-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : postgresql
SUMMARY : Buffer overflow vulnerability
DATE : 2003-11-13 14:59:00
ID : CLA-2003:784
RELEVANT
RELEASES : 7.0, 8, 9

- ------------------------------------------------------------------------
-

DESCRIPTION
PostgreSQL[1] is a sophisticated relational database which supports
almost all SQL constructs, including subselects, transactions and
user-defined types and functions.

Guido Notari reported a buffer overflow vulnerability[2][3] in the
to_ascii() function that could possibly be used by attackers to
execute arbitrary code. This vulnerability was fixed by Tom Lane who,
later on, according to CVS changelogs[4], found another buffer
overflow problem in the same function which was also fixed.

SOLUTION
It is recommended that all PostgreSQL users upgrade their packages.
After the upgrade, it is necessary to manually restart the postgresql
service if it was already running. To do so, run the following
command as root:

/sbin/service postgresql restart


REFERENCES
1.http://www.postgresql.com/
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0901
3.http://www.securityfocus.com/bid/8741
4.http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/ut
ils/adt/ascii.c

UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/postgresql-7.1.3-1U70_4cl.
src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-7.1.3-1U70_4cl.i
386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-clients-7.1.3-1U
70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-clients-X11-7.1.
3-1U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-contrib-7.1.3-1U
70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-devel-7.1.3-1U70
_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-devel-static-7.1
.3-1U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-doc-7.1.3-1U70_4
cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-lib-7.1.3-1U70_4
cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-odbc-7.1.3-1U70_
4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-perl-7.1.3-1U70_
4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-python-7.1.3-1U7
0_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-tcl-7.1.3-1U70_4
cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/postgresql-test-7.1.3-1U70_
4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/postgresql-7.2.4-1U80_2cl.sr
c.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-7.2.4-1U80_2cl.i38
6.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-clients-7.2.4-1U80
_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-clients-X11-7.2.4-
1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-contrib-7.2.4-1U80
_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-devel-7.2.4-1U80_2
cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-devel-static-7.2.4
-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-doc-7.2.4-1U80_2cl
.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-lib-7.2.4-1U80_2cl
.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-odbc-7.2.4-1U80_2c
l.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-perl-7.2.4-1U80_2c
l.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-python-7.2.4-1U80_
2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-tcl-7.2.4-1U80_2cl
.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/postgresql-test-7.2.4-1U80_2c
l.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/postgresql-7.3.2-27694U90_1c
l.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/postgresql-7.3.2-27694U90_1cl
.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/postgresql-charset-addons-7.3
.2-27694U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/postgresql-clients-7.3.2-2769
4U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/postgresql-contrib-7.3.2-2769
4U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/postgresql-devel-7.3.2-27694U
90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/postgresql-devel-static-7.3.2
-27694U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/postgresql-doc-7.3.2-27694U90
_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/postgresql-libecpg3.4-7.3.2-2
7694U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/postgresql-libpq3-7.3.2-27694
U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/postgresql-perl-7.3.2-27694U9
0_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/postgresql-python-7.3.2-27694
U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/postgresql-tcl-7.3.2-27694U90
_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/postgresql-test-7.3.2-27694U9
0_1cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

- run: apt-get update
- after that, execute: apt-get upgrade

Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- ------------------------------------------------------------------------
-
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- ------------------------------------------------------------------------
-
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- ------------------------------------------------------------------------
-
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com

- ------------------------------------------------------------------------
-
subscribe: conectiva-updates-subscribe (at) papaleguas.conectiva.com (dot) br [email concealed]
unsubscribe: conectiva-updates-unsubscribe (at) papaleguas.conectiva.com (dot) br [email concealed]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/s7uu42jd0JmAcZARAnmkAKC0x4e7DRL+eaFCBBzdf/HRpXoCEACdHj0L
D1YG9i62q9TrQR3dfdCEtkU=
=iyfY
-----END PGP SIGNATURE-----

[ reply ]