exploit the possibilities

Trustix Secure Linux Security Advisory 2006.59

Trustix Secure Linux Security Advisory 2006.59
Posted Oct 27, 2006
Authored by Trustix | Site http.trustix.org

Trustix Secure Linux Security Advisory #2006-0059: multiple vulnerabilities in postgresql.

tags | advisory, vulnerability
systems | linux
MD5 | 7c6ac98de242f9a8f3086d8aa0c546b8

Trustix Secure Linux Security Advisory 2006.59

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2006-0059

Package names: postgresql
Summary: Multiple vulnerabilities
Date: 2006-10-27
Affected versions: Trustix Secure Linux 2.2
Trustix Secure Linux 3.0
Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
postgresql
PostgreSQL is an advanced Object-Relational database management system
(DBMS) that supports almost all SQL constructs (including transactions,
subselects and user-defined types and functions). The postgresql package
includes the client programs and libraries that you'll need to access
a PostgreSQL DBMS server. These PostgreSQL client programs are programs
that directly manipulate the internal structure of PostgreSQL databases
on a PostgreSQL server. These client programs can be located on the
same machine with the PostgreSQL server, or may be on a remote machine
which accesses a PostgreSQL server over a network connection. This
package contains the docs in HTML for the whole package, as well as
command-line utilities for managing PostgreSQL databases on a
PostgreSQL server.

Problem description:
postgresql < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New Upstream.
- SECURITY Fix: Some vulnerabilities have been reported in PostgreSQL,
which can be exploited by malicious users to cause a DoS (SA22562).
- An incorrect type check before coercing unknown literals into the
ANYARRY type can be exploited to cause a crash when converting
certain literals into ANYARRAY.
- An error exists within the handling of aggregate functions in UPDATE
statements, which can be exploited to crash the server backend.
- An error within the logging of V3-protocol execute messages of
ROLLBACK or COMMIT statements can be exploited to cause a crash.

Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.


Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.


Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.


Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>


Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>

The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/> and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2006/0059/>


MD5sums of the packages:
- --------------------------------------------------------------------------
050ee3286c20ef5afecb08f1cb2a3535 3.0/rpms/postgresql-8.0.9-1tr.i586.rpm
99f85ba2ef00b89c8cd98ff70a1e425f 3.0/rpms/postgresql-contrib-8.0.9-1tr.i586.rpm
1d9c47a107ca13fff05a538f0cbc3095 3.0/rpms/postgresql-devel-8.0.9-1tr.i586.rpm
ebefb206688408b0d18c750795d0ff7f 3.0/rpms/postgresql-docs-8.0.9-1tr.i586.rpm
a7973e5d22e7424157ae2789386ab782 3.0/rpms/postgresql-libs-8.0.9-1tr.i586.rpm
4dd5be6662f60a7a6937cf81cfe4576a 3.0/rpms/postgresql-plperl-8.0.9-1tr.i586.rpm
ea9f0000b648aed9b82ba05f0d1639a1 3.0/rpms/postgresql-python-8.0.9-1tr.i586.rpm
603e90c5390a875b249e039fe397bb93 3.0/rpms/postgresql-server-8.0.9-1tr.i586.rpm
173824e7d095b4e32b1e967010bbc14e 3.0/rpms/postgresql-test-8.0.9-1tr.i586.rpm

891925bea482bcb9bab6e38336502444 2.2/rpms/postgresql-8.0.9-1tr.i586.rpm
416ce640569a792a2c1efa21186b6772 2.2/rpms/postgresql-contrib-8.0.9-1tr.i586.rpm
8d59d7292d3621e7c564fc269db36429 2.2/rpms/postgresql-devel-8.0.9-1tr.i586.rpm
b4a986d3e208538ad5a4496e54021803 2.2/rpms/postgresql-docs-8.0.9-1tr.i586.rpm
6dba340c2f04d833cb3e49865393e906 2.2/rpms/postgresql-libs-8.0.9-1tr.i586.rpm
284cb3665c3a9eb3447efb9f54193ecf 2.2/rpms/postgresql-plperl-8.0.9-1tr.i586.rpm
bf4f909cb16291157bdcf2707eefd411 2.2/rpms/postgresql-python-8.0.9-1tr.i586.rpm
321f435cd542c8f365542f93e3ab0953 2.2/rpms/postgresql-server-8.0.9-1tr.i586.rpm
7c2eb7d8e34857d3652e11ab68645a14 2.2/rpms/postgresql-test-8.0.9-1tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFFQgsti8CEzsK9IksRAt7cAKCvYMr/y0QQGegba4s+1tB0/+whkwCeL600
xJSUNyS8+Y7EoIbeq2HKyto=
=Y/4F
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close