vulnerabilities
CVE-2006-2313, CVE-2006-2314
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libpq-dev                      8.1.4-0ubuntu1
  libpq4                         8.1.4-0ubuntu1
  postgresql-8.1                 8.1.4-0ubuntu1
  postgresql-client-8.1          8.1.4-0ubuntu1
  postgresql-contrib-8.1         8.1.4-0ubuntu1

After a standard system upgrade you need to restart all services that
use PostgreSQL to effect the necessary changes. If you can afford it,
rebooting the computer is the easiest way of ensuring that all running
services use the updated client library.

Details follow:

USN-288-1 fixed two vulnerabilities in Ubuntu 5.04 and Ubuntu 5.10.
This update fixes the same vulnerabilities for Ubuntu 6.06 LTS.

For reference, these are the details of the original USN:

  CVE-2006-2313:
    Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of
    invalidly-encoded multibyte text data. If a client application
    processed untrusted input without respecting its encoding and applied
    standard string escaping techniques (such as replacing a single quote
    >>'<< with >>\'<< or >>''<<), the PostgreSQL server could interpret the
    resulting string in a way that allowed an attacker to inject arbitrary
    SQL commands into the resulting SQL query. The PostgreSQL server has
    been modified to reject such invalidly encoded strings now, which
    completely fixes the problem for some 'safe' multibyte encodings like
    UTF-8.
  
  CVE-2006-2314:
    However, there are some less popular and client-only multibyte
    encodings (such as SJIS, BIG5, GBK, GB18030, and UHC) which contain
    valid multibyte characters that end with the byte 0x5c, which is the
    representation of the backslash character >>\<< in ASCII. Many client
    libraries and applications use the non-standard, but popular way of
    escaping the >>'<< character by replacing all occurences of it with
    >>\'<<. If a client application uses one of the affected encodings and
    does not interpret multibyte characters, and an attacker supplies a
    specially crafted byte sequence as an input string parameter, this
    escaping method would then produce a validly-encoded character and
    an excess >>'<< character which would end the string. All subsequent
    characters would then be interpreted as SQL code, so the attacker
    could execute arbitrary SQL commands.
  
    To fix this vulnerability end-to-end, client-side applications must
    be fixed to properly interpret multibyte encodings and use >>''<<
    instead of >>\'<<. However, as a precautionary measure, the sequence
    >>\'<< is now regarded as invalid when one of the affected client
    encodings is in use. If you depend on the previous behaviour, you
    can restore it by setting 'backslash_quote = on' in postgresql.conf.
    However, please be aware that this could render you vulnerable
    again.
  
    This issue does not affect you if you only use single-byte (like
    SQL_ASCII or the ISO-8859-X family) or unaffected multibyte (like
    UTF-8) encodings.
  
  Please see http://www.postgresql.org/docs/techdocs.50 for further
  details.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.diff.gz
      Size/MD5:    23774 50475bf9e83adaa54956b32fbeedbdca
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.dsc
      Size/MD5:     1111 e1b77d64f44d3293f650b126ff624565
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4.orig.tar.gz
      Size/MD5: 11312643 c6554a0ef948ab2b18b617954e1788fe

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.4-0ubuntu1_all.deb
      Size/MD5:  1440630 81de1288298a0b1540b995db84d639db

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1_amd64.deb
      Size/MD5:   151534 1a2d7dbbb8be5b9c8a5839a9602ca654
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1_amd64.deb
      Size/MD5:   343524 06e9895e5575d0abdc2d90c504d0f60c
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1_amd64.deb
      Size/MD5:   172050 6d8c0db031695b43daedf1ba0ccf1db4
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1_amd64.deb
      Size/MD5:   173882 4df3a6b067ac6979ac5520d0413bc493
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1_amd64.deb
      Size/MD5:   306786 1659c4ee4db18971aff2b5a2bcdc4b56
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1_amd64.deb
      Size/MD5:   205400 c6bd156297d319abebd705d92640f4c9
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1_amd64.deb
      Size/MD5:  3218988 63d0827c9d61a756c186e5d44b713ea0
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1_amd64.deb
      Size/MD5:   757632 4c02e9664c2ca0b527e57f2726fa47fd
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1_amd64.deb
      Size/MD5:   611878 eac0f723a04af452f02d1bb1948e9c30
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1_amd64.deb
      Size/MD5:   168338 e299d9af4753d071fe343edf27685f60
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1_amd64.deb
      Size/MD5:   162474 26dd97db0be8a10f1c861ab291afc41a
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1_amd64.deb
      Size/MD5:   162520 b9d2304b4e93887e2ce8647e6804d026
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1_amd64.deb
      Size/MD5:   595282 8fa18c5eadc19b64a9f307981bf63a33

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1_i386.deb
      Size/MD5:   150450 4308cc03785ddc36623644d37f4ed2f2
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1_i386.deb
      Size/MD5:   333388 ead70ebfdf7cf813ed9551fb58e1c2e7
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1_i386.deb
      Size/MD5:   169614 58d6525bbccf22ceaceb118f64edc91c
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1_i386.deb
      Size/MD5:   171976 9256a9eaec5e17cd6cf1e3e69c98aa0a
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1_i386.deb
      Size/MD5:   295280 9cdd48c40b695263a367a31ff22eeffd
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1_i386.deb
      Size/MD5:   198684 b72475c826853f2676a5518c7e702bf7
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1_i386.deb
      Size/MD5:  3022878 daf5169e99a2cbf25e5a613afee0b296
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1_i386.deb
      Size/MD5:   685600 6a005aa69ab71ea33782c39c69523907
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1_i386.deb
      Size/MD5:   566298 df459621574a04c48f2c2972777a50db
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1_i386.deb
      Size/MD5:   166520 24fd6273ebffe0af3f090e765238704f
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1_i386.deb
      Size/MD5:   159724 3a833dff1a65ab9923e9acfb040404de
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1_i386.deb
      Size/MD5:   161096 1a765c8eb3d6ebedcfd2e1efe847cf07
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1_i386.deb
      Size/MD5:   595268 14f544386e5076a6e57088b354c5646d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1_powerpc.deb
      Size/MD5:   152324 cf9f10cdecdd03d1f66b4445bf382493
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1_powerpc.deb
      Size/MD5:   339216 e505f08a27c1bbe13799102fb28d7262
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1_powerpc.deb
      Size/MD5:   172726 ed879da2529805b3c98287d4a3e8618d
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1_powerpc.deb
      Size/MD5:   176224 8484c967f7c60fd6de2621fb1c9a4495
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1_powerpc.deb
      Size/MD5:   301178 83a59bf08f5d39112d7be624dd3053e7
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1_powerpc.deb
      Size/MD5:   202196 24f20882e7da00e4f95d32c4d27d2d73
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1_powerpc.deb
      Size/MD5:  3513706 bc11d0427377123d8cbdb96e4926a9f6
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1_powerpc.deb
      Size/MD5:   757604 68b6a354f07899ad3788e6bf5ef2f176
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1_powerpc.deb
      Size/MD5:   627768 8ae27c8bde7c932003a1e62d7e96b42d
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1_powerpc.deb
      Size/MD5:   168034 0c4af8a8ec36ba3ebf72c4752242fe84
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1_powerpc.deb
      Size/MD5:   162468 9886e8b0145ac3a4e36d66e3dda5d7b6
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1_powerpc.deb
      Size/MD5:   163372 c4604a840871721420e5e19f1bc9a65d
    
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1_powerpc.deb
      Size/MD5:   595298 aec97a7928a0d84b4197eb868b354a43
Attachment: signature.asc
Description: Digital signature
Prev by Date: [USN-288-3] PostgreSQL client vulnerabilities
Next by Date: Windows Software Restriction Policy Protection Bypass
Previous by thread: [USN-288-3] PostgreSQL client vulnerabilities
Next by thread: Windows Software Restriction Policy Protection Bypass
Index(es):
- Date
- Thread