[Technik] [SECURITY] [DSA 1261-1] New PostgreSQL packages fix several vulnerabilities

Noèl Köthe noel at debian.org
Fri Feb 23 09:15:09 CET 2007 

Am Freitag, den 16.02.2007, 00:36 +0100 schrieb Moritz Muehlenhoff:

> Debian Security Advisory DSA 1261-1                    security at debian.org
> http://www.debian.org/security/                         Moritz Muehlenhoff
> February 15th, 2007                     http://www.debian.org/security/faq
> 
> Package        : postgresql
> Vulnerability  : several
> Problem-Type   : remote
> Debian-specific: no
> CVE ID         : CVE-2007-0555

postgresql auf h01, h02, h03, h04 und cupa aktualisiert.

> For the stable distribution (sarge) this problem has been fixed in
> version 7.4.7-6sarge4.

changelog:
postgresql (7.4.7-6sarge4) stable-security; urgency=low

  * SECURITY UPDATE: Read out arbitrary memory locations from the server,
    local DoS.
  * Add debian/patches/60sql_fun_typecheck.patch:
    - Repair insufficiently careful type checking for SQL-language functions.
      Not only can one trivially crash the backend, but with appropriate
      misuse of pass-by-reference datatypes it is possible to read out
      arbitrary locations in the server process's memory, which could allow
      retrieving database content the user should not be able to see.
    - Discovered by Jeff Trout.
    - Patch backported from 7.4.16 from CVS:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/functions.c.diff?r1=1.75.2.1;r2=1.75.2.2
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/optimizer/util/clauses.c.diff?r1=1.154.2.4;r2=1.154.2.5
    - CVE-2007-0555
  * Add debian/patches/61max_utf8_wchar_len.patch:
    - Update various string functions to support the maximum UTF-8 sequence
      length for 4-byte character set to prevent buffer overflows.
    - Patch backported from 7.4.16 from CVS:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/mb/wchar.c.diff?r1=1.34.2.2;r2=1.34.2.3

 -- Martin Pitt <mpitt at debian.org>  Sun,  4 Feb 2007 21:46:34 +0100

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070223/3c1d8e1a/attachment.pgp

More information about the Technik mailing list