USN-71-1: PostgreSQL vulnerability
Posted on: 02/01/2005 11:30 AM

A PostgreSQL security update has been released for Ubuntu Linux 4.10

Ubuntu Security Notice USN-71-1 February 01, 2005
postgresql vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to version 7.4.5-3ubuntu0.2. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

John Heasman discovered a local privilege escalation in the PostgreSQL server. Any user could use the LOAD extension to load any shared library into the PostgreSQL server; the library's initialisation function was then executed with the permissions of the server.

Now the use of LOAD is restricted to the database superuser (usually 'postgres').

Note: Since there is no way for normal database users to create arbitrary files, this vulnerability is not exploitable remotely, e. g. by uploading a shared library in the form of a Binary Large Object (BLOB) to a public web server.

Source archives:
Size/MD5: 144331 061cf00128bc3c1941c72d2eddf56977
Size/MD5: 991 41e775db9e1ed15977b3f4d24c861f36
Size/MD5: 9895913 a295885a36ed8e7ec7a7e887218ceabc

Architecture independent packages:
Size/MD5: 2256210 e7ed26ba038d1fbcf9eb18a4635df708

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 206558 7d450c33ad8832f45a0f57743ca5ac1d
Size/MD5: 90996 3e6974e82554158777071c9f6bde9962
Size/MD5: 48688 0c24596c6dcd9fffdde1a494030287ac
Size/MD5: 73600 1eec6f8812e7d1c8ec94e77c2208a9ec
Size/MD5: 115460 4eda86cf4da1b60166f5cd53256aca97
Size/MD5: 518034 45199e8357f4ea6a196e43e793d07d33
Size/MD5: 624240 59ed8ddaf5370496988324f4f3f45f36
Size/MD5: 509206 40ea9487834de0da7ba0260b16f80ac2
Size/MD5: 3879368 d567092150ef9174531f9ef7eedb9582

i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 194652 e63083e7b68e5facb1095759463304c7
Size/MD5: 85496 b02590e1b40c0d36c964a15c3178f61b
Size/MD5: 47672 848a3c03541c57fb747c8e1a8409e01e
Size/MD5: 70420 8e844642c37fd185e19c8be284a2c93b
Size/MD5: 108692 cb71f14954af869699969808c93d9fcc
Size/MD5: 491886 b47e1d26705e55383183da67a4b505b8
Size/MD5: 577526 00ad106981042d223814f0ed1034aeda
Size/MD5: 502382 54821c8808ade7e2978f02922a6c2b72
Size/MD5: 3703024 4d49d93be88f347ebefe8be89ff3cdd5

powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 202940 9d87386c926643474fdb6b703109db78
Size/MD5: 92520 b99191130ca5ed5474c7c82d1ba9b5cc
Size/MD5: 48424 cee70313e677ff9d3fee835aca786133
Size/MD5: 77096 d6c9229a48c07118df4593fb52262285
Size/MD5: 109698 cdeb831525fd57b7b92d583bdd3f1161
Size/MD5: 510802 a489315d0c0edb6e4a5058d3e5e8e399
Size/MD5: 636382 f8ad13620901007dd7079761e8fee568
Size/MD5: 505916 aa6789978d07d4156d30cda072cc9755
Size/MD5: 4102894 3d4a7b34aef6a70ccfb7e3de3a646643

Printed from Linux Compatible (