[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[USN-79-1] PostgreSQL vulnerabilities



===========================================================
Ubuntu Security Notice USN-79-1 February 10, 2005
postgresql vulnerabilities
CAN-2005-0244 CAN-2005-0245 CAN-2005-0246 CAN-2005-0247
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
postgresql
postgresql-contrib
The problem can be corrected by upgrading the affected package to
version 7.4.5-3ubuntu0.4. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
The execution of custom PostgreSQL functions can be restricted with
the EXECUTE privilege. However, previous versions did not check this
privilege when executing a function which was part of an aggregate.
As a result, any database user could circumvent the EXECUTE restriction of
functions with a particular (but very common) parameter structure by
creating an aggregate wrapper around the function. (CAN-2005-0244)
Several buffer overflows have been discovered in the SQL parser. These
could be exploited by any database user to crash the PostgreSQL server
or execute arbitrary code with the privileges of the server.
(CAN-2005-0245, CAN-2005-0247)
Finally, this update fixes a Denial of Service vulnerability of the
contributed "intagg" module. By constructing specially crafted arrays,
a database user was able to corrupt and crash the PostgreSQL server.
(CAN-2005-0246). Please note that this module is part of the
"postgresql-contrib" package, which is not officially supported by
Ubuntu.
 Source archives:
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.4.diff.gz
 Size/MD5: 147348 eb787b982a2fce502e8c1c7aa55c3576
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.4.dsc
 Size/MD5: 991 30358e2ea343002967cf2f3213b9d1a2
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5.orig.tar.gz
 Size/MD5: 9895913 a295885a36ed8e7ec7a7e887218ceabc
 Architecture independent packages:
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-doc_7.4.5-3ubuntu0.4_all.deb
 Size/MD5: 2256436 1c9ed621c3ac0dc2a00b26c58d2a3c07
 amd64 architecture (Athlon64, Opteron, EM64T Xeon)
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.5-3ubuntu0.4_amd64.deb
 Size/MD5: 206808 1e9bc9dc3cdc1cf79c9ef599ce265cba
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.5-3ubuntu0.4_amd64.deb
 Size/MD5: 91246 5533e6428b30d353bf3526be2829f4f2
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.5-3ubuntu0.4_amd64.deb
 Size/MD5: 48944 73a24322ee5588d75bdea7a516df6f77
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.5-3ubuntu0.4_amd64.deb
 Size/MD5: 73842 4f0fdbc694b096f09382c65dfb4dd206
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5-3ubuntu0.4_amd64.deb
 Size/MD5: 115736 958218a2a2b8a0dcf0dd6fa770d56b3d
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.5-3ubuntu0.4_amd64.deb
 Size/MD5: 518388 b0379cca9944bb2c6982d2f17d279052
 
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.5-3ubuntu0.4_amd64.deb
 Size/MD5: 624558 b79caefd6810cc614417932482bd522e
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.5-3ubuntu0.4_amd64.deb
 Size/MD5: 509454 f474b7a6266e89277cbfa61f163b71fd
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.4_amd64.deb
 Size/MD5: 3880354 5702813c84b8ed415f84b6256a6b04f6
 i386 architecture (x86 compatible Intel/AMD)
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.5-3ubuntu0.4_i386.deb
 Size/MD5: 194924 6c938748460c8fcd7b5d37a394263600
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.5-3ubuntu0.4_i386.deb
 Size/MD5: 85752 157dd27476e72f60ee01735801904956
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.5-3ubuntu0.4_i386.deb
 Size/MD5: 47926 b7abfc71a11e604732b6773bce037eac
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.5-3ubuntu0.4_i386.deb
 Size/MD5: 70730 8f25f953703068cc97924c339a5232b8
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5-3ubuntu0.4_i386.deb
 Size/MD5: 108982 a786da05d2d92418550c108b2565d40d
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.5-3ubuntu0.4_i386.deb
 Size/MD5: 492222 589dff2665eadeb0ea4c2920e5d63a95
 
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.5-3ubuntu0.4_i386.deb
 Size/MD5: 577778 4a37c5989e0c7bc2ddf31d0e1be7017e
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.5-3ubuntu0.4_i386.deb
 Size/MD5: 502618 68eabd4e511edbc839a33c1b5f549760
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.4_i386.deb
 Size/MD5: 3703434 70665efa7b0e107fced12f1dafcceea6
 powerpc architecture (Apple Macintosh G3/G4/G5)
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.5-3ubuntu0.4_powerpc.deb
 Size/MD5: 203326 4bff9a2f466eeb420a2598479e1863d7
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.5-3ubuntu0.4_powerpc.deb
 Size/MD5: 92782 3ed41b6926e9ce5291d85a180f10ac2b
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.5-3ubuntu0.4_powerpc.deb
 Size/MD5: 48680 e82965a2ab2066257c50313d00e73ccd
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.5-3ubuntu0.4_powerpc.deb
 Size/MD5: 77338 805f090c7abb09954b0f64c55dae69f6
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5-3ubuntu0.4_powerpc.deb
 Size/MD5: 109990 2f6a558821fb44058992821a38d3c620
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.5-3ubuntu0.4_powerpc.deb
 Size/MD5: 511140 7c6f178d64f49f1e9761dba7be2a421a
 
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.5-3ubuntu0.4_powerpc.deb
 Size/MD5: 636722 4781ee88b2c58c8eb25921a86b21f4b0
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.5-3ubuntu0.4_powerpc.deb
 Size/MD5: 506202 1133027e8da57b754ae1ff21d79e923a
 
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.4_powerpc.deb
 Size/MD5: 4103732 6af566d887140b80873568c649ac852a

Attachment: signature.asc
Description: Digital signature


AltStyle によって変換されたページ (->オリジナル) /