USN-288-2: PostgreSQL server/client vulnerabilities
Posted on: 06/09/2006 09:12 AM

A new PostgreSQL server/client vulnerabilities update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-288-2 June 09, 2006
postgresql-8.1 vulnerabilities
CVE-2006-2313, CVE-2006-2314

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libpq-dev 8.1.4-0ubuntu1
libpq4 8.1.4-0ubuntu1
postgresql-8.1 8.1.4-0ubuntu1
postgresql-client-8.1 8.1.4-0ubuntu1
postgresql-contrib-8.1 8.1.4-0ubuntu1

After a standard system upgrade you need to restart all services that
use PostgreSQL to effect the necessary changes. If you can afford it,
rebooting the computer is the easiest way of ensuring that all running
services use the updated client library.

Details follow:

USN-288-1 fixed two vulnerabilities in Ubuntu 5.04 and Ubuntu 5.10.
This update fixes the same vulnerabilities for Ubuntu 6.06 LTS.

For reference, these are the details of the original USN:

Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of
invalidly-encoded multibyte text data. If a client application
processed untrusted input without respecting its encoding and applied
standard string escaping techniques (such as replacing a single quote
gt;gt;'lt;lt; with gt;gt;\\'lt;lt; or gt;gt;''lt;lt;), the PostgreSQL server could interpret the
resulting string in a way that allowed an attacker to inject arbitrary
SQL commands into the resulting SQL query. The PostgreSQL server has
been modified to reject such invalidly encoded strings now, which
completely fixes the problem for some 'safe' multibyte encodings like
However, there are some less popular and client-only multibyte
encodings (such as SJIS, BIG5, GBK, GB18030, and UHC) which contain
valid multibyte characters that end with the byte 0x5c, which is the
representation of the backslash character gt;gt;\\lt;lt; in ASCII. Many client
libraries and applications use the non-standard, but popular way of
escaping the gt;gt;'lt;lt; character by replacing all occurences of it with
gt;gt;\\'lt;lt;. If a client application uses one of the affected encodings and
does not interpret multibyte characters, and an attacker supplies a
specially crafted byte sequence as an input string parameter, this
escaping method would then produce a validly-encoded character and
an excess gt;gt;'lt;lt; character which would end the string. All subsequent
characters would then be interpreted as SQL code, so the attacker
could execute arbitrary SQL commands.
To fix this vulnerability end-to-end, client-side applications must
be fixed to properly interpret multibyte encodings and use gt;gt;''lt;lt;
instead of gt;gt;\\'lt;lt;. However, as a precautionary measure, the sequence
gt;gt;\\'lt;lt; is now regarded as invalid when one of the affected client
encodings is in use. If you depend on the previous behaviour, you
can restore it by setting 'backslash_quote =3D on' in postgresql.conf.
However, please be aware that this could render you vulnerable
This issue does not affect you if you only use single-byte (like
SQL_ASCII or the ISO-8859-X family) or unaffected multibyte (like
UTF-8) encodings.
Please see for further

Updated packages for Ubuntu 6.06 LTS:

Source archives:
Size/MD5: 23774 50475bf9e83adaa54956b32fbeedbdca
Size/MD5: 1111 e1b77d64f44d3293f650b126ff624565
Size/MD5: 11312643 c6554a0ef948ab2b18b617954e1788fe

Architecture independent packages:
Size/MD5: 1440630 81de1288298a0b1540b995db84d639db

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 151534 1a2d7dbbb8be5b9c8a5839a9602ca654
Size/MD5: 343524 06e9895e5575d0abdc2d90c504d0f60c
Size/MD5: 172050 6d8c0db031695b43daedf1ba0ccf1db4
Size/MD5: 173882 4df3a6b067ac6979ac5520d0413bc493
Size/MD5: 306786 1659c4ee4db18971aff2b5a2bcdc4b56
Size/MD5: 205400 c6bd156297d319abebd705d92640f4c9
Size/MD5: 3218988 63d0827c9d61a756c186e5d44b713ea0
Size/MD5: 757632 4c02e9664c2ca0b527e57f2726fa47fd
Size/MD5: 611878 eac0f723a04af452f02d1bb1948e9c30
Size/MD5: 168338 e299d9af4753d071fe343edf27685f60
Size/MD5: 162474 26dd97db0be8a10f1c861ab291afc41a
Size/MD5: 162520 b9d2304b4e93887e2ce8647e6804d026
Size/MD5: 595282 8fa18c5eadc19b64a9f307981bf63a33

i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 150450 4308cc03785ddc36623644d37f4ed2f2
Size/MD5: 333388 ead70ebfdf7cf813ed9551fb58e1c2e7
Size/MD5: 169614 58d6525bbccf22ceaceb118f64edc91c
Size/MD5: 171976 9256a9eaec5e17cd6cf1e3e69c98aa0a
Size/MD5: 295280 9cdd48c40b695263a367a31ff22eeffd
Size/MD5: 198684 b72475c826853f2676a5518c7e702bf7
Size/MD5: 3022878 daf5169e99a2cbf25e5a613afee0b296
Size/MD5: 685600 6a005aa69ab71ea33782c39c69523907
Size/MD5: 566298 df459621574a04c48f2c2972777a50db
Size/MD5: 166520 24fd6273ebffe0af3f090e765238704f
Size/MD5: 159724 3a833dff1a65ab9923e9acfb040404de
Size/MD5: 161096 1a765c8eb3d6ebedcfd2e1efe847cf07
Size/MD5: 595268 14f544386e5076a6e57088b354c5646d

powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 152324 cf9f10cdecdd03d1f66b4445bf382493
Size/MD5: 339216 e505f08a27c1bbe13799102fb28d7262
Size/MD5: 172726 ed879da2529805b3c98287d4a3e8618d
Size/MD5: 176224 8484c967f7c60fd6de2621fb1c9a4495
Size/MD5: 301178 83a59bf08f5d39112d7be624dd3053e7
Size/MD5: 202196 24f20882e7da00e4f95d32c4d27d2d73
Size/MD5: 3513706 bc11d0427377123d8cbdb96e4926a9f6
Size/MD5: 757604 68b6a354f07899ad3788e6bf5ef2f176
Size/MD5: 627768 8ae27c8bde7c932003a1e62d7e96b42d
Size/MD5: 168034 0c4af8a8ec36ba3ebf72c4752242fe84
Size/MD5: 162468 9886e8b0145ac3a4e36d66e3dda5d7b6
Size/MD5: 163372 c4604a840871721420e5e19f1bc9a65d
Size/MD5: 595298 aec97a7928a0d84b4197eb868b354a43

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.2.2 (GNU/Linux)


Printed from Linux Compatible (