USN-367-1: Pike vulnerability
Posted on: 10/19/2006 02:20 AM

A new Pike vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-367-1 October 18, 2006
pike7.6 vulnerability
CVE-2006-4041
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 5.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
pike7.6-pg 7.6.13-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

An SQL injection was discovered in Pike's PostgreSQL module. =20
Applications using a PostgreSQL database and uncommon character=20
encodings could be fooled into running arbitrary SQL commands, which=20
could result in privilege escalation within the application, application=20
data exposure, or denial of service.

Please refer to http://www.ubuntu.com/usn/usn-288-1 for more detailled=20
information.


Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/pike7.6/pike7.6_7.6.13-1u=
buntu0.1.diff.gz
Size/MD5: 33641 9cf8608d265816c30f5f604fa6a085eb
http://security.ubuntu.com/ubuntu/pool/main/p/pike7.6/pike7.6_7.6.13-1u=
buntu0.1.dsc
Size/MD5: 1503 f6610676627575bd075b4438dcf26407
http://security.ubuntu.com/ubuntu/pool/main/p/pike7.6/pike7.6_7.6.13.or=
ig.tar.gz
Size/MD5: 7979900 4fb4a8111e8986161579f8187c13f512

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/pike7.6/pike7.6-dev_7.6.1=
3-1ubuntu0.1_all.deb
Size/MD5: 226590 0837073b4efeb38bd85b81f5cd82752d
http://security.ubuntu.com/ubuntu/pool/main/p/pike7.6/pike7.6-doc_7.6.1=
3-1ubuntu0.1_all.deb
Size/MD5: 17166 4a6458eeb774539a7be8f749c8aef786
http://security.ubuntu.com/ubuntu/pool/main/p/pike7.6/pike7.6-manual_7.=
6.13-1ubuntu0.1_all.deb
Size/MD5: 4081894 0542352cd88d41baf409a12ee8f7ff6a
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-meta_=
7.6.13-1ubuntu0.1_all.deb
Size/MD5: 17264 c89ebcf1da22be06083884416db1bb67
http://security.ubuntu.com/ubuntu/pool/main/p/pike7.6/pike7.6-reference=
_7.6.13-1ubuntu0.1_all.deb
Size/MD5: 5543468 f11f83cdaa2341d94d66a9a68539cea4
http://security.ubuntu.com/ubuntu/pool/main/p/pike7.6/pike7.6_7.6.13-1u=
buntu0.1_all.deb
Size/MD5: 17328 bc2e9528b1d347b4611135f6746a48e3

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-bzip2=
_7.6.13-1ubuntu0.1_amd64.deb
Size/MD5: 26784 524734dc76b7f2d83b823ea04adede2c
http://security.ubuntu.com/ubuntu/pool/main/p/pike7.6/pike7.6-core_7.6.=
13-1ubuntu0.1_amd64.deb
Size/MD5: 2504566 8d7bafdd7bd5da0a037fc6dd72d5896c
http://security.ubuntu.com/ubuntu/pool/main/p/pike7.6/pike7.6-gdbm_7.6.=
13-1ubuntu0.1_amd64.deb
Size/MD5: 7898 20a9f03a4cc7858d6fe41f9d807dcc34
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-gl_7.=
6.13-1ubuntu0.1_amd64.deb
Size/MD5: 46996 922c5ad973ce3ee6e12d7b4e9fd35942
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-gtk_7=
=2E6.13-1ubuntu0.1_amd64.deb
Size/MD5: 177272 2f617d45dad2000863ddf0e4f6156761
http://security.ubuntu.com/ubuntu/pool/main/p/pike7.6/pike7.6-image_7.6=
=2E13-1ubuntu0.1_amd64.deb
Size/MD5: 375688 56553800698c6af17e0529f9d3055589
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-mysql=
_7.6.13-1ubuntu0.1_amd64.deb
Size/MD5: 24204 05266a27dea198e4a8ce41dd3cb7db9d
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-odbc_=
7.6.13-1ubuntu0.1_amd64.deb
Size/MD5: 11078 38af730e74c3b4762ea56c1944f9b6b7
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-pcre_=
7.6.13-1ubuntu0.1_amd64.deb
Size/MD5: 26982 c040777a742396d7927b1aa1a16510a9
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-perl_=
7.6.13-1ubuntu0.1_amd64.deb
Size/MD5: 13920 2b58a270c3a05ec676d4a0c9a95bb65b
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-pg_7.=
6.13-1ubuntu0.1_amd64.deb
Size/MD5: 18226 5c8a244cb18f0db31425c5d2e07dea6b
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-sane_=
7.6.13-1ubuntu0.1_amd64.deb
Size/MD5: 10558 c58f84b2b91d8ad2ca8ed56cd9fe4d66
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-sdl_7=
=2E6.13-1ubuntu0.1_amd64.deb
Size/MD5: 40046 698ba11b04180b9678fd28ea44a91dd4
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-svg_7=
=2E6.13-1ubuntu0.1_amd64.deb
Size/MD5: 21570 73b99aa071038b408795bf558700d532

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-bzip2=
_7.6.13-1ubuntu0.1_i386.deb
Size/MD5: 26038 33cfb9daa27f2be541ea15ca354a766c
http://security.ubuntu.com/ubuntu/pool/main/p/pike7.6/pike7.6-core_7.6.=
13-1ubuntu0.1_i386.deb
Size/MD5: 2345406 3bccde928aaf725183e700945402562f
http://security.ubuntu.com/ubuntu/pool/main/p/pike7.6/pike7.6-gdbm_7.6.=
13-1ubuntu0.1_i386.deb
Size/MD5: 6892 d82fa6a9e69100c798589bbf60be9300
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-gl_7.=
6.13-1ubuntu0.1_i386.deb
Size/MD5: 43454 18c14ce8e3d8a9fdce57d59ccf0b11f4
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-gtk_7=
=2E6.13-1ubuntu0.1_i386.deb
Size/MD5: 157982 ce4fa6ce49adbcda87a065033bc22e64
http://security.ubuntu.com/ubuntu/pool/main/p/pike7.6/pike7.6-image_7.6=
=2E13-1ubuntu0.1_i386.deb
Size/MD5: 347378 8c21b64507fca8895eba418a68458670
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-mysql=
_7.6.13-1ubuntu0.1_i386.deb
Size/MD5: 20438 f165dc0b423dfe157f049e8d571fe48f
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-odbc_=
7.6.13-1ubuntu0.1_i386.deb
Size/MD5: 10456 503c2bbfb519b689d54d590fb13ff015
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-pcre_=
7.6.13-1ubuntu0.1_i386.deb
Size/MD5: 26444 4d67d9ca1c5d1ef5b3cda008069219e8
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-perl_=
7.6.13-1ubuntu0.1_i386.deb
Size/MD5: 12644 938262e46ae2c8fe6247524bb4bf300f
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-pg_7.=
6.13-1ubuntu0.1_i386.deb
Size/MD5: 16390 b39ff4d00a981a6bf7256c09b8b82bc1
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-sane_=
7.6.13-1ubuntu0.1_i386.deb
Size/MD5: 9534 1cf017901fac9d2ddd2d2685111fe572
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-sdl_7=
=2E6.13-1ubuntu0.1_i386.deb
Size/MD5: 35238 1732ea63d757083cfbf7db56c2923de1
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-svg_7=
=2E6.13-1ubuntu0.1_i386.deb
Size/MD5: 21232 305e4f8271b3b26c46bcc2ca76dc0ce3

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-bzip2=
_7.6.13-1ubuntu0.1_powerpc.deb
Size/MD5: 28138 48a69bd22fb04761562df0ea9e020ad5
http://security.ubuntu.com/ubuntu/pool/main/p/pike7.6/pike7.6-core_7.6.=
13-1ubuntu0.1_powerpc.deb
Size/MD5: 2455642 b7006d7fe8504704eed012cebd6cc785
http://security.ubuntu.com/ubuntu/pool/main/p/pike7.6/pike7.6-gdbm_7.6.=
13-1ubuntu0.1_powerpc.deb
Size/MD5: 8506 4aaf4c863d8b43d2486294af3ee105d0
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-gl_7.=
6.13-1ubuntu0.1_powerpc.deb
Size/MD5: 51092 49a99c1ed52740a8b69451313ef4b4bb
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-gtk_7=
=2E6.13-1ubuntu0.1_powerpc.deb
Size/MD5: 164228 5b37b48ded275a7818ac3c6d18421da9
http://security.ubuntu.com/ubuntu/pool/main/p/pike7.6/pike7.6-image_7.6=
=2E13-1ubuntu0.1_powerpc.deb
Size/MD5: 384170 42d9ceb09c2e2f7c1e7313359c63a22e
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-mysql=
_7.6.13-1ubuntu0.1_powerpc.deb
Size/MD5: 21986 5c4d2434106fba8eb14eca7162f441d7
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-odbc_=
7.6.13-1ubuntu0.1_powerpc.deb
Size/MD5: 12884 19b544ccbb615a217d6f48e59b121a67
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-pcre_=
7.6.13-1ubuntu0.1_powerpc.deb
Size/MD5: 28542 fc637d29410d809c8516be66fc6b745a
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-perl_=
7.6.13-1ubuntu0.1_powerpc.deb
Size/MD5: 14622 8b04b07e5ff7dcdc849ba54c121a6d39
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-pg_7.=
6.13-1ubuntu0.1_powerpc.deb
Size/MD5: 18484 54d061f36a33019ef59510754d12f3e6
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-sane_=
7.6.13-1ubuntu0.1_powerpc.deb
Size/MD5: 11932 9cc5e318d0ff0e7be4a2f1c35d6a26a6
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-sdl_7=
=2E6.13-1ubuntu0.1_powerpc.deb
Size/MD5: 40242 a3615314bb1872f0ef7809e34b4fc932
http://security.ubuntu.com/ubuntu/pool/universe/p/pike7.6/pike7.6-svg_7=
=2E6.13-1ubuntu0.1_powerpc.deb
Size/MD5: 23146 9de4aa435bb12d2f383df4d2fe7e868b


--nDmTXYS4kVhtHHfR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFNrUNH/9LqRcGPm0RAkGlAJ9d5bTeHoCmg/lzyDmiqwlvo0wXKQCgjf4G
DI8fwiqTUY4tH3rNLNuqRRA=
=cA1y
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_367_1_pike_vulnerability.html)