From secure@conectiva.com.br Thu Sep 19 19:15:07 2002 From: secure@conectiva.com.br To: conectiva-updates@papaleguas.conectiva.com.br, lwn@lwn.net, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com Date: Thu, 19 Sep 2002 16:18:59 -0300 Subject: [CLA-2002:524] Conectiva Linux Security Announcement - postgresql -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : postgresql SUMMARY : Buffer overflow vulnerabilities DATE : 2002-09-19 16:17:00 ID : CLA-2002:524 RELEVANT RELEASES : 6.0, 7.0, 8 - ------------------------------------------------------------------------- DESCRIPTION Postgresql[1] is a sophisticated relational database which supports almost all SQL constructs, including subselects, transactions and user-defined types and functions. Mordred Labs announced[3][4][5] several vulnerabilities in the postgresql database: - buffer overflow in the rpad() and lpad() functions; - buffer overflow in the repeat() function; - buffer overflow in the cash_words() function; Other vulnerabilities were also fixed[2] by the postgresql developers: - buffer overflow in functions dealing with date/time and timezone; - more buffer overflows, this time in the circle_poly(), path_encode() and path_addr() functions, reported again by . Fixes for these overflows are available only in CVS[6] at this time and were not included in the official 7.2.2 release, but are included in this update. Thanks to Martin Schulze for alerting us about these last-minute fixes. In order to exploit any of these vulnerabilities, it is necessary for the attacker to be able to query the database somehow. Some scenarios where this could happen: - the attacker already has an account in the database server and can execute queries; - for example, web applications which query the database but do not adequately filter form or URL data and are vulnerable to SQL command injection. Whatever the scenario is, it is not possible to directly obtain root privileges through these vulnerabilities, because the postgresql service runs as a non-root user specifically created for it. But it is likely possible to compromise the data in the database and/or execute other attacks after exploring the above vulnerabilities. SOLUTION It is recommended that all postgresql users upgrade their packages. Conectiva Linux 8 was shipped with postgresql 7.2.1, and this update upgrades the packages to version 7.2.2. According to the authors, there is no need to dump the database before upgrading 7.2.1 to 7.2.2. However, this is a recommended practice with every upgrade. Conectiva Linux 7.0 and 6.0 have older versions which have been patched instead to fix these vulnerabilities. IMPORTANT: please restart the service after the upgrade if it was already running. To do so, execute, as root: /sbin/service postgresql restart REFERENCES 1.http://www.postgresql.com 2.http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php 3.http://online.securityfocus.com/archive/1/288305 4.http://online.securityfocus.com/archive/1/288334 5.http://online.securityfocus.com/archive/1/288036 6.http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/geo_ops.c.diff?r1=1.63&r2=1.64 DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/postgresql-7.0.3-11U60_2cl.src.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-7.0.3-11U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-clients-7.0.3-11U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-clients-X11-7.0.3-11U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-devel-7.0.3-11U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-devel-static-7.0.3-11U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-doc-7.0.3-11U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-jdbc-7.0.3-11U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-lib-7.0.3-11U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-odbc-7.0.3-11U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-perl-7.0.3-11U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-python-7.0.3-11U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-tcl-7.0.3-11U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/postgresql-test-7.0.3-11U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/postgresql-7.1.3-1U70_3cl.src.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-7.1.3-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-clients-7.1.3-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-clients-X11-7.1.3-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-contrib-7.1.3-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-devel-7.1.3-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-devel-static-7.1.3-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-doc-7.1.3-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-lib-7.1.3-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-odbc-7.1.3-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-perl-7.1.3-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-python-7.1.3-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-tcl-7.1.3-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-test-7.1.3-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/postgresql-7.2.2-1U80_2cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-7.2.2-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-clients-7.2.2-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-clients-X11-7.2.2-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-contrib-7.2.2-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-devel-7.2.2-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-devel-static-7.2.2-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-doc-7.2.2-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-lib-7.2.2-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-odbc-7.2.2-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-perl-7.2.2-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-python-7.2.2-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-tcl-7.2.2-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-test-7.2.2-1U80_2cl.i386.rpm ADDITIONAL INSTRUCTIONS Users of Conectiva Linux version 6.0 or higher may use apt to perform upgrades of RPM packages: - add the following line to /etc/apt/sources.list if it is not there yet (you may also use linuxconf to do this): rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates (replace 6.0 with the correct version number if you are not running CL6.0) - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en - ------------------------------------------------------------------------- subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9iiMi42jd0JmAcZARAufXAJ91VkSiWf8Y77XWJxtluRONhf2rlQCg65DR jOI0v/myeb0fbHk4xHCs5Fk= =Hzpz -----END PGP SIGNATURE-----