lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061024180152.GE6211@piware.de>
Date: Tue, 24 Oct 2006 20:01:52 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-369-1] PostgreSQL vulnerabilities

=========================================================== 
Ubuntu Security Notice USN-369-1           October 24, 2006
postgresql-8.1 vulnerabilities
http://www.postgresql.org/about/news.664
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  postgresql-8.1                           8.1.4-0ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Michael Fuhr discovered an incorrect type check when handling unknown
literals. By attempting to coerce such a literal to the ANYARRAY type,
a local authenticated attacker could cause a server crash.

Josh Drake and Alvaro Herrera reported a crash when using aggregate
functions in UPDATE statements. A local authenticated attacker could
exploit this to crash the server backend. This update disables this
construct, since it is not very well defined and forbidden by the SQL
standard.

Sergey Koposov discovered a flaw in the duration logging. This could
cause a server crash under certain circumstances.

Please note that these flaws can usually not be exploited through web
and other applications that use a database and are exposed to
untrusted input, so these flaws do not pose a threat in usual setups.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.1.diff.gz
      Size/MD5:    27049 3275e9b9ba9270f02f6d71171b85b770
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.1.dsc
      Size/MD5:     1115 26f7be0a7abbf8d2dd43fcecb2e68c03
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4.orig.tar.gz
      Size/MD5: 11312643 c6554a0ef948ab2b18b617954e1788fe

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.4-0ubuntu1.1_all.deb
      Size/MD5:  1441006 6d07fb48179222edcddb101cfa38bdd0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1.1_amd64.deb
      Size/MD5:   151896 205c5bdfaa12cd1aa742f8a60175d53d
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1.1_amd64.deb
      Size/MD5:   343924 057a190fd02625da8233ea8c0bbffd6d
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1.1_amd64.deb
      Size/MD5:   172408 77edbd84b4aa4a01a47228f56d7ea964
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1.1_amd64.deb
      Size/MD5:   174232 00f4dbac0e143d9838d956369a506902
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1.1_amd64.deb
      Size/MD5:   307126 fa5f041925179d150007ca2c69cebad1
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1.1_amd64.deb
      Size/MD5:   205670 01d775b51f26406da91c6a520afe98dd
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.1_amd64.deb
      Size/MD5:  3219066 e7194032e664f5ff0461a03daedb4b5e
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1.1_amd64.deb
      Size/MD5:   757916 68b70373e91ca1b8ba79c6af8903d79f
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1.1_amd64.deb
      Size/MD5:   612178 11c0024eeeaa10a493dc7a93fab4c8af
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1.1_amd64.deb
      Size/MD5:   168686 4481591c9c1546ac1e9c9469f72c01f9
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1.1_amd64.deb
      Size/MD5:   162830 3ecd7f7ce9d4557e2b5a1a10426f03e4
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1.1_amd64.deb
      Size/MD5:   162864 309430e8b0429106fe0e45c75367844c
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1.1_amd64.deb
      Size/MD5:   595544 b11942b89fa3b2ad608647d8a98a2be0

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1.1_i386.deb
      Size/MD5:   150812 4bac344dce1360a88d264f6a71872e69
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1.1_i386.deb
      Size/MD5:   333798 1907cd200c5976e80af2bd729ea026ac
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1.1_i386.deb
      Size/MD5:   169958 0b827b9d91f57be097338a0fea176992
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1.1_i386.deb
      Size/MD5:   172324 2b084295d3e060182a15ce1560ac966c
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1.1_i386.deb
      Size/MD5:   295620 f0e9ebf62066a7c50ee5f52683e0bf40
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1.1_i386.deb
      Size/MD5:   198984 2d576dafba8b5c32ed51863595bfb003
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.1_i386.deb
      Size/MD5:  3023812 d8ec704219963643050a2db8aea2c691
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1.1_i386.deb
      Size/MD5:   685892 a66a8c0ed87d16d3b7cda2c0c70928df
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1.1_i386.deb
      Size/MD5:   566660 85ad72f78a8044ba700f582543bb6170
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1.1_i386.deb
      Size/MD5:   166876 34fc0f26fc0edf0153f6c81c18583e60
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1.1_i386.deb
      Size/MD5:   160064 39a68acfc3280d5829f33ce75bdd8b80
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1.1_i386.deb
      Size/MD5:   161452 bc0e65eb341e682b9e0b2ed1a3fbebd2
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1.1_i386.deb
      Size/MD5:   595526 0aed210b381749b051e80b717d61b2a1

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1.1_powerpc.deb
      Size/MD5:   152698 f7497bf93146c5c96b707970fdb4cb54
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1.1_powerpc.deb
      Size/MD5:   339584 384ecc6a67f51f869b18e85ef92cf25c
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1.1_powerpc.deb
      Size/MD5:   173074 3cb3df27521b1a1f7b402487648586a2
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1.1_powerpc.deb
      Size/MD5:   176582 8770577b4479a99ed20aa8476d81fa44
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1.1_powerpc.deb
      Size/MD5:   301524 723e9dd51237bfee94e113c672f00213
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1.1_powerpc.deb
      Size/MD5:   202536 cf33010091ffc82019caf03ecee1bbdf
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.1_powerpc.deb
      Size/MD5:  3514204 8e41d7895a09d422722ed8d2c8dc1816
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1.1_powerpc.deb
      Size/MD5:   758032 7ca3df1a2ecc194b4dba7fbb0a31814e
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1.1_powerpc.deb
      Size/MD5:   628182 7a56a1d399c822658f7c92fcd7068ef3
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1.1_powerpc.deb
      Size/MD5:   168388 24bd465dec5e84e72dfe714eb687d21b
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1.1_powerpc.deb
      Size/MD5:   162798 620146d96fc475504312ee2291a906d2
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1.1_powerpc.deb
      Size/MD5:   163734 df2db1a9405a386ba3493f1bd0df5909
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1.1_powerpc.deb
      Size/MD5:   595558 2ff367dbfe47b1cdc81ebd856c06eb2c

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1.1_sparc.deb
      Size/MD5:   150634 f21b1b3637bfe947f917f376cdb37ad1
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1.1_sparc.deb
      Size/MD5:   331060 7edee20954baed134ffdbef3622f6ba0
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1.1_sparc.deb
      Size/MD5:   170658 3cc784c7f7ce1f606120415e8c87f22e
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1.1_sparc.deb
      Size/MD5:   171980 9825f5f79bffa6c3ec9e2f927f8e719c
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1.1_sparc.deb
      Size/MD5:   297644 e4423f6757eb6763b9130845f52ad5f5
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1.1_sparc.deb
      Size/MD5:   199242 178738d21528c67c6efe7c40c7e2ac5a
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.1_sparc.deb
      Size/MD5:  3391734 d822c2dc6f3889c7846e37c8aa56160a
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1.1_sparc.deb
      Size/MD5:   714210 8a91f05633f484f125fce2627c7b7555
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1.1_sparc.deb
      Size/MD5:   586882 68c7bd5efa38e01fc9ff94ae73235688
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1.1_sparc.deb
      Size/MD5:   166952 4d0cb8ac8169e9c1b5d9ba711d87ec73
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1.1_sparc.deb
      Size/MD5:   161250 9de70bd33c8a135e4b9f0b2648597507
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1.1_sparc.deb
      Size/MD5:   161886 b9ade5652dd304fcc2201a4c817d9f7a
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1.1_sparc.deb
      Size/MD5:   595528 e25414b48356a0dade4e680adbb00ad7

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ