The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[PLSN-0004] - Buffer overflow in PostgreSQL


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Thu, 21 Apr 2005 10:20:28 -0400
From: Peachtree Linux Security Team <security@peachtree.burdell.org.>
To: [email protected]
Subject: [PLSN-0004] - Buffer overflow in PostgreSQL
Message-ID: <20050421142028.GD13292@kevlar.burdell.org.>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="5G06lTa6Jq83wMTw"
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
X-Virus-Scanned: antivirus-gw at tyumen.ru


--5G06lTa6Jq83wMTw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

---------------------------------------------------------------------------
Peachtree Linux Security Notice PLSN-0004
April 20, 2005

Buffer overflow in PL/PGSQL parser allowing database users to run arbitrary
code as pgsql user
CAN-2005-0245, CAN-2005-0247
---------------------------------------------------------------------------

The following Peachtree Linux releases are affected:

   Peachtree Linux release 1 ("Atlanta")

Description:

   CAN-2005-0245, CAN-2005-0247: Two buffer overflow vulnerabilities are
   present in the PL/PGSL parser gram.y which allow anyone with the ability
   to run SQL statements to execute arbitrary code as the pgsql user.

Packages:

   alpha
      1e36e9d2d64e9ff7a85c99a539ab1f61  postgresql-7.4.7.alpha.dist

   i386
      430f9cc3b162bba75bb970e288c80dac  postgresql-7.4.7.i686.dist

   ppc
      9e805d9a73becf8da6910ac493bb37a1  postgresql-7.4.7.ppc.dist

Solution:

   Download the appropriate package for your release of Peachtree linux.
   Upgrade your system to the new package:

      distadd -u packagename

   Where package name is the name of the package file from the list above.

   After installation of the new package, restart any running postgresql
   services.  This new version of postgresql does not change the layout of
   the database on the filesystem, and therefore does not require a
   dump/restore.

--=20
Peachtree Linux Security Team
http://peachtree.burdell.org/

--5G06lTa6Jq83wMTw
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCZ7asnchtWYh7oqQRAqQrAKCrRqoG5bK58WOOWIbYEoC1vZ6KFQCfYg71
3ao7s00ooevhyJQtjf5liTU=
=cniD
-----END PGP SIGNATURE-----

--5G06lTa6Jq83wMTw--


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру