Ubuntu: PostgreSQL vulnerabilities

    Date24 Oct 2006
    CategoryUbuntu
    2756
    Posted ByLinuxSecurity Advisories
    Michael Fuhr discovered an incorrect type check when handling unknown literals. By attempting to coerce such a literal to the ANYARRAY type, a local authenticated attacker could cause a server crash. Josh Drake and Alvaro Herrera reported a crash when using aggregate functions in UPDATE statements. A local authenticated attacker could exploit this to crash the server backend. This update disables this construct, since it is not very well defined and forbidden by the SQL standard.
    =========================================================== 
    Ubuntu Security Notice USN-369-1           October 24, 2006
    postgresql-8.1 vulnerabilities
    http://www.postgresql.org/about/news.664
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      postgresql-8.1                           8.1.4-0ubuntu1.1
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    Michael Fuhr discovered an incorrect type check when handling unknown
    literals. By attempting to coerce such a literal to the ANYARRAY type,
    a local authenticated attacker could cause a server crash.
    
    Josh Drake and Alvaro Herrera reported a crash when using aggregate
    functions in UPDATE statements. A local authenticated attacker could
    exploit this to crash the server backend. This update disables this
    construct, since it is not very well defined and forbidden by the SQL
    standard.
    
    Sergey Koposov discovered a flaw in the duration logging. This could
    cause a server crash under certain circumstances.
    
    Please note that these flaws can usually not be exploited through web
    and other applications that use a database and are exposed to
    untrusted input, so these flaws do not pose a threat in usual setups.
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.1.diff.gz
          Size/MD5:    27049 3275e9b9ba9270f02f6d71171b85b770
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.1.dsc
          Size/MD5:     1115 26f7be0a7abbf8d2dd43fcecb2e68c03
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4.orig.tar.gz
          Size/MD5: 11312643 c6554a0ef948ab2b18b617954e1788fe
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.4-0ubuntu1.1_all.deb
          Size/MD5:  1441006 6d07fb48179222edcddb101cfa38bdd0
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon)
    
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1.1_amd64.deb
          Size/MD5:   151896 205c5bdfaa12cd1aa742f8a60175d53d
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1.1_amd64.deb
          Size/MD5:   343924 057a190fd02625da8233ea8c0bbffd6d
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1.1_amd64.deb
          Size/MD5:   172408 77edbd84b4aa4a01a47228f56d7ea964
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1.1_amd64.deb
          Size/MD5:   174232 00f4dbac0e143d9838d956369a506902
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1.1_amd64.deb
          Size/MD5:   307126 fa5f041925179d150007ca2c69cebad1
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1.1_amd64.deb
          Size/MD5:   205670 01d775b51f26406da91c6a520afe98dd
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.1_amd64.deb
          Size/MD5:  3219066 e7194032e664f5ff0461a03daedb4b5e
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1.1_amd64.deb
          Size/MD5:   757916 68b70373e91ca1b8ba79c6af8903d79f
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1.1_amd64.deb
          Size/MD5:   612178 11c0024eeeaa10a493dc7a93fab4c8af
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1.1_amd64.deb
          Size/MD5:   168686 4481591c9c1546ac1e9c9469f72c01f9
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1.1_amd64.deb
          Size/MD5:   162830 3ecd7f7ce9d4557e2b5a1a10426f03e4
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1.1_amd64.deb
          Size/MD5:   162864 309430e8b0429106fe0e45c75367844c
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1.1_amd64.deb
          Size/MD5:   595544 b11942b89fa3b2ad608647d8a98a2be0
    
      i386 architecture (x86 compatible Intel/AMD)
    
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1.1_i386.deb
          Size/MD5:   150812 4bac344dce1360a88d264f6a71872e69
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1.1_i386.deb
          Size/MD5:   333798 1907cd200c5976e80af2bd729ea026ac
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1.1_i386.deb
          Size/MD5:   169958 0b827b9d91f57be097338a0fea176992
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1.1_i386.deb
          Size/MD5:   172324 2b084295d3e060182a15ce1560ac966c
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1.1_i386.deb
          Size/MD5:   295620 f0e9ebf62066a7c50ee5f52683e0bf40
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1.1_i386.deb
          Size/MD5:   198984 2d576dafba8b5c32ed51863595bfb003
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.1_i386.deb
          Size/MD5:  3023812 d8ec704219963643050a2db8aea2c691
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1.1_i386.deb
          Size/MD5:   685892 a66a8c0ed87d16d3b7cda2c0c70928df
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1.1_i386.deb
          Size/MD5:   566660 85ad72f78a8044ba700f582543bb6170
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1.1_i386.deb
          Size/MD5:   166876 34fc0f26fc0edf0153f6c81c18583e60
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1.1_i386.deb
          Size/MD5:   160064 39a68acfc3280d5829f33ce75bdd8b80
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1.1_i386.deb
          Size/MD5:   161452 bc0e65eb341e682b9e0b2ed1a3fbebd2
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1.1_i386.deb
          Size/MD5:   595526 0aed210b381749b051e80b717d61b2a1
    
      powerpc architecture (Apple Macintosh G3/G4/G5)
    
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1.1_powerpc.deb
          Size/MD5:   152698 f7497bf93146c5c96b707970fdb4cb54
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1.1_powerpc.deb
          Size/MD5:   339584 384ecc6a67f51f869b18e85ef92cf25c
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1.1_powerpc.deb
          Size/MD5:   173074 3cb3df27521b1a1f7b402487648586a2
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1.1_powerpc.deb
          Size/MD5:   176582 8770577b4479a99ed20aa8476d81fa44
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1.1_powerpc.deb
          Size/MD5:   301524 723e9dd51237bfee94e113c672f00213
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1.1_powerpc.deb
          Size/MD5:   202536 cf33010091ffc82019caf03ecee1bbdf
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.1_powerpc.deb
          Size/MD5:  3514204 8e41d7895a09d422722ed8d2c8dc1816
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1.1_powerpc.deb
          Size/MD5:   758032 7ca3df1a2ecc194b4dba7fbb0a31814e
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1.1_powerpc.deb
          Size/MD5:   628182 7a56a1d399c822658f7c92fcd7068ef3
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1.1_powerpc.deb
          Size/MD5:   168388 24bd465dec5e84e72dfe714eb687d21b
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1.1_powerpc.deb
          Size/MD5:   162798 620146d96fc475504312ee2291a906d2
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1.1_powerpc.deb
          Size/MD5:   163734 df2db1a9405a386ba3493f1bd0df5909
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1.1_powerpc.deb
          Size/MD5:   595558 2ff367dbfe47b1cdc81ebd856c06eb2c
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1.1_sparc.deb
          Size/MD5:   150634 f21b1b3637bfe947f917f376cdb37ad1
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1.1_sparc.deb
          Size/MD5:   331060 7edee20954baed134ffdbef3622f6ba0
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1.1_sparc.deb
          Size/MD5:   170658 3cc784c7f7ce1f606120415e8c87f22e
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1.1_sparc.deb
          Size/MD5:   171980 9825f5f79bffa6c3ec9e2f927f8e719c
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1.1_sparc.deb
          Size/MD5:   297644 e4423f6757eb6763b9130845f52ad5f5
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1.1_sparc.deb
          Size/MD5:   199242 178738d21528c67c6efe7c40c7e2ac5a
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.1_sparc.deb
          Size/MD5:  3391734 d822c2dc6f3889c7846e37c8aa56160a
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1.1_sparc.deb
          Size/MD5:   714210 8a91f05633f484f125fce2627c7b7555
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1.1_sparc.deb
          Size/MD5:   586882 68c7bd5efa38e01fc9ff94ae73235688
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1.1_sparc.deb
          Size/MD5:   166952 4d0cb8ac8169e9c1b5d9ba711d87ec73
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1.1_sparc.deb
          Size/MD5:   161250 9de70bd33c8a135e4b9f0b2648597507
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1.1_sparc.deb
          Size/MD5:   161886 b9ade5652dd304fcc2201a4c817d9f7a
        http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1.1_sparc.deb
          Size/MD5:   595528 e25414b48356a0dade4e680adbb00ad7
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"38","type":"x","order":"1","pct":52.05,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.7,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.25,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.