Рекомендация Debian по безопасности

DSA-397-1 postgresql -- переполнение буфера

Дата сообщения:

07.11.2003

Затронутые пакеты:

postgresql

Уязвим:

Да

Ссылки на базы данных по безопасности:

В базе данных Bugtraq (на SecurityFocus): Идентификатор BugTraq 8741.
В каталоге Mitre CVE: CVE-2003-0901.

Более подробная информация:

Том Лэйн (Tom Lane) обнаружил возможность переполнения буфера в функции to_ascii в PostgreSQL. Это позволяет удалённому нападающему выполнить произвольный код в системе, где работает база данных.

В стабильном дистрибутиве (woody) эта проблема исправлена в версии 7.2.1-2woody4.

Нестабильный дистрибутив (sid) не содержит этой проблемы.

Мы рекомендуем вам обновить пакет postgresql.

Исправлено в:

Debian GNU/Linux 3.0 (woody)

Исходный код:: http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4.dsc; http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4.diff.gz; http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1.orig.tar.gz
Независимые от архитектуры компоненты:: http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.2.1-2woody4_all.deb
Alpha:: http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_alpha.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_alpha.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_alpha.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_alpha.deb; http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_alpha.deb; http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_alpha.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_alpha.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_alpha.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_alpha.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_alpha.deb; http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_arm.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_arm.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_arm.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_arm.deb; http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_arm.deb; http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_arm.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_arm.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_arm.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_arm.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_arm.deb; http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_i386.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_i386.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_i386.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_i386.deb; http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_i386.deb; http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_i386.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_i386.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_i386.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_i386.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_i386.deb; http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_ia64.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_ia64.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_ia64.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_ia64.deb; http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_ia64.deb; http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_ia64.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_ia64.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_ia64.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_ia64.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_ia64.deb; http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_hppa.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_hppa.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_hppa.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_hppa.deb; http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_hppa.deb; http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_hppa.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_hppa.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_hppa.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_hppa.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_hppa.deb; http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_m68k.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_m68k.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_m68k.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_m68k.deb; http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_m68k.deb; http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_m68k.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_m68k.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_m68k.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_m68k.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_m68k.deb; http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_mips.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_mips.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_mips.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_mips.deb; http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_mips.deb; http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_mips.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_mips.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_mips.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_mips.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_mips.deb; http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_mipsel.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_mipsel.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_mipsel.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_mipsel.deb; http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_mipsel.deb; http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_mipsel.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_mipsel.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_mipsel.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_mipsel.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_mipsel.deb; http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_powerpc.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_powerpc.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_powerpc.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_powerpc.deb; http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_powerpc.deb; http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_powerpc.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_powerpc.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_powerpc.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_powerpc.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_powerpc.deb; http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_s390.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_s390.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_s390.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_s390.deb; http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_s390.deb; http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_s390.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_s390.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_s390.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_s390.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_s390.deb; http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_sparc.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_sparc.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_sparc.deb; http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_sparc.deb; http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_sparc.deb; http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_sparc.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_sparc.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_sparc.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_sparc.deb; http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_sparc.deb; http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_sparc.deb

Контрольные суммы MD5 этих файлов доступны в исходном сообщении.