Package name
postgresql
Date
2006-06-07
Advisory ID
MDKSA-2006:098
Affected versions
2006.0 i586 , 10.2 i586 , CS3.0 x86_64 , CS3.0 i586 , 10.2 x86_64 , 2006.0 x86_64

Problem description

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13,
7.3.x before 7.3.15, and earlier versions allows context-dependent
attackers to bypass SQL injection protection methods in applications
via invalid encodings of multibyte characters, aka one variant of
"Encoding-Based SQL Injection." (CVE-2006-2313)

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13,
7.3.x before 7.3.15, and earlier versions allows context-dependent
attackers to bypass SQL injection protection methods in applications
that use multibyte encodings that allow the "\" (backslash) byte 0x5c to
be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK,
GB18030, and UHC, which cannot be handled correctly by a client that does
not understand multibyte encodings, aka a second variant of "Encoding-Based
SQL Injection." NOTE: it could be argued that this is a class of issue
related to interaction errors between the client and PostgreSQL, but a
CVE has been assigned since PostgreSQL is treating this as a preventative
measure against this class of problem. (CVE-2006-2314)

Packages have been patched or updated to correct these issues.

Updated packages

2006.0 i586

 2b9e406b4646a1ae6657b1bd0fafe0a3  2006.0/RPMS/libecpg5-8.0.8-0.1.20060mdk.i586.rpm
 243ddb16f72e02221c2188b0d5b09594  2006.0/RPMS/libecpg5-devel-8.0.8-0.1.20060mdk.i586.rpm
 10a9c8bce7c1361d2a9e1e213e628e2a  2006.0/RPMS/libpq4-8.0.8-0.1.20060mdk.i586.rpm
 0ba3382f18b64288b1314fdf337c05ee  2006.0/RPMS/libpq4-devel-8.0.8-0.1.20060mdk.i586.rpm
 13c88ef9b006a32ce6cccb5e6a20edcf  2006.0/RPMS/postgresql-8.0.8-0.1.20060mdk.i586.rpm
 04c1e95d8a38ef41ab44d6fd1925cca3  2006.0/RPMS/postgresql-contrib-8.0.8-0.1.20060mdk.i586.rpm
 e9af4ed2860766dea84f09e97f3238da  2006.0/RPMS/postgresql-devel-8.0.8-0.1.20060mdk.i586.rpm
 adfdd91733e3aa04d86d25a40a101381  2006.0/RPMS/postgresql-docs-8.0.8-0.1.20060mdk.i586.rpm
 b49599532eee6d806f644ca833e01217  2006.0/RPMS/postgresql-jdbc-8.0.8-0.1.20060mdk.i586.rpm
 5ec0d9ce965a5cdad6456d628977c39b  2006.0/RPMS/postgresql-pl-8.0.8-0.1.20060mdk.i586.rpm
 978c15526ba8a61fef212796ddc61463  2006.0/RPMS/postgresql-plperl-8.0.8-0.1.20060mdk.i586.rpm
 91830da3acb37b022c4fbdb5836bf632  2006.0/RPMS/postgresql-plpgsql-8.0.8-0.1.20060mdk.i586.rpm
 cc0f900c787437928f380e645d17d37c  2006.0/RPMS/postgresql-plpython-8.0.8-0.1.20060mdk.i586.rpm
 3708cb949b4c8603960ed44c9b513df5  2006.0/RPMS/postgresql-pltcl-8.0.8-0.1.20060mdk.i586.rpm
 696143a0a2883c8ced5437f21c5dbdf2  2006.0/RPMS/postgresql-server-8.0.8-0.1.20060mdk.i586.rpm
 16d7bdc245d2ce5b1811222bf1c6e360  2006.0/RPMS/postgresql-test-8.0.8-0.1.20060mdk.i586.rpm
 903a96aaa883cb62f0be8c0ba26d6b0c  2006.0/SRPMS/postgresql-8.0.8-0.1.20060mdk.src.rpm

10.2 i586

 7d7748c7f83651e1a31e111d7da0ffc4  10.2/RPMS/libecpg5-8.0.8-0.1.102mdk.i586.rpm
 4a0e6f957da380bdd548785a069df2fa  10.2/RPMS/libecpg5-devel-8.0.8-0.1.102mdk.i586.rpm
 7b15c9cf319e0eb6c5160bd6ae2f094c  10.2/RPMS/libpq4-8.0.8-0.1.102mdk.i586.rpm
 b4bc2a4cc570f460b583bedac744655e  10.2/RPMS/libpq4-devel-8.0.8-0.1.102mdk.i586.rpm
 46f522cbf070062413a59783d185551e  10.2/RPMS/postgresql-8.0.8-0.1.102mdk.i586.rpm
 cf6d3b66f83c08f9285f05929e44eac0  10.2/RPMS/postgresql-contrib-8.0.8-0.1.102mdk.i586.rpm
 a213ae15b71714cc7471a475dff69dec  10.2/RPMS/postgresql-devel-8.0.8-0.1.102mdk.i586.rpm
 a778d339105a4a51d9457cf80758d539  10.2/RPMS/postgresql-docs-8.0.8-0.1.102mdk.i586.rpm
 c57042c163736aa50ca3f94acdb812b6  10.2/RPMS/postgresql-jdbc-8.0.8-0.1.102mdk.i586.rpm
 0a3d055bff42d982a28c33c9785c7534  10.2/RPMS/postgresql-pl-8.0.8-0.1.102mdk.i586.rpm
 c4ce05d84d96ea30f520e03052c2b9af  10.2/RPMS/postgresql-plperl-8.0.8-0.1.102mdk.i586.rpm
 3fa919d2a099eb4df0b05150b7d9187c  10.2/RPMS/postgresql-plpgsql-8.0.8-0.1.102mdk.i586.rpm
 557a6ecae7b745bb96117209b00f548c  10.2/RPMS/postgresql-plpython-8.0.8-0.1.102mdk.i586.rpm
 dba76cc2c9e39a58924a1311ae0d2642  10.2/RPMS/postgresql-pltcl-8.0.8-0.1.102mdk.i586.rpm
 7087b905bbc1c217dbb3442a6c028f0b  10.2/RPMS/postgresql-server-8.0.8-0.1.102mdk.i586.rpm
 ff16fa0a010db99ce67994bc94b5536a  10.2/RPMS/postgresql-test-8.0.8-0.1.102mdk.i586.rpm
 0806b379df8b7c9b955f0bd519cf213f  10.2/SRPMS/postgresql-8.0.8-0.1.102mdk.src.rpm

CS3.0 x86_64

 d8ed626768c69eb97004d42d47322a4a  x86_64/corporate/3.0/RPMS/lib64ecpg3-7.4.1-2.6.C30mdk.x86_64.rpm
 19639e5f855af780586871e60365b8f1  x86_64/corporate/3.0/RPMS/lib64ecpg3-devel-7.4.1-2.6.C30mdk.x86_64.rpm
 79163d1d52df819b3807445a28a4748f  x86_64/corporate/3.0/RPMS/lib64pgtcl2-7.4.1-2.6.C30mdk.x86_64.rpm
 b4356183d45cdb448e7e8c2195a419e6  x86_64/corporate/3.0/RPMS/lib64pgtcl2-devel-7.4.1-2.6.C30mdk.x86_64.rpm
 04732f900babe887c77606063dfe78a0  x86_64/corporate/3.0/RPMS/lib64pq3-7.4.1-2.6.C30mdk.x86_64.rpm
 a86004f195f5bd3d910b80bd2194b503  x86_64/corporate/3.0/RPMS/lib64pq3-devel-7.4.1-2.6.C30mdk.x86_64.rpm
 da154afe1362c980ede81914ccf412be  x86_64/corporate/3.0/RPMS/postgresql-7.4.1-2.6.C30mdk.x86_64.rpm
 0517399d099bd7aa39c0000b5b7eaa73  x86_64/corporate/3.0/RPMS/postgresql-contrib-7.4.1-2.6.C30mdk.x86_64.rpm
 094cd54dd316f12b0dc45710f5ec4e22  x86_64/corporate/3.0/RPMS/postgresql-devel-7.4.1-2.6.C30mdk.x86_64.rpm
 98f90c8828ae548035cab3dc1a633aa6  x86_64/corporate/3.0/RPMS/postgresql-docs-7.4.1-2.6.C30mdk.x86_64.rpm
 2434237858aec19e8e65a4c7b429df9c  x86_64/corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.6.C30mdk.x86_64.rpm
 4414a59d5929668161aa932ea6e74787  x86_64/corporate/3.0/RPMS/postgresql-pl-7.4.1-2.6.C30mdk.x86_64.rpm
 202b10907a8c365fb9408ab31ec4b7f4  x86_64/corporate/3.0/RPMS/postgresql-server-7.4.1-2.6.C30mdk.x86_64.rpm
 ef3f8cb2101ce12ef4a9d39dba3ef69d  x86_64/corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.6.C30mdk.x86_64.rpm
 5f38e8842f16de0a78d297542f36381f  x86_64/corporate/3.0/RPMS/postgresql-test-7.4.1-2.6.C30mdk.x86_64.rpm
 9e2f9744dbdd29fb5005585f8f0b9c08  x86_64/corporate/3.0/SRPMS/postgresql-7.4.1-2.6.C30mdk.src.rpm

CS3.0 i586

 cd86a91e81c16b73b56e22795cc75ac1  corporate/3.0/RPMS/libecpg3-7.4.1-2.6.C30mdk.i586.rpm
 81032809705e397ff92a36473cac3d46  corporate/3.0/RPMS/libecpg3-devel-7.4.1-2.6.C30mdk.i586.rpm
 8ed7ddb1e22609f94619fb5ebf8f7a58  corporate/3.0/RPMS/libpgtcl2-7.4.1-2.6.C30mdk.i586.rpm
 e1a85f2ebb03443f752e2ddd1c0b778d  corporate/3.0/RPMS/libpgtcl2-devel-7.4.1-2.6.C30mdk.i586.rpm
 b0ef1692772d939198d84cccdcfc30da  corporate/3.0/RPMS/libpq3-7.4.1-2.6.C30mdk.i586.rpm
 f076ba31f6a477b8be7a74f793293770  corporate/3.0/RPMS/libpq3-devel-7.4.1-2.6.C30mdk.i586.rpm
 be6f85d3fd05ee59f482b90c00e79225  corporate/3.0/RPMS/postgresql-7.4.1-2.6.C30mdk.i586.rpm
 f4f9b314a43f04c93ba6a456c46eec3f  corporate/3.0/RPMS/postgresql-contrib-7.4.1-2.6.C30mdk.i586.rpm
 cb0baf3e3b998127640e7c3573eda77b  corporate/3.0/RPMS/postgresql-devel-7.4.1-2.6.C30mdk.i586.rpm
 16fe11d7990e297e56ffb2f8e34eb3ff  corporate/3.0/RPMS/postgresql-docs-7.4.1-2.6.C30mdk.i586.rpm
 f6acadb8c1d3c3e78bb5a7d7e233b73b  corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.6.C30mdk.i586.rpm
 cd1088e858b39ac9c86865048e6e91dc  corporate/3.0/RPMS/postgresql-pl-7.4.1-2.6.C30mdk.i586.rpm
 2a2f6db2c65c6ec72a00cf22c77d25ed  corporate/3.0/RPMS/postgresql-server-7.4.1-2.6.C30mdk.i586.rpm
 e6dbad550a75cbdaafb882646094b18e  corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.6.C30mdk.i586.rpm
 1d9bfb14ee7e32157364c02fdb5d39c8  corporate/3.0/RPMS/postgresql-test-7.4.1-2.6.C30mdk.i586.rpm
 9e2f9744dbdd29fb5005585f8f0b9c08  corporate/3.0/SRPMS/postgresql-7.4.1-2.6.C30mdk.src.rpm

10.2 x86_64

 5c49f14f6581d8be74619a342c3e2526  x86_64/10.2/RPMS/lib64ecpg5-8.0.8-0.1.102mdk.x86_64.rpm
 913b509d69a4814d039d662f70af1a9f  x86_64/10.2/RPMS/lib64ecpg5-devel-8.0.8-0.1.102mdk.x86_64.rpm
 68939e3bea560c1152144adb9ec53c05  x86_64/10.2/RPMS/lib64pq4-8.0.8-0.1.102mdk.x86_64.rpm
 5c5058a573ff735fbf55f66b36070525  x86_64/10.2/RPMS/lib64pq4-devel-8.0.8-0.1.102mdk.x86_64.rpm
 870d11274b7e44c0a640254c66186e7d  x86_64/10.2/RPMS/postgresql-8.0.8-0.1.102mdk.x86_64.rpm
 c0b236b3758bc047c7cb89a1bf2e19cf  x86_64/10.2/RPMS/postgresql-contrib-8.0.8-0.1.102mdk.x86_64.rpm
 de72f56defe74e0e636b9f9f9a542dda  x86_64/10.2/RPMS/postgresql-devel-8.0.8-0.1.102mdk.x86_64.rpm
 2335bcdcae87d9210594d1c7e52b5719  x86_64/10.2/RPMS/postgresql-docs-8.0.8-0.1.102mdk.x86_64.rpm
 d6db4aa274296935a3c52ac4250e097e  x86_64/10.2/RPMS/postgresql-jdbc-8.0.8-0.1.102mdk.x86_64.rpm
 7309113d835e1facf24f07600ea4e0bb  x86_64/10.2/RPMS/postgresql-pl-8.0.8-0.1.102mdk.x86_64.rpm
 b6c476b046c1a3c83252210f62b6fa7a  x86_64/10.2/RPMS/postgresql-plperl-8.0.8-0.1.102mdk.x86_64.rpm
 c79be6051bd388783c067c69cf9784e3  x86_64/10.2/RPMS/postgresql-plpgsql-8.0.8-0.1.102mdk.x86_64.rpm
 33e9e0047ff25fe0b1d866bb1d2b9043  x86_64/10.2/RPMS/postgresql-plpython-8.0.8-0.1.102mdk.x86_64.rpm
 13a7c2a73beea45caba038572fb77508  x86_64/10.2/RPMS/postgresql-pltcl-8.0.8-0.1.102mdk.x86_64.rpm
 54f0c1c62319716d3d6d372162656c0e  x86_64/10.2/RPMS/postgresql-server-8.0.8-0.1.102mdk.x86_64.rpm
 8ed0ce1d8932b1d1b5e47300cf436ae5  x86_64/10.2/RPMS/postgresql-test-8.0.8-0.1.102mdk.x86_64.rpm
 0806b379df8b7c9b955f0bd519cf213f  x86_64/10.2/SRPMS/postgresql-8.0.8-0.1.102mdk.src.rpm

2006.0 x86_64

 3c6c8898c78e75eba130fa873f938535  x86_64/2006.0/RPMS/lib64ecpg5-8.0.8-0.1.20060mdk.x86_64.rpm
 3e670208f7426f7269a861840e3f442b  x86_64/2006.0/RPMS/lib64ecpg5-devel-8.0.8-0.1.20060mdk.x86_64.rpm
 4b773b4fcc75c32827e0f0e0ecb77250  x86_64/2006.0/RPMS/lib64pq4-8.0.8-0.1.20060mdk.x86_64.rpm
 ad28bfc29df3a742724ef29b0d1ba0fd  x86_64/2006.0/RPMS/lib64pq4-devel-8.0.8-0.1.20060mdk.x86_64.rpm
 538aa8c9317953b6484fd6a190f6d89c  x86_64/2006.0/RPMS/postgresql-8.0.8-0.1.20060mdk.x86_64.rpm
 c75a24e068fd9405ef942d9c081dcb4f  x86_64/2006.0/RPMS/postgresql-contrib-8.0.8-0.1.20060mdk.x86_64.rpm
 f7247dc49eb9693eaadb24aa317fd20d  x86_64/2006.0/RPMS/postgresql-devel-8.0.8-0.1.20060mdk.x86_64.rpm
 442188ad9654ce43eed5f4475bfcb38c  x86_64/2006.0/RPMS/postgresql-docs-8.0.8-0.1.20060mdk.x86_64.rpm
 936340667b8c25af2a3991361e53b83e  x86_64/2006.0/RPMS/postgresql-jdbc-8.0.8-0.1.20060mdk.x86_64.rpm
 e9d824016ecb58efffe335c6d26d7f18  x86_64/2006.0/RPMS/postgresql-pl-8.0.8-0.1.20060mdk.x86_64.rpm
 ddb424def79f631061365d3cbe85ef09  x86_64/2006.0/RPMS/postgresql-plperl-8.0.8-0.1.20060mdk.x86_64.rpm
 0b6426978856e248528b791652fe880c  x86_64/2006.0/RPMS/postgresql-plpgsql-8.0.8-0.1.20060mdk.x86_64.rpm
 99ef20d223d5ba314ff90eac22fa4d33  x86_64/2006.0/RPMS/postgresql-plpython-8.0.8-0.1.20060mdk.x86_64.rpm
 fbce3702380d2ff8eb89e47e792142b0  x86_64/2006.0/RPMS/postgresql-pltcl-8.0.8-0.1.20060mdk.x86_64.rpm
 9bceb314082b2800a710157cce5b80f9  x86_64/2006.0/RPMS/postgresql-server-8.0.8-0.1.20060mdk.x86_64.rpm
 540a0e2cb80e4aada968f09633dbbcfc  x86_64/2006.0/RPMS/postgresql-test-8.0.8-0.1.20060mdk.x86_64.rpm
 903a96aaa883cb62f0be8c0ba26d6b0c  x86_64/2006.0/SRPMS/postgresql-8.0.8-0.1.20060mdk.src.rpm

References