Updated PostgreSQL packages fix buffer overflow
| Advisory: | RHSA-2003:313-10 |
|---|---|
| Type: | Security Advisory |
| Severity: | N/A |
| Issued on: | 2003-11-13 |
| Last updated on: | 2003-11-13 |
| Affected Products: | Red Hat Linux 7.2 Red Hat Linux 7.3 Red Hat Linux 8.0 Red Hat Linux 9 |
| CVEs (cve.mitre.org): |
CVE-2003-0901 |
Details
Updated PostgreSQL packages that correct a buffer overflow in the to_ascii
routines are now available.
PostgreSQL is an advanced Object-Relational database management system
(DBMS).
Two bugs that can lead to buffer overflows have been found in the
PostgreSQL abstract data type to ASCII conversion routines. A remote
attacker who is able to influence the data passed to the to_ascii functions
may be able to execute arbitrary code in the context of the PostgreSQL
server. These issues affect PostgreSQL 7.2.x, and 7.3.x before 7.3.4.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0901 to these issues.
In addition, a bug that can lead to leaks has been found in the string to
timestamp abstract data type conversion routine. If the input string to
the to_timestamp() routine is shorter than what the template string is
expecting, the routine will run off the end of the input string, resulting
in a leak of previous timestamp behavior and unstable behavior.
Users of PostgreSQL are advised to upgrade to these erratum packages, which
contain backported patches that correct these issues.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
Please note that this update is available via Red Hat Network. To use Red
Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Note that no initdb will be necessary from previous PostgreSQL packages.
relevant to your system have been applied.
Please note that this update is available via Red Hat Network. To use Red
Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Note that no initdb will be necessary from previous PostgreSQL packages.
Updated packages
| Red Hat Linux 7.2 | |
| IA-32: | |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql/7.1.3-5.72/i386/postgresql-7.1.3-5.72.i386.rpm Missing file |
MD5: 7c3a5d6ca1f7f2dd8e72f5b6a8f1f08e |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-contrib/7.1.3-5.72/i386/postgresql-contrib-7.1.3-5.72.i386.rpm Missing file |
MD5: 199e0b350daddc1c5b0a6863a0d594e4 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-devel/7.1.3-5.72/i386/postgresql-devel-7.1.3-5.72.i386.rpm Missing file |
MD5: f598ffaa61d0658bc7a014f726c27eb4 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-docs/7.1.3-5.72/i386/postgresql-docs-7.1.3-5.72.i386.rpm Missing file |
MD5: 76b24489acbefa1d68a85334e9dc75aa |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-jdbc/7.1.3-5.72/i386/postgresql-jdbc-7.1.3-5.72.i386.rpm Missing file |
MD5: a7fbf57b5239a0f0dc1f2090eb9986c4 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-libs/7.1.3-5.72/i386/postgresql-libs-7.1.3-5.72.i386.rpm Missing file |
MD5: 8a0b4bc8cf4a10acaafd77ac07487841 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-odbc/7.1.3-5.72/i386/postgresql-odbc-7.1.3-5.72.i386.rpm Missing file |
MD5: f53828955915f3f85e4bdd9b5ff13100 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-perl/7.1.3-5.72/i386/postgresql-perl-7.1.3-5.72.i386.rpm Missing file |
MD5: 2175a2b30a15ba0fd704f456e89bf620 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-python/7.1.3-5.72/i386/postgresql-python-7.1.3-5.72.i386.rpm Missing file |
MD5: 8daab695f8f792ebc9b6e1f7bb9e4b3e |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-server/7.1.3-5.72/i386/postgresql-server-7.1.3-5.72.i386.rpm Missing file |
MD5: d6dcd736623928aa3bc0c86774fd677e |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-tcl/7.1.3-5.72/i386/postgresql-tcl-7.1.3-5.72.i386.rpm Missing file |
MD5: 0e91e4b7df893387076d854f578899eb |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-tk/7.1.3-5.72/i386/postgresql-tk-7.1.3-5.72.i386.rpm Missing file |
MD5: d221da70f77bcfde3e45db2f5031963f |
| IA-64: | |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql/7.1.3-5.72/ia64/postgresql-7.1.3-5.72.ia64.rpm Missing file |
MD5: a08d75e1e6822ad15ad013c85e6120c7 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-contrib/7.1.3-5.72/ia64/postgresql-contrib-7.1.3-5.72.ia64.rpm Missing file |
MD5: 7e28d5be8e0bd0d818165bec29ada464 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-devel/7.1.3-5.72/ia64/postgresql-devel-7.1.3-5.72.ia64.rpm Missing file |
MD5: 449ecf2e6e4366da0c40ea19cbec9d44 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-docs/7.1.3-5.72/ia64/postgresql-docs-7.1.3-5.72.ia64.rpm Missing file |
MD5: 870a3375a086024dbb39f9045d4a8e5d |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-jdbc/7.1.3-5.72/ia64/postgresql-jdbc-7.1.3-5.72.ia64.rpm Missing file |
MD5: dca82ba0c32af1eeba14d6dd2c5900f1 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-libs/7.1.3-5.72/ia64/postgresql-libs-7.1.3-5.72.ia64.rpm Missing file |
MD5: 7011e7f2a8dc5783a85fb4aac8021318 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-odbc/7.1.3-5.72/ia64/postgresql-odbc-7.1.3-5.72.ia64.rpm Missing file |
MD5: c29108c4f8aa08c10f3abbda7da44e2a |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-perl/7.1.3-5.72/ia64/postgresql-perl-7.1.3-5.72.ia64.rpm Missing file |
MD5: a1de988920b4f4168cf3e5f6e1948d33 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-python/7.1.3-5.72/ia64/postgresql-python-7.1.3-5.72.ia64.rpm Missing file |
MD5: b76c3fdd7fd75022090ab2b3e34f89c5 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-server/7.1.3-5.72/ia64/postgresql-server-7.1.3-5.72.ia64.rpm Missing file |
MD5: 708e6aee14651d95c4545dca0ddb019b |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-tcl/7.1.3-5.72/ia64/postgresql-tcl-7.1.3-5.72.ia64.rpm Missing file |
MD5: c6534b3683ae56c26f2dd7cddcf18850 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-tk/7.1.3-5.72/ia64/postgresql-tk-7.1.3-5.72.ia64.rpm Missing file |
MD5: 955f17c80ebfcca0d47a51b4b673cc49 |
| Red Hat Linux 7.3 | |
| SRPMS: | |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql/7.2.4-5.73/SRPMS/postgresql-7.2.4-5.73.src.rpm Missing file |
MD5: 14ea1e277128556a0917ff80f0100c41 |
| IA-32: | |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql/7.2.4-5.73/i386/postgresql-7.2.4-5.73.i386.rpm Missing file |
MD5: abd2341cc0b8f427f0f84c8ce6f7710e |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-contrib/7.2.4-5.73/i386/postgresql-contrib-7.2.4-5.73.i386.rpm Missing file |
MD5: 602a38f5dbd6b3a6f28c24316302d054 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-devel/7.2.4-5.73/i386/postgresql-devel-7.2.4-5.73.i386.rpm Missing file |
MD5: d6bcea09edb4a5f2b4e359aec148fac6 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-docs/7.2.4-5.73/i386/postgresql-docs-7.2.4-5.73.i386.rpm Missing file |
MD5: 3676c768fd98d65afaa36cf87a425f52 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-jdbc/7.2.4-5.73/i386/postgresql-jdbc-7.2.4-5.73.i386.rpm Missing file |
MD5: 7fd081b51a0f58d4fe0cb0c9ab9f75cf |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-libs/7.2.4-5.73/i386/postgresql-libs-7.2.4-5.73.i386.rpm Missing file |
MD5: 18783f38869468526aa6b08f3a83be20 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-odbc/7.2.4-5.73/i386/postgresql-odbc-7.2.4-5.73.i386.rpm Missing file |
MD5: 0a8755748029b7a00cd72fdd983cd393 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-perl/7.2.4-5.73/i386/postgresql-perl-7.2.4-5.73.i386.rpm Missing file |
MD5: 838689dc075829db6daa31008bcf023f |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-python/7.2.4-5.73/i386/postgresql-python-7.2.4-5.73.i386.rpm Missing file |
MD5: f9ba380c5ffb8d60ea3a3a56a058a026 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-server/7.2.4-5.73/i386/postgresql-server-7.2.4-5.73.i386.rpm Missing file |
MD5: f7c597c8a1e570b05cc2e96aaff36976 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-tcl/7.2.4-5.73/i386/postgresql-tcl-7.2.4-5.73.i386.rpm Missing file |
MD5: 5953fa3fb0b5c9b60995fea6f4d7a0bc |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-test/7.2.4-5.73/i386/postgresql-test-7.2.4-5.73.i386.rpm Missing file |
MD5: 9ed994f7a7bb893ad7231e9f061d6096 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-tk/7.2.4-5.73/i386/postgresql-tk-7.2.4-5.73.i386.rpm Missing file |
MD5: eecaf538b82017ef9d9477e705dfe43e |
| Red Hat Linux 8.0 | |
| SRPMS: | |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql/7.2.4-5.80/SRPMS/postgresql-7.2.4-5.80.src.rpm Missing file |
MD5: 41ddf2310b09192ece222c63db493bed |
| IA-32: | |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql/7.2.4-5.80/i386/postgresql-7.2.4-5.80.i386.rpm Missing file |
MD5: 10db84d5b83030a2e067863409c1483b |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-contrib/7.2.4-5.80/i386/postgresql-contrib-7.2.4-5.80.i386.rpm Missing file |
MD5: 355456728b812be50b511ac5ae5463cc |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-devel/7.2.4-5.80/i386/postgresql-devel-7.2.4-5.80.i386.rpm Missing file |
MD5: 2030c7cbaf2f6d9e7f8e418d85a5ae60 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-docs/7.2.4-5.80/i386/postgresql-docs-7.2.4-5.80.i386.rpm Missing file |
MD5: 9d6573e6a1a28b3b49bcda3623bef83c |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-jdbc/7.2.4-5.80/i386/postgresql-jdbc-7.2.4-5.80.i386.rpm Missing file |
MD5: aba014dc312cb5f7456d9b95127d9c2d |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-libs/7.2.4-5.80/i386/postgresql-libs-7.2.4-5.80.i386.rpm Missing file |
MD5: ef7265999840169355faa8e1154d589c |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-odbc/7.2.4-5.80/i386/postgresql-odbc-7.2.4-5.80.i386.rpm Missing file |
MD5: 10f6deacdcf4a8a0c0c033b339dd303f |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-perl/7.2.4-5.80/i386/postgresql-perl-7.2.4-5.80.i386.rpm Missing file |
MD5: 10266423863102563567bbc0a938d513 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-python/7.2.4-5.80/i386/postgresql-python-7.2.4-5.80.i386.rpm Missing file |
MD5: 6918680b05f07654ca75996555df4d1d |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-server/7.2.4-5.80/i386/postgresql-server-7.2.4-5.80.i386.rpm Missing file |
MD5: f0fbf27d2057e2eb89fb50dd8ec2f98f |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-tcl/7.2.4-5.80/i386/postgresql-tcl-7.2.4-5.80.i386.rpm Missing file |
MD5: 1a55f8dd7106b2986cad8a0a1160d6af |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-test/7.2.4-5.80/i386/postgresql-test-7.2.4-5.80.i386.rpm Missing file |
MD5: cd10624a6f4a4d23e9d4d689972bb139 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-tk/7.2.4-5.80/i386/postgresql-tk-7.2.4-5.80.i386.rpm Missing file |
MD5: acfcdc841d428c6546f5394906a8f488 |
| Red Hat Linux 9 | |
| SRPMS: | |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql/7.3.4-3.rhl9/SRPMS/postgresql-7.3.4-3.rhl9.src.rpm Missing file |
MD5: ea813d6b53f8d59a68409c6ef567be2f |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql72/1-4.rhl9/SRPMS/postgresql72-1-4.rhl9.src.rpm Missing file |
MD5: 9fce9c3b0b03ff17d7c4e07adcd5e586 |
| IA-32: | |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql/7.3.4-3.rhl9/i386/postgresql-7.3.4-3.rhl9.i386.rpm Missing file |
MD5: a04d50e0d624f303757838666c330694 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-contrib/7.3.4-3.rhl9/i386/postgresql-contrib-7.3.4-3.rhl9.i386.rpm Missing file |
MD5: 5ea368b9969bc8398304e30565ff9eea |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-devel/7.3.4-3.rhl9/i386/postgresql-devel-7.3.4-3.rhl9.i386.rpm Missing file |
MD5: 714c16b8231b455751313a39adf62551 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-docs/7.3.4-3.rhl9/i386/postgresql-docs-7.3.4-3.rhl9.i386.rpm Missing file |
MD5: 4abc44081cc8a7b3990ac56381d05695 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-jdbc/7.3.4-3.rhl9/i386/postgresql-jdbc-7.3.4-3.rhl9.i386.rpm Missing file |
MD5: 8f74c8789290e339f978dfdd2ca31e98 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-libs/7.3.4-3.rhl9/i386/postgresql-libs-7.3.4-3.rhl9.i386.rpm Missing file |
MD5: f466ae466664eb36444660405d6d0356 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-pl/7.3.4-3.rhl9/i386/postgresql-pl-7.3.4-3.rhl9.i386.rpm Missing file |
MD5: a1408c200bbe537636cb220c675f9e00 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-python/7.3.4-3.rhl9/i386/postgresql-python-7.3.4-3.rhl9.i386.rpm Missing file |
MD5: f835b6362b70f5feda9badb3658f32d2 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-server/7.3.4-3.rhl9/i386/postgresql-server-7.3.4-3.rhl9.i386.rpm Missing file |
MD5: 8295e804046d6817c59eccdfa69bb44b |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-tcl/7.3.4-3.rhl9/i386/postgresql-tcl-7.3.4-3.rhl9.i386.rpm Missing file |
MD5: 8cf2d9dc83d75423dade021d6f791722 |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql-test/7.3.4-3.rhl9/i386/postgresql-test-7.3.4-3.rhl9.i386.rpm Missing file |
MD5: 514ebe0beda8da4446fda4cb4b221bbe |
| ftp://updates.redhat.com/rhn/repository/NULL/postgresql72-libs/1-4.rhl9/i386/postgresql72-libs-1-4.rhl9.i386.rpm Missing file |
MD5: bbfb1a97b62ecb8f8f653c3b1bff5d65 |
Bugs fixed (see bugzilla for more information)
108079 - CAN-2003-0901 PostgreSQL To_Ascii() Buffer Overflow Vulnerability
109068 - to_timestamp not stable if date string shorter than template
References
https://www.redhat.com/security/data/cve/CVE-2003-0901.html
http://www.securityfocus.com/bid/8741
http://archives.postgresql.org/pgsql-bugs/2003-09/msg00014.php
http://www.securityfocus.com/bid/8741
http://archives.postgresql.org/pgsql-bugs/2003-09/msg00014.php
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
