Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in postgresql
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in postgresql
ID: USN-79-1
Distribution: Ubuntu
Plattformen: Ubuntu 4.10
Datum: Do, 10. Februar 2005, 12:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0247
Applikationen: PostgreSQL

Originalnachricht

===========================================================
Ubuntu Security Notice USN-79-1 February 10, 2005
postgresql vulnerabilities
CAN-2005-0244 CAN-2005-0245 CAN-2005-0246 CAN-2005-0247
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

postgresql
postgresql-contrib

The problem can be corrected by upgrading the affected package to
version 7.4.5-3ubuntu0.4. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

The execution of custom PostgreSQL functions can be restricted with
the EXECUTE privilege. However, previous versions did not check this
privilege when executing a function which was part of an aggregate.
As a result, any database user could circumvent the EXECUTE restriction of
functions with a particular (but very common) parameter structure by
creating an aggregate wrapper around the function. (CAN-2005-0244)

Several buffer overflows have been discovered in the SQL parser. These
could be exploited by any database user to crash the PostgreSQL server
or execute arbitrary code with the privileges of the server.
(CAN-2005-0245, CAN-2005-0247)

Finally, this update fixes a Denial of Service vulnerability of the
contributed "intagg" module. By constructing specially crafted arrays,
a database user was able to corrupt and crash the PostgreSQL server.
(CAN-2005-0246). Please note that this module is part of the
"postgresql-contrib" package, which is not officially supported by
Ubuntu.

Source archives:

postgresql_7.4.5-3ubuntu0.4.diff.gz
Size/MD5: 147348 eb787b982a2fce502e8c1c7aa55c3576
postgresql_7.4.5-3ubuntu0.4.dsc
Size/MD5: 991 30358e2ea343002967cf2f3213b9d1a2
postgresql_7.4.5.orig.tar.gz
Size/MD5: 9895913 a295885a36ed8e7ec7a7e887218ceabc

Architecture independent packages:

postgresql-doc_7.4.5-3ubuntu0.4_all.deb
Size/MD5: 2256436 1c9ed621c3ac0dc2a00b26c58d2a3c07

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

libecpg-dev_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 206808 1e9bc9dc3cdc1cf79c9ef599ce265cba
libecpg4_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 91246 5533e6428b30d353bf3526be2829f4f2
libpgtcl-dev_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 48944 73a24322ee5588d75bdea7a516df6f77
libpgtcl_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 73842 4f0fdbc694b096f09382c65dfb4dd206
libpq3_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 115736 958218a2a2b8a0dcf0dd6fa770d56b3d
postgresql-client_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 518388 b0379cca9944bb2c6982d2f17d279052
postgresql-contrib_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 624558 b79caefd6810cc614417932482bd522e
postgresql-dev_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 509454 f474b7a6266e89277cbfa61f163b71fd
postgresql_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 3880354 5702813c84b8ed415f84b6256a6b04f6

i386 architecture (x86 compatible Intel/AMD)

libecpg-dev_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 194924 6c938748460c8fcd7b5d37a394263600
libecpg4_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 85752 157dd27476e72f60ee01735801904956
libpgtcl-dev_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 47926 b7abfc71a11e604732b6773bce037eac
libpgtcl_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 70730 8f25f953703068cc97924c339a5232b8
libpq3_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 108982 a786da05d2d92418550c108b2565d40d
postgresql-client_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 492222 589dff2665eadeb0ea4c2920e5d63a95
postgresql-contrib_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 577778 4a37c5989e0c7bc2ddf31d0e1be7017e
postgresql-dev_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 502618 68eabd4e511edbc839a33c1b5f549760
postgresql_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 3703434 70665efa7b0e107fced12f1dafcceea6

powerpc architecture (Apple Macintosh G3/G4/G5)

libecpg-dev_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 203326 4bff9a2f466eeb420a2598479e1863d7
libecpg4_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 92782 3ed41b6926e9ce5291d85a180f10ac2b
libpgtcl-dev_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 48680 e82965a2ab2066257c50313d00e73ccd
libpgtcl_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 77338 805f090c7abb09954b0f64c55dae69f6
libpq3_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 109990 2f6a558821fb44058992821a38d3c620
postgresql-client_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 511140 7c6f178d64f49f1e9761dba7be2a421a
postgresql-contrib_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 636722 4781ee88b2c58c8eb25921a86b21f4b0
postgresql-dev_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 506202 1133027e8da57b754ae1ff21d79e923a
postgresql_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 4103732 6af566d887140b80873568c649ac852a





--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung