Package name
postgresql
Date
2003-02-11
Advisory ID
MDKSA-2002:062-1
Affected versions
8.1 i586 , SNF7.2 i586 , 8.1 i586 , 8.0 i586 , 9.0 i586 , 8.2 i586 , 8.0 i586 , 8.2 i586 , 7.2 i586

Problem description

Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code.

Updated packages

8.1 i586

 a0ab2205f1fe47bad88cea600916b871  ia64/8.1/RPMS/postgresql-7.1.2-19.3mdk.ia64.rpm
5844b3344d57af2e330865e9031c0d4b  ia64/8.1/RPMS/postgresql-contrib-7.1.2-19.3mdk.ia64.rpm
40225b5838c33029bd8cf5d6f276e22f  ia64/8.1/RPMS/postgresql-devel-7.1.2-19.3mdk.ia64.rpm
d5d0543a93d1c071375c1c07c5d5c33f  ia64/8.1/RPMS/postgresql-docs-7.1.2-19.3mdk.ia64.rpm
dc4665e113e696ef8a30a3ef9257681e  ia64/8.1/RPMS/postgresql-jdbc-7.1.2-19.3mdk.ia64.rpm
6c993e445bed97e3b1f8bb053ac4ff60  ia64/8.1/RPMS/postgresql-libs-7.1.2-19.3mdk.ia64.rpm
ef7a7ca8460e4b2de3beb7a551cc3d76  ia64/8.1/RPMS/postgresql-odbc-7.1.2-19.3mdk.ia64.rpm
1f67a742649c0bc6efc64f6803681a27  ia64/8.1/RPMS/postgresql-perl-7.1.2-19.3mdk.ia64.rpm
0be4a57073b651d366866317370e3c54  ia64/8.1/RPMS/postgresql-plperl-7.1.2-19.3mdk.ia64.rpm
1332ad74b2abd3b5b028f501e115b3e0  ia64/8.1/RPMS/postgresql-python-7.1.2-19.3mdk.ia64.rpm
ed4cb3a263eb1d0507ab1cb29a15dc37  ia64/8.1/RPMS/postgresql-server-7.1.2-19.3mdk.ia64.rpm
f30c087b1cd9aeddcdb0acee64d42437  ia64/8.1/RPMS/postgresql-tcl-7.1.2-19.3mdk.ia64.rpm
3dba7af5b1f92c088f69f234480f3755  ia64/8.1/RPMS/postgresql-test-7.1.2-19.3mdk.ia64.rpm
50b000869e5058323e790ecb18049f75  ia64/8.1/RPMS/postgresql-tk-7.1.2-19.3mdk.ia64.rpm
9bd07818ed29d3a4805881102b738cfa  ia64/8.1/SRPMS/postgresql-7.1.2-19.3mdk.src.rpm

SNF7.2 i586

 16f6ad77e613d9c69eb953711ecae596  snf7.2/RPMS/postgresql-7.0.2-6.2mdk.i586.rpm
7994b32ad704c1eca1d826526c539cc7  snf7.2/SRPMS/postgresql-7.0.2-6.2mdk.src.rpm

8.1 i586

 97de10790f301b68eaca59c697809ea9  8.1/RPMS/postgresql-7.1.2-19.3mdk.i586.rpm
aec70115c9cc02624434b093c5d90c5c  8.1/RPMS/postgresql-contrib-7.1.2-19.3mdk.i586.rpm
6ab2d88eb5fee0c693bfe6d471f97e20  8.1/RPMS/postgresql-devel-7.1.2-19.3mdk.i586.rpm
4754eb788df84d946d08d289436010dd  8.1/RPMS/postgresql-docs-7.1.2-19.3mdk.i586.rpm
025457b3aaa43d490fed74dbdd72eb9f  8.1/RPMS/postgresql-jdbc-7.1.2-19.3mdk.i586.rpm
676676267be42eccb12c58f597f00e58  8.1/RPMS/postgresql-libs-7.1.2-19.3mdk.i586.rpm
d496dd85e2ff5c9461b62e03182331fd  8.1/RPMS/postgresql-odbc-7.1.2-19.3mdk.i586.rpm
a1eed5f8fcca84191468ec9cd30a2aae  8.1/RPMS/postgresql-perl-7.1.2-19.3mdk.i586.rpm
07966ec3c52708ad9fb24998a39cc397  8.1/RPMS/postgresql-plperl-7.1.2-19.3mdk.i586.rpm
57ba9c81df82ff486031dbd0fd04e87c  8.1/RPMS/postgresql-python-7.1.2-19.3mdk.i586.rpm
43964e8e013e88312505d437cc36e775  8.1/RPMS/postgresql-server-7.1.2-19.3mdk.i586.rpm
a6b24839a25edae67cd89b23640c5e13  8.1/RPMS/postgresql-tcl-7.1.2-19.3mdk.i586.rpm
57cc51dca34fc289790432f975c529b3  8.1/RPMS/postgresql-test-7.1.2-19.3mdk.i586.rpm
268c76eb7fe37063b550309e3a1cbdb2  8.1/RPMS/postgresql-tk-7.1.2-19.3mdk.i586.rpm
9bd07818ed29d3a4805881102b738cfa  8.1/SRPMS/postgresql-7.1.2-19.3mdk.src.rpm

8.0 i586

 bf2acc64035b1821d1b17dbe2bfc5f8f  8.0/RPMS/postgresql-7.0.3-12.3mdk.i586.rpm
66f2658ccb68c3f7dec5a8b994a42afc  8.0/RPMS/postgresql-devel-7.0.3-12.3mdk.i586.rpm
a522ab7fa208235c17509400f6ee5a6c  8.0/RPMS/postgresql-jdbc-7.0.3-12.3mdk.i586.rpm
63073956e8e6792c541799e5a38789cb  8.0/RPMS/postgresql-odbc-7.0.3-12.3mdk.i586.rpm
a2c32ed4effbb69e2c0f912d7068d1c0  8.0/RPMS/postgresql-perl-7.0.3-12.3mdk.i586.rpm
593ba7e87e72a89fa068eecfdc76dae5  8.0/RPMS/postgresql-python-7.0.3-12.3mdk.i586.rpm
d2903a4ed75679749713f1ccb50a0325  8.0/RPMS/postgresql-server-7.0.3-12.3mdk.i586.rpm
3f23db200a658c5b08044f0efb9583b5  8.0/RPMS/postgresql-tcl-7.0.3-12.3mdk.i586.rpm
6f493533534e68d6e56a4714d2eff81e  8.0/RPMS/postgresql-test-7.0.3-12.3mdk.i586.rpm
644f165ad06cd62a309548298981d1e9  8.0/RPMS/postgresql-tk-7.0.3-12.3mdk.i586.rpm
2b918a143b51a306ca9132233373c5d0  8.0/SRPMS/postgresql-7.0.3-12.3mdk.src.rpm

9.0 i586

 47e6da609c810370ab03e7e1ffc5d259  9.0/RPMS/libecpg3-7.2.2-1.2mdk.i586.rpm
e68a0b313fd8e375faaa0b7623c3a2c2  9.0/RPMS/libpgperl-7.2.2-1.2mdk.i586.rpm
2e3f2bf4fb815d7eb694980fa6d08dfe  9.0/RPMS/libpgsql2-7.2.2-1.2mdk.i586.rpm
4221bc2f2e6eade8fe61a42a365f99fb  9.0/RPMS/libpgsqlodbc0-7.2.2-1.2mdk.i586.rpm
937337453a19394face29b862019141b  9.0/RPMS/libpgtcl2-7.2.2-1.2mdk.i586.rpm
dbed9918b4b03ed654c5b018b4d756b2  9.0/RPMS/postgresql-7.2.2-1.2mdk.i586.rpm
4fd6458ba68949755de443fa19c3b673  9.0/RPMS/postgresql-contrib-7.2.2-1.2mdk.i586.rpm
faf3650ff3bfae6e52a7bca8f16ec43a  9.0/RPMS/postgresql-devel-7.2.2-1.2mdk.i586.rpm
a09cae1efa38d5efd579545e120e14e4  9.0/RPMS/postgresql-docs-7.2.2-1.2mdk.i586.rpm
5363320a91e676f5e18973d1a7f32047  9.0/RPMS/postgresql-jdbc-7.2.2-1.2mdk.i586.rpm
8aea657a4e8539e4d8736c1ad4128f43  9.0/RPMS/postgresql-python-7.2.2-1.2mdk.i586.rpm
05cbcb2c82942dba3e80f0cd6d77c217  9.0/RPMS/postgresql-server-7.2.2-1.2mdk.i586.rpm
2e695048467212f7274fa26b2d283169  9.0/RPMS/postgresql-tcl-7.2.2-1.2mdk.i586.rpm
bf3aa4c250e9e69c017c50b145623b5a  9.0/RPMS/postgresql-test-7.2.2-1.2mdk.i586.rpm
10bdfd1c9db6651b76d1f91893193b2f  9.0/RPMS/postgresql-tk-7.2.2-1.2mdk.i586.rpm
a61a0c2d5d5c223860f50302e7dbdb93  9.0/SRPMS/postgresql-7.2.2-1.2mdk.src.rpm

8.2 i586

 8b27c79afbd8fd32def0eb6feb6c0d9a  8.2/RPMS/libecpg3-7.2-12.2mdk.i586.rpm
595cec2baf3b71d4fac9de920c7fabfa  8.2/RPMS/libpgperl-7.2-12.2mdk.i586.rpm
d52d7e7bab94d255c2a304acdef87789  8.2/RPMS/libpgsql2-7.2-12.2mdk.i586.rpm
5dc506936db8e32a08ec4249c1814d81  8.2/RPMS/libpgsqlodbc0-7.2-12.2mdk.i586.rpm
949789c4c0569cf79a3652ba294057d2  8.2/RPMS/libpgtcl2-7.2-12.2mdk.i586.rpm
389afb26bcbe82dd0db84d6179749b1e  8.2/RPMS/postgresql-7.2-12.2mdk.i586.rpm
84a443bce98bf8872e25a844f2602b2c  8.2/RPMS/postgresql-contrib-7.2-12.2mdk.i586.rpm
6646a6461dd3654ed6cf51968512360c  8.2/RPMS/postgresql-devel-7.2-12.2mdk.i586.rpm
902851489c741dfefef18de2c1263ba0  8.2/RPMS/postgresql-docs-7.2-12.2mdk.i586.rpm
0e305d02c5ef1420a3fcd158e84deab6  8.2/RPMS/postgresql-jdbc-7.2-12.2mdk.i586.rpm
d3d9b5dd8277178d4c98ad108676488c  8.2/RPMS/postgresql-python-7.2-12.2mdk.i586.rpm
0fdcedbdcdd1d780c5799c02620b5539  8.2/RPMS/postgresql-server-7.2-12.2mdk.i586.rpm
f5233fd92501b37120730155a7497a21  8.2/RPMS/postgresql-tcl-7.2-12.2mdk.i586.rpm
ac1badad8cc870e8613435c8e7e9d432  8.2/RPMS/postgresql-test-7.2-12.2mdk.i586.rpm
f5f2ac87de0cd373c9a8a208cf60f004  8.2/RPMS/postgresql-tk-7.2-12.2mdk.i586.rpm
14f6696f5d41104d0d10c27e1f3d7988  8.2/SRPMS/postgresql-7.2-12.2mdk.src.rpm

8.0 i586

 cb7745ab7ec608ac796ff55cf516884f  ppc/8.0/RPMS/postgresql-7.0.3-12.3mdk.ppc.rpm
a55c4d8c2e97abd9ada72015c367f753  ppc/8.0/RPMS/postgresql-devel-7.0.3-12.3mdk.ppc.rpm
006c7fb46d4cf62a40209bee1e4bdca5  ppc/8.0/RPMS/postgresql-jdbc-7.0.3-12.3mdk.ppc.rpm
a3392a4a27443edea9059a38512518c8  ppc/8.0/RPMS/postgresql-odbc-7.0.3-12.3mdk.ppc.rpm
709d9eeeb484099ba65551a41219ec7f  ppc/8.0/RPMS/postgresql-perl-7.0.3-12.3mdk.ppc.rpm
edfe27d1661db92a6511b4541bd40949  ppc/8.0/RPMS/postgresql-python-7.0.3-12.3mdk.ppc.rpm
c7c22eb21bfc0cff2f3b28873e967730  ppc/8.0/RPMS/postgresql-server-7.0.3-12.3mdk.ppc.rpm
904006be899f6105cc888b212118ae5d  ppc/8.0/RPMS/postgresql-tcl-7.0.3-12.3mdk.ppc.rpm
1a2d2f042788dd15cbf4d43e9c64064c  ppc/8.0/RPMS/postgresql-test-7.0.3-12.3mdk.ppc.rpm
6e90a4031efd1f01185914f4de72e5ae  ppc/8.0/RPMS/postgresql-tk-7.0.3-12.3mdk.ppc.rpm
2b918a143b51a306ca9132233373c5d0  ppc/8.0/SRPMS/postgresql-7.0.3-12.3mdk.src.rpm

8.2 i586

 77d6ccc120c67b6178014a328b427130  ppc/8.2/RPMS/libecpg3-7.2-12.2mdk.ppc.rpm
426a2b8e85d929f2ab4a732d24ea3955  ppc/8.2/RPMS/libpgperl-7.2-12.2mdk.ppc.rpm
061df62587ce1b164e045becf6da1a29  ppc/8.2/RPMS/libpgsql2-7.2-12.2mdk.ppc.rpm
1f1b2696c7a42f8069d7a8df999bd1d2  ppc/8.2/RPMS/libpgsqlodbc0-7.2-12.2mdk.ppc.rpm
1a851295e15c4c5419998b8d036cac62  ppc/8.2/RPMS/libpgtcl2-7.2-12.2mdk.ppc.rpm
155cfe5d55f3e584e85095232961cf6d  ppc/8.2/RPMS/postgresql-7.2-12.2mdk.ppc.rpm
e493b4aaceff78671e9a65c2dd776ea7  ppc/8.2/RPMS/postgresql-contrib-7.2-12.2mdk.ppc.rpm
08d0e66b0d0565dcfa1adb632c07c730  ppc/8.2/RPMS/postgresql-devel-7.2-12.2mdk.ppc.rpm
21904a35b8076be3bad3187af15a1440  ppc/8.2/RPMS/postgresql-docs-7.2-12.2mdk.ppc.rpm
ccc669f434df60024c8f2cf1d53be994  ppc/8.2/RPMS/postgresql-jdbc-7.2-12.2mdk.ppc.rpm
cc50d01c305bb5bc418a99d94546728e  ppc/8.2/RPMS/postgresql-python-7.2-12.2mdk.ppc.rpm
9b510ff074a190cdeace20a006948566  ppc/8.2/RPMS/postgresql-server-7.2-12.2mdk.ppc.rpm
2c655f88c1683a644f97dfbf0ddb4a2f  ppc/8.2/RPMS/postgresql-tcl-7.2-12.2mdk.ppc.rpm
b31814cf01ba11f63e44d66b99797392  ppc/8.2/RPMS/postgresql-test-7.2-12.2mdk.ppc.rpm
6eb3d839bbef278b0e6435143c714c02  ppc/8.2/RPMS/postgresql-tk-7.2-12.2mdk.ppc.rpm
14f6696f5d41104d0d10c27e1f3d7988  ppc/8.2/SRPMS/postgresql-7.2-12.2mdk.src.rpm

7.2 i586

 16f6ad77e613d9c69eb953711ecae596  7.2/RPMS/postgresql-7.0.2-6.2mdk.i586.rpm
fe299c787297a701c70be0c59698107c  7.2/RPMS/postgresql-devel-7.0.2-6.2mdk.i586.rpm
a29d7d45e6e344b5a62a19b24820ee6d  7.2/RPMS/postgresql-jdbc-7.0.2-6.2mdk.i586.rpm
1b298b043a3f7da08d119d5acc831e43  7.2/RPMS/postgresql-odbc-7.0.2-6.2mdk.i586.rpm
bd40b3b65086aba62dc2fb85cc14de07  7.2/RPMS/postgresql-perl-7.0.2-6.2mdk.i586.rpm
f11d2a8bb7e7b885bcdeddddf96fa8b2  7.2/RPMS/postgresql-python-7.0.2-6.2mdk.i586.rpm
09bd4bd5ba414ddb8f29dd6cd17d7437  7.2/RPMS/postgresql-server-7.0.2-6.2mdk.i586.rpm
66dcfa74038a5ea2c182f0a656539a13  7.2/RPMS/postgresql-tcl-7.0.2-6.2mdk.i586.rpm
042c9b97cfbc766307c397430c44df9a  7.2/RPMS/postgresql-test-7.0.2-6.2mdk.i586.rpm
e8e59f5ce6276887da8d99d93f6bed32  7.2/RPMS/postgresql-tk-7.0.2-6.2mdk.i586.rpm
7994b32ad704c1eca1d826526c539cc7  7.2/SRPMS/postgresql-7.0.2-6.2mdk.src.rpm

References