Security Advisory Updated Red Hat Database packages available

Advisory: RHSA-2002:149-16
Type: Security Advisory
Severity: N/A
Issued on: 2002-07-22
Last updated on: 2002-08-19
Affected Products: Red Hat Database 7.1
OVAL: N/A
CVEs (cve.mitre.org): CVE-2002-0802

Details

Updated Red Hat Database packages are available. These packages correct
several bugs and a security vulnerability.

Versions of PostgreSQL 6.5.x to 7.1.3 are vulnerable to a security issue.

Due to a bug in PostgreSQL's multi-byte support, users of any database
client application that builds database queries from user input may enable
a user to cause the database server to execute arbitrary SQL commands. Red
Hat Database 7.1 is based on PostgreSQL 7.1 and is vulnerable to this
attack. Details of the vulnerability are as follows:

If a client using a character encoding other than SQL_ASCII passes a query
to a multi-byte enabled database server using the default SQL_ASCII
encoding, then any character in the query string not representable by the
SQL_ASCII encoding will cause the character immediately following the
unrepresentable character to be lost during character set conversion.

Some applications form their SQL queries by populating a template query
with text input from the user. This character conversion bug can be used by
an attacker to suppress characters in the application's template query
string and force user input components of a database query to be
interpreted only as literal text. It is then possible for the user input
data to be interpreted as query text, resulting in the execution of
arbitrary SQL.

Red Hat Database 7.1 shipped with a vulnerable version of PostgreSQL and
has multi-byte support enabled by default. This update incorporates the
patch for this issue as provided by Tatsuo Ishii on the pgsql-hackers
mailing list.

This update also contains fixes for several PostgreSQL bugs, including
problems related to write-ahead logging (WAL) of sequences,
backup with pg_dump of user defined aggregates that have a null initial
condition, and handling of long literals in plpgsql.

All users of Red Hat Database are advised to apply this update to remedy
the outlined vulnerability.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Database 7.1
SRPMS:
rh-postgresql-7.1.3-8.src.rpm     30d8f3c4f928c1609431c8e994cf50db
 
IA-32:
rh-postgresql-7.1.3-8.i386.rpm     0b8025926c854fece199869fbafeac68
rh-postgresql-contrib-7.1.3-8.i386.rpm     8bab3ff2449c970b8f118b4d9fc09d7b
rh-postgresql-devel-7.1.3-8.i386.rpm     e8487ef04c0928fba037294ba9ac466b
rh-postgresql-docs-7.1.3-8.i386.rpm     e45434b1267dbbe3431f4554cb6a31a6
rh-postgresql-jdbc-7.1.3-8.i386.rpm     304e6811822ae4cb8eba34b1d3f0f69c
rh-postgresql-libs-7.1.3-8.i386.rpm     b79bde07b71f5babd07fe2684a968105
rh-postgresql-odbc-7.1.3-8.i386.rpm     d4f7771ccc82d297514816d61803627b
rh-postgresql-perl-7.1.3-8.i386.rpm     541c8d8a7eb63649738ec7132e6d917a
rh-postgresql-python-7.1.3-8.i386.rpm     ff5440f2f71e20df0f42f53d5fd4dc08
rh-postgresql-server-7.1.3-8.i386.rpm     f4087faf9939034b99c8d629fdf552a2
rh-postgresql-tcl-7.1.3-8.i386.rpm     8c9c491122ab4d76db22f2b8dc059fd2
rh-postgresql-test-7.1.3-8.i386.rpm     17ce7d09573fdac1f65bf443d6cc4ca2
rh-postgresql-tk-7.1.3-8.i386.rpm     14ff75218aece923d4af0eb28513a775
 
(The unlinked packages above are only available from the Red Hat Network)

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0802
http://marc.theaimsgroup.com/?l=postgresql-general&m=102032794322362
http://archives.postgresql.org/pgsql-hackers/2002-05/msg00039.php

Keywords

multi-byte, PostgreSQL, RHDB, SQL_ASCII

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/