USN-79-1: PostgreSQL vulnerabilities
Posted on: 02/10/2005 11:09 AM

New PostgreSQL packages are available for Ubuntu Linux 4.10

==========================================================
Ubuntu Security Notice USN-79-1 February 10, 2005
postgresql vulnerabilities
CAN-2005-0244 CAN-2005-0245 CAN-2005-0246 CAN-2005-0247
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

postgresql
postgresql-contrib

The problem can be corrected by upgrading the affected package to version 7.4.5-3ubuntu0.4. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

The execution of custom PostgreSQL functions can be restricted with the EXECUTE privilege. However, previous versions did not check this privilege when executing a function which was part of an aggregate. As a result, any database user could circumvent the EXECUTE restriction of functions with a particular (but very common) parameter structure by creating an aggregate wrapper around the function. (CAN-2005-0244)

Several buffer overflows have been discovered in the SQL parser. These could be exploited by any database user to crash the PostgreSQL server or execute arbitrary code with the privileges of the server. (CAN-2005-0245, CAN-2005-0247)

Finally, this update fixes a Denial of Service vulnerability of the contributed "intagg" module. By constructing specially crafted arrays, a database user was able to corrupt and crash the PostgreSQL server. (CAN-2005-0246).

Please note that this module is part of the "postgresql-contrib" package, which is not officially supported by Ubuntu.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.4.diff.gz
Size/MD5: 147348 eb787b982a2fce502e8c1c7aa55c3576
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.4.dsc
Size/MD5: 991 30358e2ea343002967cf2f3213b9d1a2
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5.orig.tar.gz
Size/MD5: 9895913 a295885a36ed8e7ec7a7e887218ceabc

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-doc_7.4.5-3ubuntu0.4_all.deb
Size/MD5: 2256436 1c9ed621c3ac0dc2a00b26c58d2a3c07

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 206808 1e9bc9dc3cdc1cf79c9ef599ce265cba
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 91246 5533e6428b30d353bf3526be2829f4f2
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 48944 73a24322ee5588d75bdea7a516df6f77
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 73842 4f0fdbc694b096f09382c65dfb4dd206
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 115736 958218a2a2b8a0dcf0dd6fa770d56b3d
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 518388 b0379cca9944bb2c6982d2f17d279052
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 624558 b79caefd6810cc614417932482bd522e
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 509454 f474b7a6266e89277cbfa61f163b71fd
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.4_amd64.deb
Size/MD5: 3880354 5702813c84b8ed415f84b6256a6b04f6

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 194924 6c938748460c8fcd7b5d37a394263600
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 85752 157dd27476e72f60ee01735801904956
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 47926 b7abfc71a11e604732b6773bce037eac
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 70730 8f25f953703068cc97924c339a5232b8
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 108982 a786da05d2d92418550c108b2565d40d
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 492222 589dff2665eadeb0ea4c2920e5d63a95
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 577778 4a37c5989e0c7bc2ddf31d0e1be7017e
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 502618 68eabd4e511edbc839a33c1b5f549760
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.4_i386.deb
Size/MD5: 3703434 70665efa7b0e107fced12f1dafcceea6

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 203326 4bff9a2f466eeb420a2598479e1863d7
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 92782 3ed41b6926e9ce5291d85a180f10ac2b
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 48680 e82965a2ab2066257c50313d00e73ccd
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 77338 805f090c7abb09954b0f64c55dae69f6
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 109990 2f6a558821fb44058992821a38d3c620
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 511140 7c6f178d64f49f1e9761dba7be2a421a
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 636722 4781ee88b2c58c8eb25921a86b21f4b0
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 506202 1133027e8da57b754ae1ff21d79e923a
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.4_powerpc.deb
Size/MD5: 4103732 6af566d887140b80873568c649ac852a


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_79_1_postgresql_vulnerabilities.html)