[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060609075113.GA9351@piware.de>
Date: Fri, 9 Jun 2006 09:51:13 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-288-2] PostgreSQL server/client
vulnerabilities
===========================================================
Ubuntu Security Notice USN-288-2 June 09, 2006
postgresql-8.1 vulnerabilities
CVE-2006-2313, CVE-2006-2314
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libpq-dev 8.1.4-0ubuntu1
libpq4 8.1.4-0ubuntu1
postgresql-8.1 8.1.4-0ubuntu1
postgresql-client-8.1 8.1.4-0ubuntu1
postgresql-contrib-8.1 8.1.4-0ubuntu1
After a standard system upgrade you need to restart all services that
use PostgreSQL to effect the necessary changes. If you can afford it,
rebooting the computer is the easiest way of ensuring that all running
services use the updated client library.
Details follow:
USN-288-1 fixed two vulnerabilities in Ubuntu 5.04 and Ubuntu 5.10.
This update fixes the same vulnerabilities for Ubuntu 6.06 LTS.
For reference, these are the details of the original USN:
CVE-2006-2313:
Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of
invalidly-encoded multibyte text data. If a client application
processed untrusted input without respecting its encoding and applied
standard string escaping techniques (such as replacing a single quote
>>'<< with >>\'<< or >>''<<), the PostgreSQL server could interpret the
resulting string in a way that allowed an attacker to inject arbitrary
SQL commands into the resulting SQL query. The PostgreSQL server has
been modified to reject such invalidly encoded strings now, which
completely fixes the problem for some 'safe' multibyte encodings like
UTF-8.
CVE-2006-2314:
However, there are some less popular and client-only multibyte
encodings (such as SJIS, BIG5, GBK, GB18030, and UHC) which contain
valid multibyte characters that end with the byte 0x5c, which is the
representation of the backslash character >>\<< in ASCII. Many client
libraries and applications use the non-standard, but popular way of
escaping the >>'<< character by replacing all occurences of it with
>>\'<<. If a client application uses one of the affected encodings and
does not interpret multibyte characters, and an attacker supplies a
specially crafted byte sequence as an input string parameter, this
escaping method would then produce a validly-encoded character and
an excess >>'<< character which would end the string. All subsequent
characters would then be interpreted as SQL code, so the attacker
could execute arbitrary SQL commands.
To fix this vulnerability end-to-end, client-side applications must
be fixed to properly interpret multibyte encodings and use >>''<<
instead of >>\'<<. However, as a precautionary measure, the sequence
>>\'<< is now regarded as invalid when one of the affected client
encodings is in use. If you depend on the previous behaviour, you
can restore it by setting 'backslash_quote = on' in postgresql.conf.
However, please be aware that this could render you vulnerable
again.
This issue does not affect you if you only use single-byte (like
SQL_ASCII or the ISO-8859-X family) or unaffected multibyte (like
UTF-8) encodings.
Please see http://www.postgresql.org/docs/techdocs.50 for further
details.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.diff.gz
Size/MD5: 23774 50475bf9e83adaa54956b32fbeedbdca
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.dsc
Size/MD5: 1111 e1b77d64f44d3293f650b126ff624565
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4.orig.tar.gz
Size/MD5: 11312643 c6554a0ef948ab2b18b617954e1788fe
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.4-0ubuntu1_all.deb
Size/MD5: 1440630 81de1288298a0b1540b995db84d639db
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1_amd64.deb
Size/MD5: 151534 1a2d7dbbb8be5b9c8a5839a9602ca654
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1_amd64.deb
Size/MD5: 343524 06e9895e5575d0abdc2d90c504d0f60c
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1_amd64.deb
Size/MD5: 172050 6d8c0db031695b43daedf1ba0ccf1db4
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1_amd64.deb
Size/MD5: 173882 4df3a6b067ac6979ac5520d0413bc493
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1_amd64.deb
Size/MD5: 306786 1659c4ee4db18971aff2b5a2bcdc4b56
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1_amd64.deb
Size/MD5: 205400 c6bd156297d319abebd705d92640f4c9
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1_amd64.deb
Size/MD5: 3218988 63d0827c9d61a756c186e5d44b713ea0
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1_amd64.deb
Size/MD5: 757632 4c02e9664c2ca0b527e57f2726fa47fd
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1_amd64.deb
Size/MD5: 611878 eac0f723a04af452f02d1bb1948e9c30
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1_amd64.deb
Size/MD5: 168338 e299d9af4753d071fe343edf27685f60
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1_amd64.deb
Size/MD5: 162474 26dd97db0be8a10f1c861ab291afc41a
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1_amd64.deb
Size/MD5: 162520 b9d2304b4e93887e2ce8647e6804d026
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1_amd64.deb
Size/MD5: 595282 8fa18c5eadc19b64a9f307981bf63a33
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1_i386.deb
Size/MD5: 150450 4308cc03785ddc36623644d37f4ed2f2
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1_i386.deb
Size/MD5: 333388 ead70ebfdf7cf813ed9551fb58e1c2e7
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1_i386.deb
Size/MD5: 169614 58d6525bbccf22ceaceb118f64edc91c
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1_i386.deb
Size/MD5: 171976 9256a9eaec5e17cd6cf1e3e69c98aa0a
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1_i386.deb
Size/MD5: 295280 9cdd48c40b695263a367a31ff22eeffd
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1_i386.deb
Size/MD5: 198684 b72475c826853f2676a5518c7e702bf7
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1_i386.deb
Size/MD5: 3022878 daf5169e99a2cbf25e5a613afee0b296
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1_i386.deb
Size/MD5: 685600 6a005aa69ab71ea33782c39c69523907
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1_i386.deb
Size/MD5: 566298 df459621574a04c48f2c2972777a50db
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1_i386.deb
Size/MD5: 166520 24fd6273ebffe0af3f090e765238704f
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1_i386.deb
Size/MD5: 159724 3a833dff1a65ab9923e9acfb040404de
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1_i386.deb
Size/MD5: 161096 1a765c8eb3d6ebedcfd2e1efe847cf07
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1_i386.deb
Size/MD5: 595268 14f544386e5076a6e57088b354c5646d
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1_powerpc.deb
Size/MD5: 152324 cf9f10cdecdd03d1f66b4445bf382493
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1_powerpc.deb
Size/MD5: 339216 e505f08a27c1bbe13799102fb28d7262
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1_powerpc.deb
Size/MD5: 172726 ed879da2529805b3c98287d4a3e8618d
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1_powerpc.deb
Size/MD5: 176224 8484c967f7c60fd6de2621fb1c9a4495
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1_powerpc.deb
Size/MD5: 301178 83a59bf08f5d39112d7be624dd3053e7
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1_powerpc.deb
Size/MD5: 202196 24f20882e7da00e4f95d32c4d27d2d73
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1_powerpc.deb
Size/MD5: 3513706 bc11d0427377123d8cbdb96e4926a9f6
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1_powerpc.deb
Size/MD5: 757604 68b6a354f07899ad3788e6bf5ef2f176
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1_powerpc.deb
Size/MD5: 627768 8ae27c8bde7c932003a1e62d7e96b42d
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1_powerpc.deb
Size/MD5: 168034 0c4af8a8ec36ba3ebf72c4752242fe84
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1_powerpc.deb
Size/MD5: 162468 9886e8b0145ac3a4e36d66e3dda5d7b6
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1_powerpc.deb
Size/MD5: 163372 c4604a840871721420e5e19f1bc9a65d
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1_powerpc.deb
Size/MD5: 595298 aec97a7928a0d84b4197eb868b354a43
Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists