linux, säkerhet

73881 2002-08-26  15:54  /62 rader/ Daniel Ahlberg <aliz@gentoo.org>
Importerad: 2002-08-26  15:54  av Brevbäraren
Extern mottagare: gentoo-security@gentoo.org
Mottagare: Bugtraq (import) <1250>
Ärende: GLSA: PostgreSQL
------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------

PACKAGE        :postgresql
SUMMARY        :buffer overruns
DATE           :2002-08-26 09:40 UTC

- - --------------------------------------------------------------------

OVERVIEW

Several buffer overruns found in PostgreSQL

DETAIL

The PostgreSQL Global Development Team has identified and
addressed the following buffer overruns in PostgreSQL:

* in handling long datetime input
* in repeat()
* in lpad() and rpad() with multibyte
* in SET TIME ZONE and TZ env var

More information can be found on the following adresses:

http://online.securityfocus.com/archive/1/288305/2002-08-16/2002-08-22/0
http://online.securityfocus.com/archive/1/288334/2002-08-16/2002-08-22/0

The advisory sent by The PostgreSQL Global Development Team can be
read at

http://online.securityfocus.com/archive/1/288998/2002-08-23/2002-08-29/0

SOLUTION

It is recommended that all Gentoo Linux users who are running
dev-db/postgresql-7.2.1-r2 and earlier update their systems
as follows:

emerge rsync
emerge postgresql
emerge clean

postgresql-7.2.2 is currently only available for x86. Sparc and ppc
will be available when it's been tested on these archs.

- - --------------------------------------------------------------------
Daniel Ahlberg
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9aferfT7nyhUpoZMRAvekAJ9UjtWr7K5934otXCWVujKOrK9m5QCghSE5
W7ksuXGlIoPx2QexaxEcUEY=
=nrn6
-----END PGP SIGNATURE-----
(73881) /Daniel Ahlberg <aliz@gentoo.org>/(Ombruten)