LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for August 28, 2008

Fedora, Red Hat, and distributor security

LWN.net Weekly Edition for August 21, 2008

Standards, the kernel, and Postfix

In defense of Ubuntu

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Trustix alert 2003-0040 (postgresql)



From:
    	      Trustix Security Advisor <tsl@trustix.org>


To:
    	      tsl-announce@trustix.org


Subject:
    	      TSLSA-2003-0040 - postgresql


Date:
    	      Mon, 17 Nov 2003 14:21:14 +0100



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2003-0040

Package name:      postgresql
Summary:           CAN-2003-0901
Date:              2003-11-15
Affected versions: TSL 1.2, 1.5, 2.0

- --------------------------------------------------------------------------
Package description:
  PostgreSQL is an advanced Object-Relational database management system (DBMS)
  that supports almost all SQL constructs (including transactions, subselects
  and user-defined types and functions). The postgresql package includes the
  client programs and libraries that you'll need to access a PostgreSQL DBMS
  server. These PostgreSQL client programs are programs that directly
  manipulate the internal structure of PostgreSQL databases on a PostgreSQL
  server. These client programs can be located on the same machine with the
  PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL
  server over a network connection. This package contains the docs in HTML for
  the whole package, as well as command-line utilities for managing PostgreSQL
  databases on a PostgreSQL server.If you want to manipulate a PostgreSQL
  database on a remote PostgreSQL server, you need this package. You also need
  to install this package if you're installing the postgresql-server package.

Problem description:
  Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4,
  allows remote attackers to execute arbitrary code.


Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All TSL updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://tsldev.trustix.org/cloud/>

  You may also use swup for public testing of updates:
  
  site {
      class = 0
      location = "http://tsldev.trustix.org/cloud/rdfs/latest.rdf"
      regexp = ".*"
  }
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-1.2/>,
  <URI:http://www.trustix.org/errata/trustix-1.5/> and
  <URI:http://www.trustix.org/errata/trustix-2.0/>
  or directly at
  <URI:http://www.trustix.org/errata/misc/2003/TSL-2003-0040-postgresql.asc.txt>


MD5sums of the packages:
- --------------------------------------------------------------------------
b98e88fc66eb02c085075bd6f23ae6be  ./2.0/srpms/postgresql-7.3.4-1tr.src.rpm
14df86f37ca7534ed529a152e97e2fba  ./2.0/rpms/postgresql-test-7.3.4-1tr.i586.rpm
138bcb03c36dd402badf578fcf386d91  ./2.0/rpms/postgresql-tcl-7.3.4-1tr.i586.rpm
a184acc8e07ec2e40999ad1ed19f5cb3  ./2.0/rpms/postgresql-server-7.3.4-1tr.i586.rpm
1e4ce755150bae4f91bee674905b0a1e  ./2.0/rpms/postgresql-python-7.3.4-1tr.i586.rpm
6fe87116f461239314db48f756d25b96  ./2.0/rpms/postgresql-plperl-7.3.4-1tr.i586.rpm
13c0ff0af19acefc4d3a31784e499a66  ./2.0/rpms/postgresql-libs-7.3.4-1tr.i586.rpm
2b7c3a3133820736d81c027811b3c433  ./2.0/rpms/postgresql-jdbc-7.3.4-1tr.i586.rpm
c5042f68830f257a1a5448a8faa80cd8  ./2.0/rpms/postgresql-docs-7.3.4-1tr.i586.rpm
c2bc4e2f38ab94fdf5074766f2a3ac22  ./2.0/rpms/postgresql-devel-7.3.4-1tr.i586.rpm
68821641cad1b9f98967cb312fd3447a  ./2.0/rpms/postgresql-contrib-7.3.4-1tr.i586.rpm
2de02325830cdb9544905ba18c76e3f7  ./2.0/rpms/postgresql-7.3.4-1tr.i586.rpm
49132b9542b0ff39110b5704d7ebb976  ./1.5/srpms/postgresql-7.1.3-3tr.src.rpm
ea69d9bdc5136eb873b05aeab6c2e60f  ./1.5/rpms/postgresql-test-7.1.3-3tr.i586.rpm
743583991db2b8ddfda747ec6013d1a3  ./1.5/rpms/postgresql-tcl-7.1.3-3tr.i586.rpm
7cef11a3c73949fcd70ff995fef733e1  ./1.5/rpms/postgresql-server-7.1.3-3tr.i586.rpm
8abfdcf350e867168adbabf0cd3cdb01  ./1.5/rpms/postgresql-python-7.1.3-3tr.i586.rpm
ef4e71020854dad6805cdc022eedaa2b  ./1.5/rpms/postgresql-plperl-7.1.3-3tr.i586.rpm
1fe7c813dc98dea7843a4d7ee89074ba  ./1.5/rpms/postgresql-perl-7.1.3-3tr.i586.rpm
32989a8bcd72c776d29c71f41508c7f6  ./1.5/rpms/postgresql-odbc-7.1.3-3tr.i586.rpm
47ecedeb4898979c659c27d8ac3f3970  ./1.5/rpms/postgresql-libs-7.1.3-3tr.i586.rpm
0b14985164631f86c1b99646ee804e3e  ./1.5/rpms/postgresql-docs-7.1.3-3tr.i586.rpm
fe396eacc1c3f609acbb69930ec0c715  ./1.5/rpms/postgresql-devel-7.1.3-3tr.i586.rpm
13c1637a4f4637d5d36275fe68167529  ./1.5/rpms/postgresql-contrib-7.1.3-3tr.i586.rpm
82ae32fb7cfe6bbbd92bb3fa5084fa56  ./1.5/rpms/postgresql-7.1.3-3tr.i586.rpm
49132b9542b0ff39110b5704d7ebb976  ./1.2/srpms/postgresql-7.1.3-3tr.src.rpm
8b02b4e0b2c295f0d890c6b29ac3adb0  ./1.2/rpms/postgresql-test-7.1.3-3tr.i586.rpm
a98553a597da2d40e0deb8e08aa699eb  ./1.2/rpms/postgresql-tcl-7.1.3-3tr.i586.rpm
f7924346ec5aeaa8bcbe9dd5cea08236  ./1.2/rpms/postgresql-server-7.1.3-3tr.i586.rpm
3c537cab9eac415eb42fb80c49b3b52c  ./1.2/rpms/postgresql-python-7.1.3-3tr.i586.rpm
91bd361d0994f780f12c283b56328e00  ./1.2/rpms/postgresql-plperl-7.1.3-3tr.i586.rpm
218d579590dc90be00de163dcc3d1466  ./1.2/rpms/postgresql-perl-7.1.3-3tr.i586.rpm
423c06317148f102471bd0510d4bffae  ./1.2/rpms/postgresql-odbc-7.1.3-3tr.i586.rpm
841ede130c3eeaef3bdb4ac67500455d  ./1.2/rpms/postgresql-libs-7.1.3-3tr.i586.rpm
7e002483736bf60e0585b162dbf102f4  ./1.2/rpms/postgresql-docs-7.1.3-3tr.i586.rpm
5b832b13a918929de56a94e4fb8c885e  ./1.2/rpms/postgresql-devel-7.1.3-3tr.i586.rpm
290c4fcb8772dc9706dce4db33c138a7  ./1.2/rpms/postgresql-contrib-7.1.3-3tr.i586.rpm
a459808605ebc80c81dd1ebba37b0049  ./1.2/rpms/postgresql-7.1.3-3tr.i586.rpm
- --------------------------------------------------------------------------


TSL Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/tnJKi8CEzsK9IksRAhhgAJ9ZOp/K/hSV+u7DVrEYCP7YOvzQvACfWmic
uNXFdr7Sy/w5ZRzT6T/TDhY=
=CCjh
-----END PGP SIGNATURE-----
_______________________________________________
tsl-announce mailing list
tsl-announce@tawie.org
http://www.tawie.org/mailman/listinfo/tsl-announce
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds