---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated PostgreSQL packages fix security issues and bugs
Advisory ID: RHSA-2003:001-16
Issue date: 2003-01-14
Updated on: 2003-01-14
Product: Red Hat Linux
Keywords: PostgreSQL VACUUM pre-1970 spinlock
Cross references:
Obsoletes:
CVE Names: CAN-2002-0972 CAN-2002-1397 CAN-2002-1398 CAN-2002-1400 CAN-2002-1401 CAN-2002-1402
---------------------------------------------------------------------
1. Topic:
Updated PostgreSQL packages are available for Red Hat Linux 7.3 and 8.0.
These packages correct several security and other bugs. A separate
advisory deals with updated PostgreSQL packages for Red Hat Linux 6.2, 7,
7.1, and 7.2.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
3. Problem description:
PostgreSQL is an advanced Object-Relational database management system.
Red Hat Linux 7.3 shipped with PostgreSQL version 7.2.1. Red Hat Linux 8.0
shipped with PostgreSQL version 7.2.2.
PostgreSQL versions 7.2.1 and 7.2.2 contain a serious issue with the VACUUM
command when it is run by a non-superuser. It is possible for the system
to prematurely remove old transaction log data (pg_clog files), which can
result in unrecoverable data loss.
A number of minor security issues affect the PostgreSQL 7.2.1 packages
shipped with Red Hat Linux 7.3 only:
1. Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of
service and possibly execute arbitrary code via long arguments to the lpad
or rpad functions. CAN-2002-0972
2. Buffer overflow in the cash_words() function allows local users to cause
a denial of service and possibly execute arbitrary code via a malformed
argument. CAN-2002-1397
3. Buffer overflow in the date parser allows attackers to cause a denial of
service and possibly execute arbitrary code via a long date string, also
known as a vulnerability "in handling long datetime input." CAN-2002-1398
4. Heap-based buffer overflow in the repeat() function allows attackers to
execute arbitrary code by causing repeat() to generate a large string.
CAN-2002-1400
5. Buffer overflows in the TZ and SET TIME ZONE enivronment variables allow
local users to cause a denial of service and possibly execute arbitrary
code. CAN-2002-1402
Additionally, buffer overflows in circle_poly, path_encode and path_add
allow attackers to cause a denial of service and possibly execute arbitrary
code. Note that these overflows have been fixed in our erratum packages and
in PostgreSQL CVS, but are not fixed in the released versions of PostgreSQL
version 7.2.3. CAN-2002-1401
The above vulnerabilities are only critical on open or shared systems
because connecting to the database is required before the vulnerabilities
can be exploited.
This update also contains fixes for several other PostgreSQL bugs,
including handling of pre-1970 date values in newer versions of glibc,
possible server shutdown hangs, spinlock hangs on SMP PPC machines, and
pg_dump improperly dumping with the FULL JOIN USING clauses.
All users of PostgreSQL should upgrade to these errata packages containing
PostgreSQL 7.2.3 with additional patches to correct all these issues. Note
that running initdb is not necessary when upgrading from 7.2.1 or 7.2.2 to
the packages contained in this errata.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. RPMs required:
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/postgresql-7.2.3-5.73.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/postgresql-7.2.3-5.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/postgresql-libs-7.2.3-5.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/postgresql-server-7.2.3-5.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/postgresql-docs-7.2.3-5.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/postgresql-contrib-7.2.3-5.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/postgresql-devel-7.2.3-5.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/postgresql-tcl-7.2.3-5.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/postgresql-tk-7.2.3-5.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/postgresql-odbc-7.2.3-5.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/postgresql-perl-7.2.3-5.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/postgresql-python-7.2.3-5.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/postgresql-jdbc-7.2.3-5.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/postgresql-test-7.2.3-5.73.i386.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/postgresql-7.2.3-5.80.src.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/postgresql-7.2.3-5.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/postgresql-libs-7.2.3-5.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/postgresql-server-7.2.3-5.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/postgresql-docs-7.2.3-5.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/postgresql-contrib-7.2.3-5.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/postgresql-devel-7.2.3-5.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/postgresql-tcl-7.2.3-5.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/postgresql-tk-7.2.3-5.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/postgresql-odbc-7.2.3-5.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/postgresql-perl-7.2.3-5.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/postgresql-python-7.2.3-5.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/postgresql-jdbc-7.2.3-5.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/postgresql-test-7.2.3-5.80.i386.rpm
6. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
34e14436281e3beea42ee984bceabeb8 7.3/en/os/SRPMS/postgresql-7.2.3-5.73.src.rpm
edba57794dc188ddb4dd8408d2b351e2 7.3/en/os/i386/postgresql-7.2.3-5.73.i386.rpm
e71f0771204fe8293f1aa90f09f6481e 7.3/en/os/i386/postgresql-contrib-7.2.3-5.73.i386.rpm
58e695f58687a72bfc1ead13a301dae3 7.3/en/os/i386/postgresql-devel-7.2.3-5.73.i386.rpm
c8ff56f25004f8da3fcab97a00645a3c 7.3/en/os/i386/postgresql-docs-7.2.3-5.73.i386.rpm
551c10daca662b4514ed0ca9f57181e3 7.3/en/os/i386/postgresql-jdbc-7.2.3-5.73.i386.rpm
517c6bd62d0a82cdbb9a452b09e42ded 7.3/en/os/i386/postgresql-libs-7.2.3-5.73.i386.rpm
a942a652ae89df1aa0284b7c73348187 7.3/en/os/i386/postgresql-odbc-7.2.3-5.73.i386.rpm
51865efb9f3e491d497b18713d12a370 7.3/en/os/i386/postgresql-perl-7.2.3-5.73.i386.rpm
743471a3e5a2dbbaa376b58583519e92 7.3/en/os/i386/postgresql-python-7.2.3-5.73.i386.rpm
a65ed55398c08dfd9ef2cc48dcf620fb 7.3/en/os/i386/postgresql-server-7.2.3-5.73.i386.rpm
822f7424c23e9597755ad78dd4b2cedf 7.3/en/os/i386/postgresql-tcl-7.2.3-5.73.i386.rpm
9d632c76040305e701eb925656fd512e 7.3/en/os/i386/postgresql-test-7.2.3-5.73.i386.rpm
9dfa1a633958e1148b33f3122ed9a943 7.3/en/os/i386/postgresql-tk-7.2.3-5.73.i386.rpm
116fabd54ec3a3235ec8bb9946991001 8.0/en/os/SRPMS/postgresql-7.2.3-5.80.src.rpm
fa4bc52fd3733243874959805f23790f 8.0/en/os/i386/postgresql-7.2.3-5.80.i386.rpm
c2616bfa68911cb6072cee5da26ee4c7 8.0/en/os/i386/postgresql-contrib-7.2.3-5.80.i386.rpm
7b7183842f7e5bbe0bb3652410443ce1 8.0/en/os/i386/postgresql-devel-7.2.3-5.80.i386.rpm
a03b33fa750a9548bfc7050863b64ebe 8.0/en/os/i386/postgresql-docs-7.2.3-5.80.i386.rpm
06f18f7d31287f6731aea08593624866 8.0/en/os/i386/postgresql-jdbc-7.2.3-5.80.i386.rpm
ebd03dbfc757b629dac9bb017d918ef4 8.0/en/os/i386/postgresql-libs-7.2.3-5.80.i386.rpm
e2511b0ebbcecc1580d5585fe53603f6 8.0/en/os/i386/postgresql-odbc-7.2.3-5.80.i386.rpm
e07c50d8f035340cd9db90c77179b238 8.0/en/os/i386/postgresql-perl-7.2.3-5.80.i386.rpm
8527468481312aeaf2b4ea3a5a5731a1 8.0/en/os/i386/postgresql-python-7.2.3-5.80.i386.rpm
f5a061d396f96898aecc2570a1703cfa 8.0/en/os/i386/postgresql-server-7.2.3-5.80.i386.rpm
259de5a30643984be397b7d0d2ad66f4 8.0/en/os/i386/postgresql-tcl-7.2.3-5.80.i386.rpm
32eebb139b6dca1cc4ae562fb3d608f3 8.0/en/os/i386/postgresql-test-7.2.3-5.80.i386.rpm
8bd5bb78a954eac4ee0c0c7c98a79dde 8.0/en/os/i386/postgresql-tk-7.2.3-5.80.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at http://www.redhat.com/about/contact/pgpkey.html
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
md5sum <filename>
7. References:
http://www3.ca.postgresql.org/users-lounge/docs/7.3/postgres/release-7-2-3.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1402
8. Contact:
The Red Hat security contact is <securityat_private>. More contact
details at http://www.redhat.com/solutions/security/news/contact.html
Copyright 2003 Red Hat, Inc.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Tue Jan 14 2003 - 15:03:28 PST