lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200208261141.00978.aliz@gentoo.org> From: aliz at gentoo.org (Daniel Ahlberg) Subject: GLSA: PostgreSQL -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT - - -------------------------------------------------------------------- PACKAGE :postgresql SUMMARY :buffer overruns DATE :2002-08-26 09:40 UTC - - -------------------------------------------------------------------- OVERVIEW Several buffer overruns found in PostgreSQL DETAIL The PostgreSQL Global Development Team has identified and addressed the following buffer overruns in PostgreSQL: * in handling long datetime input * in repeat() * in lpad() and rpad() with multibyte * in SET TIME ZONE and TZ env var More information can be found on the following adresses: http://online.securityfocus.com/archive/1/288305/2002-08-16/2002-08-22/0 http://online.securityfocus.com/archive/1/288334/2002-08-16/2002-08-22/0 The advisory sent by The PostgreSQL Global Development Team can be read at http://online.securityfocus.com/archive/1/288998/2002-08-23/2002-08-29/0 SOLUTION It is recommended that all Gentoo Linux users who are running dev-db/postgresql-7.2.1-r2 and earlier update their systems as follows: emerge rsync emerge postgresql emerge clean postgresql-7.2.2 is currently only available for x86. Sparc and ppc will be available when it's been tested on these archs. - - -------------------------------------------------------------------- Daniel Ahlberg aliz@...too.org - GnuPG key is available at www.gentoo.org/~aliz - - -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9aferfT7nyhUpoZMRAvekAJ9UjtWr7K5934otXCWVujKOrK9m5QCghSE5 W7ksuXGlIoPx2QexaxEcUEY= =nrn6 -----END PGP SIGNATURE-----