LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Trustix alert 2002-0071 (postgresql)



From:
    	      tsl@trustix.com (Trustix Secure Linux Advisor)


To:
    	      tsl-announce@trustix.org


Subject:
    	      TSLSA-2002-0071-postgresql


Date:
    	      Thu, 17 Oct 2002 13:12:56 +0200



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2002-0071

Package name:      postgresql
Summary:           Minor scurity issue
Date:              2002-10-17
Affected versions: TSL 1.5

- --------------------------------------------------------------------------
Package description:
  PostgreSQL is an advanced Object-Relational database management system
  (DBMS) that supports almost all SQL constructs (including
  transactions, subselects and user-defined types and functions). The
  postgresql package includes the client programs and libraries that
  you'll need to access a PostgreSQL DBMS server.  These PostgreSQL
  client programs are programs that directly manipulate the internal
  structure of PostgreSQL databases on a PostgreSQL server. These client
  programs can be located on the same machine with the PostgreSQL
  server, or may be on a remote machine which accesses a PostgreSQL
  server over a network connection. This package contains the docs
  in HTML for the whole package, as well as command-line utilities for
  managing PostgreSQL databases on a PostgreSQL server.

  If you want to manipulate a PostgreSQL database on a remote PostgreSQL
  server, you need this package. You also need to install this package
  if you're installing the postgresql-server package.
  

Problem description:
  Patched to fix the lacking of several integer checks in the code, and the
  existance of several buffer overflow issues.


Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus on
  security and stability, the system is painlessly kept safe and up to date 
  from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.5/>
  or directly at
  <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0071-postgresql.asc.txt>


MD5sums of the packages:
- --------------------------------------------------------------------------
586f96c80d8595409c41b8e74b972033  ./1.5/SRPMS/postgresql-7.1.2-6tr.src.rpm
4f8e9e20f45179177187694ed5c2fabb  ./1.5/RPMS/postgresql-test-7.1.2-6tr.i586.rpm
8a07259292f0f4c8c5a427327dc2abc4  ./1.5/RPMS/postgresql-tcl-7.1.2-6tr.i586.rpm
292f2565fdf68efda67d22ac6dce9657  ./1.5/RPMS/postgresql-server-7.1.2-6tr.i586.rpm
4cf179a96c241c5ce40da4665fec5247  ./1.5/RPMS/postgresql-python-7.1.2-6tr.i586.rpm
63cd354b64ae25d9c4642118f09b3bb8  ./1.5/RPMS/postgresql-plperl-7.1.2-6tr.i586.rpm
386e2248ccac75de5a7bd2eb5b796c01  ./1.5/RPMS/postgresql-perl-7.1.2-6tr.i586.rpm
91ed7435ed867c06cd20a40798c5444a  ./1.5/RPMS/postgresql-odbc-7.1.2-6tr.i586.rpm
1b8b7c200260d3a409ae6d88c390301d  ./1.5/RPMS/postgresql-libs-7.1.2-6tr.i586.rpm
89be836afadb02dca69736a0ae1c63d6  ./1.5/RPMS/postgresql-docs-7.1.2-6tr.i586.rpm
64b904a90827b5b563e13bfd79bd89ef  ./1.5/RPMS/postgresql-devel-7.1.2-6tr.i586.rpm
9fdd8d794b927b1b3c14d7a8a1bd52fd  ./1.5/RPMS/postgresql-contrib-7.1.2-6tr.i586.rpm
621ea197eb074607c2a3a09b798feda9  ./1.5/RPMS/postgresql-7.1.2-6tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9rpbXwRTcg4BxxS0RArVaAJ0Sjk1Hv8gq5O5Lnk2RiZG3En7ijgCfUvaP
jnNmBmUF+DZ1MwChgGzod4g=
=dyMj
-----END PGP SIGNATURE-----

_______________________________________________
tsl-announce mailing list
tsl-announce@trustix.org
http://www.trustix.org/mailman/listinfo.cgi/tsl-announce
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds