98289 2003-04-10 05:31 /104 rader/ WireX Security <security@wirex.com>
Importerad: 2003-04-10 05:31 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: immunix-announce@immunix.org
Extern mottagare: linsec@lists.seifried.org
Mottagare: Bugtraq (import) <4428>
Ärende: Immunix Secured OS 7+ PostgreSQL update
------------------------------------------------------------
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: postgresql
Affected products: Immunix 7.0, 7+
Bugs fixed: CAN-2002-0972
CAN-2002-1397
CAN-2002-1398
CAN-2002-1400
CAN-2002-1401
CAN-2002-1402
Date: Tue Apr 8 2003
Advisory ID: IMNX-2003-7+-005-01
Author: Alan Olsen <alan@wirex.com>
-----------------------------------------------------------------------
Description:
Multiple vulnerabilities have been discovered in PostgreSQL.
CAN-2002-0972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0972 Buffer
overflows in PostgreSQL 7.2 allow attackers to cause a denial of
service and possibly execute arbitrary code via long arguments to
the functions (1) lpad or (2) rpad.
CAN-2002-1397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1397
Vulnerability in the cash_words() function for PostgreSQL 7.2 and
earlier allows local users to cause a denial of service and
possibly execute arbitrary code via a large negative argument,
possibly triggering an integer signedness error or buffer overflow.
CAN-2002-1398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1398 Buffer
overflow in the date parser for PostgreSQL before 7.2.2 allows
attackers to cause a denial of service and possibly execute
arbitrary code via a long date string, aka a vulnerability "in
handling long datetime input."
CAN-2002-1400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1400
Heap-based buffer overflow in the repeat() function for PostgreSQL
before 7.2.2 allows attackers to execute arbitrary code by causing
repeat() to generate a large string.
CAN-2002-1401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1401 Buffer
overflows in (1) circle_poly, (2) path_encode and (3) path_add
(also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and
earlier allow attackers to cause a denial of service and possibly
execute arbitrary code, possibly as a result of an integer
overflow.
CAN-2002-1402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1402 Buffer
overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables
for PostgreSQL 7.2.1 and earlier allow local users to cause a
denial of service and possibly execute arbitrary code.
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-7.0.2-18.2_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-devel-7.0.2-18.2_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-jdbc-7.0.2-18.2_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-odbc-7.0.2-18.2_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-perl-7.0.2-18.2_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-python-7.0.2-18.2_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-server-7.0.2-18.2_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-tcl-7.0.2-18.2_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-tk-7.0.2-18.2_imnx_1.i386.rpm
Immunix OS 7+ md5sums:
93baa0d9c42efabf50eacc52b4842977
postgresql-7.0.2-18.2_imnx_1.i386.rpm
f3932ce27a695a5e5568b927994dc8be
postgresql-devel-7.0.2-18.2_imnx_1.i386.rpm
1c21fa51b3e24242bc5c9651fb8e1805
postgresql-jdbc-7.0.2-18.2_imnx_1.i386.rpm
8cc120126c031b47068ae2d6d673976c
postgresql-odbc-7.0.2-18.2_imnx_1.i386.rpm
6e12763d405762a6874f0ff2f2a03154
postgresql-perl-7.0.2-18.2_imnx_1.i386.rpm
a8504feff58d0c0adb771e5cce733302
postgresql-python-7.0.2-18.2_imnx_1.i386.rpm
ecd038e70c31a72bbfd682d6ae172a01
postgresql-server-7.0.2-18.2_imnx_1.i386.rpm
600f102d0bd36e876b05e65e2b2398e8
postgresql-tcl-7.0.2-18.2_imnx_1.i386.rpm
f59244858a7992beead0ce789985a0f7
postgresql-tk-7.0.2-18.2_imnx_1.i386.rpm
GPG verification:
Our public key is available at <http://wirex.com/security/GPG_KEY>.
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security@wirex.com. WireX
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>.
(98289) /WireX Security <security@wirex.com>/(Ombruten)
Bilaga (application/pgp-signature) i text 98290
98290 2003-04-10 05:31 /9 rader/ WireX Security <security@wirex.com>
Bilagans filnamn: "signature.asc"
Importerad: 2003-04-10 05:31 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: immunix-announce@immunix.org
Extern mottagare: linsec@lists.seifried.org
Mottagare: Bugtraq (import) <4429>
Bilaga (text/plain) till text 98289
Ärende: Bilaga (signature.asc) till: Immunix Secured OS 7+ PostgreSQL update
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQA+lPSNVQcWL60UVMsRAgNJAJ9rfSxyi2T5UX3GzWU75wPmQQ5knQCfX2Eu
q0xnHkmXCDGqcfEwTRVl41o=
=MxcR
-----END PGP SIGNATURE-----
(98290) /WireX Security <security@wirex.com>/-------
98601 2003-04-12 09:58 /104 rader/ WireX Security Team <security@wirex.com>
Importerad: 2003-04-12 09:58 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: immunix-announce@immunix.org
Extern mottagare: linsec@lists.seifried.org
Mottagare: Bugtraq (import) <4466>
Ärende: Immunix Secured OS 7+ PostgreSQL update
------------------------------------------------------------
----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: postgresql
Affected products: Immunix 7.0, 7+
Bugs fixed: CAN-2002-0972
CAN-2002-1397
CAN-2002-1398
CAN-2002-1400
CAN-2002-1401
CAN-2002-1402
Date: Tue Apr 8 2003
Advisory ID: IMNX-2003-7+-005-01
Author: Alan Olsen <alan@wirex.com>
-----------------------------------------------------------------------
Description:
Multiple vulnerabilities have been discovered in PostgreSQL.
CAN-2002-0972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0972 Buffer
overflows in PostgreSQL 7.2 allow attackers to cause a denial of
service and possibly execute arbitrary code via long arguments to
the functions (1) lpad or (2) rpad.
CAN-2002-1397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1397
Vulnerability in the cash_words() function for PostgreSQL 7.2 and
earlier allows local users to cause a denial of service and
possibly execute arbitrary code via a large negative argument,
possibly triggering an integer signedness error or buffer overflow.
CAN-2002-1398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1398 Buffer
overflow in the date parser for PostgreSQL before 7.2.2 allows
attackers to cause a denial of service and possibly execute
arbitrary code via a long date string, aka a vulnerability "in
handling long datetime input."
CAN-2002-1400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1400
Heap-based buffer overflow in the repeat() function for PostgreSQL
before 7.2.2 allows attackers to execute arbitrary code by causing
repeat() to generate a large string.
CAN-2002-1401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1401 Buffer
overflows in (1) circle_poly, (2) path_encode and (3) path_add
(also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and
earlier allow attackers to cause a denial of service and possibly
execute arbitrary code, possibly as a result of an integer
overflow.
CAN-2002-1402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1402 Buffer
overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables
for PostgreSQL 7.2.1 and earlier allow local users to cause a
denial of service and possibly execute arbitrary code.
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-7.0.2-18.2_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-devel-7.0.2-18.2_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-jdbc-7.0.2-18.2_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-odbc-7.0.2-18.2_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-perl-7.0.2-18.2_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-python-7.0.2-18.2_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-server-7.0.2-18.2_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-tcl-7.0.2-18.2_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/postgresql-tk-7.0.2-18.2_imnx_1.i386.rpm
Immunix OS 7+ md5sums:
93baa0d9c42efabf50eacc52b4842977
postgresql-7.0.2-18.2_imnx_1.i386.rpm
f3932ce27a695a5e5568b927994dc8be
postgresql-devel-7.0.2-18.2_imnx_1.i386.rpm
1c21fa51b3e24242bc5c9651fb8e1805
postgresql-jdbc-7.0.2-18.2_imnx_1.i386.rpm
8cc120126c031b47068ae2d6d673976c
postgresql-odbc-7.0.2-18.2_imnx_1.i386.rpm
6e12763d405762a6874f0ff2f2a03154
postgresql-perl-7.0.2-18.2_imnx_1.i386.rpm
a8504feff58d0c0adb771e5cce733302
postgresql-python-7.0.2-18.2_imnx_1.i386.rpm
ecd038e70c31a72bbfd682d6ae172a01
postgresql-server-7.0.2-18.2_imnx_1.i386.rpm
600f102d0bd36e876b05e65e2b2398e8
postgresql-tcl-7.0.2-18.2_imnx_1.i386.rpm
f59244858a7992beead0ce789985a0f7
postgresql-tk-7.0.2-18.2_imnx_1.i386.rpm
GPG verification:
Our public key is available at <http://wirex.com/security/GPG_KEY>.
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security@wirex.com. WireX
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>.
(98601) /WireX Security Team <security@wirex.com>/(Ombruten)
Bilaga (application/pgp-signature) i text 98602
98602 2003-04-12 09:59 /9 rader/ WireX Security Team <security@wirex.com>
Bilagans filnamn: "signature.asc"
Importerad: 2003-04-12 09:59 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: immunix-announce@immunix.org
Extern mottagare: linsec@lists.seifried.org
Mottagare: Bugtraq (import) <4467>
Bilaga (text/plain) till text 98601
Ärende: Bilaga (signature.asc) till: Immunix Secured OS 7+ PostgreSQL update
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQA+lRoSVQcWL60UVMsRAj/+AJ4rAefp4pR388NSCfqgiKrFR/htQwCeNFHH
a/hPRwEIjjRor3c8lMhnss4=
=EZbC
-----END PGP SIGNATURE-----
(98602) /WireX Security Team <security@wirex.com>/--