lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200208261141.00978.aliz@gentoo.org>
From: aliz at gentoo.org (Daniel Ahlberg)
Subject: GLSA: PostgreSQL

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------

PACKAGE        :postgresql
SUMMARY        :buffer overruns
DATE           :2002-08-26 09:40 UTC

- - --------------------------------------------------------------------

OVERVIEW

Several buffer overruns found in PostgreSQL

DETAIL

The PostgreSQL Global Development Team has identified and
addressed the following buffer overruns in PostgreSQL:

* in handling long datetime input
* in repeat()
* in lpad() and rpad() with multibyte
* in SET TIME ZONE and TZ env var

More information can be found on the following adresses:

http://online.securityfocus.com/archive/1/288305/2002-08-16/2002-08-22/0
http://online.securityfocus.com/archive/1/288334/2002-08-16/2002-08-22/0

The advisory sent by The PostgreSQL Global Development Team can be read at

http://online.securityfocus.com/archive/1/288998/2002-08-23/2002-08-29/0

SOLUTION

It is recommended that all Gentoo Linux users who are running
dev-db/postgresql-7.2.1-r2 and earlier update their systems
as follows:

emerge rsync
emerge postgresql
emerge clean

postgresql-7.2.2 is currently only available for x86. Sparc and ppc will
be available when it's been tested on these archs.

- - --------------------------------------------------------------------
Daniel Ahlberg
aliz@...too.org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9aferfT7nyhUpoZMRAvekAJ9UjtWr7K5934otXCWVujKOrK9m5QCghSE5
W7ksuXGlIoPx2QexaxEcUEY=
=nrn6
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ