Secunia Security Advisory 37654

Secunia Security Advisory 37654: Posted Dec 11, 2009; Authored by Secunia | Site secunia.com; Secunia Security Advisory - Ubuntu has issued an update for PyGreSQL. This fixes a weakness, which can potentially cause SQL injection vulnerabilities.; tags | advisory, vulnerability, sql injection; systems | linux, ubuntu; SHA-256 | 38f467d5b805b15f1ddf1fcfb6cee33dd0d6c4b02c7d70701e64d5e4267a815e; Download | Favorite | View

Secunia Security Advisory 37654

----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)  

If not, then implement it through the most reliable vulnerability
intelligence source on the market. 

Implement it through Secunia. 

For more information visit:
http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com

----------------------------------------------------------------------

TITLE:
Ubuntu update for pygresql

SECUNIA ADVISORY ID:
SA37654

VERIFY ADVISORY:
http://secunia.com/advisories/37654/

DESCRIPTION:
Ubuntu has issued an update for PyGreSQL. This fixes a weakness,
which can potentially cause SQL injection vulnerabilities.

The weakness is caused due to PyGreSQL not using PostgreSQL's safe
string and bytea functions in its own escaping functions, which can
prevent escaping when certain multibyte character encodings are used.

SOLUTION:
Apply updated packages.

-- Ubuntu 8.04 LTS --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/pygresql/pygresql_3.8.1-2ubuntu0.1.diff.gz
Size/MD5:     4556 282feadbd53e81d0912041f3e8707b65
http://security.ubuntu.com/ubuntu/pool/main/p/pygresql/pygresql_3.8.1-2ubuntu0.1.dsc
Size/MD5:      819 9613b347da5530beaaed5685ca7190e9
http://security.ubuntu.com/ubuntu/pool/main/p/pygresql/pygresql_3.8.1.orig.tar.gz
Size/MD5:    81186 5575979dac93c9c5795d7693a8f91c86

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/p/pygresql/python-pygresql-dbg_3.8.1-2ubuntu0.1_amd64.deb
Size/MD5:   158862 52a6055fbb6bd8343b5a714c12e30afa
http://security.ubuntu.com/ubuntu/pool/main/p/pygresql/python-pygresql_3.8.1-2ubuntu0.1_amd64.deb
Size/MD5:   113590 ab2f308e7c9d011e4290a159c0ac5c66

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/p/pygresql/python-pygresql-dbg_3.8.1-2ubuntu0.1_i386.deb
Size/MD5:   142506 fc8a7789c369ac24468b7dc9cfcf8de5
http://security.ubuntu.com/ubuntu/pool/main/p/pygresql/python-pygresql_3.8.1-2ubuntu0.1_i386.deb
Size/MD5:   108396 00a81a413758c9c9b91efdd2c694247e

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/p/pygresql/python-pygresql-dbg_3.8.1-2ubuntu0.1_lpia.deb
Size/MD5:   143308 9174b81254494f27457bce98d73f9a5b
http://ports.ubuntu.com/pool/main/p/pygresql/python-pygresql_3.8.1-2ubuntu0.1_lpia.deb
Size/MD5:   107932 c97afe12864aa0c91c82d1331edd739d

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/p/pygresql/python-pygresql-dbg_3.8.1-2ubuntu0.1_powerpc.deb
Size/MD5:   158918 9e2145814af329ba3b8deb6e269396e6
http://ports.ubuntu.com/pool/main/p/pygresql/python-pygresql_3.8.1-2ubuntu0.1_powerpc.deb
Size/MD5:   115096 39e2ed416b83c3c289eb4700d6b10fe4

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/p/pygresql/python-pygresql-dbg_3.8.1-2ubuntu0.1_sparc.deb
Size/MD5:   136806 6180a01bcca41ec614520a6a617247b1
http://ports.ubuntu.com/pool/main/p/pygresql/python-pygresql_3.8.1-2ubuntu0.1_sparc.deb
Size/MD5:   108752 5a37c25ed4116c66f26e28ba4d914a3d

-- Ubuntu 8.10 --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/pygresql/pygresql_3.8.1-3ubuntu0.1.diff.gz
Size/MD5:     4554 0f4ebbe4a21abb32e1b8adcc841272fd
http://security.ubuntu.com/ubuntu/pool/main/p/pygresql/pygresql_3.8.1-3ubuntu0.1.dsc
Size/MD5:     1215 e957555bab090aeb2bf2b043710536c1
http://security.ubuntu.com/ubuntu/pool/main/p/pygresql/pygresql_3.8.1.orig.tar.gz
Size/MD5:    81186 5575979dac93c9c5795d7693a8f91c86

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/p/pygresql/python-pygresql-dbg_3.8.1-3ubuntu0.1_amd64.deb
Size/MD5:   161374 c2bd1d7edf9a4b7fe8775a4b81e41c89
http://security.ubuntu.com/ubuntu/pool/main/p/pygresql/python-pygresql_3.8.1-3ubuntu0.1_amd64.deb
Size/MD5:   113848 df4cf90f62f064cde2af19d4e53bb6a8

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/p/pygresql/python-pygresql-dbg_3.8.1-3ubuntu0.1_i386.deb
Size/MD5:   144342 9613af053ccac31ee68f0ea7237102ba
http://security.ubuntu.com/ubuntu/pool/main/p/pygresql/python-pygresql_3.8.1-3ubuntu0.1_i386.deb
Size/MD5:   108184 61858ff497b9a22271c987d2b3f8e136

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/p/pygresql/python-pygresql-dbg_3.8.1-3ubuntu0.1_lpia.deb
Size/MD5:   145702 efb2a010093fd49ad4b2d459ba700109
http://ports.ubuntu.com/pool/main/p/pygresql/python-pygresql_3.8.1-3ubuntu0.1_lpia.deb
Size/MD5:   107998 5aa9a9f24cde01ed80e5cc7119fc3976

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/p/pygresql/python-pygresql-dbg_3.8.1-3ubuntu0.1_powerpc.deb
Size/MD5:   160822 8414c4daf91fac983e85f48af335fadb
http://ports.ubuntu.com/pool/main/p/pygresql/python-pygresql_3.8.1-3ubuntu0.1_powerpc.deb
Size/MD5:   114884 359b31a67439795c2cb2d9740c9be2a2

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/p/pygresql/python-pygresql-dbg_3.8.1-3ubuntu0.1_sparc.deb
Size/MD5:   138978 01cd4bc1d15a97e96c62177855a610f2
http://ports.ubuntu.com/pool/main/p/pygresql/python-pygresql_3.8.1-3ubuntu0.1_sparc.deb
Size/MD5:   108932 e4847eeeeed2e144e4f7c4efe147312e

ORIGINAL ADVISORY:
USN-870-1:
http://www.ubuntu.com/usn/USN-870-1

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Secunia Security Advisory 37654

Secunia Security Advisory 37654

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Secunia Security Advisory 37654

Share This

Secunia Security Advisory 37654

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems