Package: postgresql Severity: grave Tags: security sarge From: http://secunia.com/advisories/15217/
Workarounds (aka, fixes :) http://www.postgresql.org/about/news.315 DESCRIPTION: Two vulnerabilities have been reported in PostgreSQL, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially gain escalated privileges. 1) Missing validation of arguments supplied to the functions supporting client-to-server character set conversion can be exploited by unprivileged users when calling the functions from SQL commands. The vulnerability affects versions 7.3.* through 8.0.*. 2) The contrib/tsearch2 module misdeclares the return type of several functions, which breaks the type safety of "internal". The impact has reportedly not been investigated, but can at least crash the backend. The vulnerability affects versions 7.4 and later with the contrib/tsearch2 module installed. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11-1-k7 Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Versions of packages postgresql depends on: ii adduser 3.63 Add and remove users and groups ii debconf [debconf 1.4.48 Debian configuration management sy ii debianutils 2.13.2 Miscellaneous utilities specific t ii dpkg 1.10.27 Package maintenance system for Deb ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an ii libcomerr2 1.37-2 common error description library ii libkrb53 1.3.6-3 MIT Kerberos runtime libraries ii libpam0g 0.76-22 Pluggable Authentication Modules l ii libperl5.8 5.8.4-8 Shared Perl library ii libpq3 7.4.7-5 PostgreSQL C client library ii libreadline4 4.3-15 GNU readline and history libraries ii libssl0.9.7 0.9.7e-3 SSL shared libraries ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent ii postgresql-clien 7.4.7-5 front-end programs for PostgreSQL ii procps 1:3.2.5-1 /proc file system utilities ii python2.3 2.3.5-2 An interactive high-level object-o ii ucf 1.18 Update Configuration File: preserv ii zlib1g 1:1.2.2-4 compression library - runtime -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]