-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:098 http://www.mandriva.com/security/ _______________________________________________________________________ Package : postgresql Date : June 7, 2006 Affected: 10.2, 2006.0, Corporate 3.0 _______________________________________________________________________ Problem Description: PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection." (CVE-2006-2313) PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem. (CVE-2006-2314) Packages have been patched or updated to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2313 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2314 _______________________________________________________________________ Updated Packages: Mandriva Linux 10.2: 7d7748c7f83651e1a31e111d7da0ffc4 10.2/RPMS/libecpg5-8.0.8-0.1.102mdk.i586.rpm 4a0e6f957da380bdd548785a069df2fa 10.2/RPMS/libecpg5-devel-8.0.8-0.1.102mdk.i586.rpm 7b15c9cf319e0eb6c5160bd6ae2f094c 10.2/RPMS/libpq4-8.0.8-0.1.102mdk.i586.rpm b4bc2a4cc570f460b583bedac744655e 10.2/RPMS/libpq4-devel-8.0.8-0.1.102mdk.i586.rpm 46f522cbf070062413a59783d185551e 10.2/RPMS/postgresql-8.0.8-0.1.102mdk.i586.rpm cf6d3b66f83c08f9285f05929e44eac0 10.2/RPMS/postgresql-contrib-8.0.8-0.1.102mdk.i586.rpm a213ae15b71714cc7471a475dff69dec 10.2/RPMS/postgresql-devel-8.0.8-0.1.102mdk.i586.rpm a778d339105a4a51d9457cf80758d539 10.2/RPMS/postgresql-docs-8.0.8-0.1.102mdk.i586.rpm c57042c163736aa50ca3f94acdb812b6 10.2/RPMS/postgresql-jdbc-8.0.8-0.1.102mdk.i586.rpm 0a3d055bff42d982a28c33c9785c7534 10.2/RPMS/postgresql-pl-8.0.8-0.1.102mdk.i586.rpm c4ce05d84d96ea30f520e03052c2b9af 10.2/RPMS/postgresql-plperl-8.0.8-0.1.102mdk.i586.rpm 3fa919d2a099eb4df0b05150b7d9187c 10.2/RPMS/postgresql-plpgsql-8.0.8-0.1.102mdk.i586.rpm 557a6ecae7b745bb96117209b00f548c 10.2/RPMS/postgresql-plpython-8.0.8-0.1.102mdk.i586.rpm dba76cc2c9e39a58924a1311ae0d2642 10.2/RPMS/postgresql-pltcl-8.0.8-0.1.102mdk.i586.rpm 7087b905bbc1c217dbb3442a6c028f0b 10.2/RPMS/postgresql-server-8.0.8-0.1.102mdk.i586.rpm ff16fa0a010db99ce67994bc94b5536a 10.2/RPMS/postgresql-test-8.0.8-0.1.102mdk.i586.rpm 0806b379df8b7c9b955f0bd519cf213f 10.2/SRPMS/postgresql-8.0.8-0.1.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 5c49f14f6581d8be74619a342c3e2526 x86_64/10.2/RPMS/lib64ecpg5-8.0.8-0.1.102mdk.x86_64.rpm 913b509d69a4814d039d662f70af1a9f x86_64/10.2/RPMS/lib64ecpg5-devel-8.0.8-0.1.102mdk.x86_64.rpm 68939e3bea560c1152144adb9ec53c05 x86_64/10.2/RPMS/lib64pq4-8.0.8-0.1.102mdk.x86_64.rpm 5c5058a573ff735fbf55f66b36070525 x86_64/10.2/RPMS/lib64pq4-devel-8.0.8-0.1.102mdk.x86_64.rpm 870d11274b7e44c0a640254c66186e7d x86_64/10.2/RPMS/postgresql-8.0.8-0.1.102mdk.x86_64.rpm c0b236b3758bc047c7cb89a1bf2e19cf x86_64/10.2/RPMS/postgresql-contrib-8.0.8-0.1.102mdk.x86_64.rpm de72f56defe74e0e636b9f9f9a542dda x86_64/10.2/RPMS/postgresql-devel-8.0.8-0.1.102mdk.x86_64.rpm 2335bcdcae87d9210594d1c7e52b5719 x86_64/10.2/RPMS/postgresql-docs-8.0.8-0.1.102mdk.x86_64.rpm d6db4aa274296935a3c52ac4250e097e x86_64/10.2/RPMS/postgresql-jdbc-8.0.8-0.1.102mdk.x86_64.rpm 7309113d835e1facf24f07600ea4e0bb x86_64/10.2/RPMS/postgresql-pl-8.0.8-0.1.102mdk.x86_64.rpm b6c476b046c1a3c83252210f62b6fa7a x86_64/10.2/RPMS/postgresql-plperl-8.0.8-0.1.102mdk.x86_64.rpm c79be6051bd388783c067c69cf9784e3 x86_64/10.2/RPMS/postgresql-plpgsql-8.0.8-0.1.102mdk.x86_64.rpm 33e9e0047ff25fe0b1d866bb1d2b9043 x86_64/10.2/RPMS/postgresql-plpython-8.0.8-0.1.102mdk.x86_64.rpm 13a7c2a73beea45caba038572fb77508 x86_64/10.2/RPMS/postgresql-pltcl-8.0.8-0.1.102mdk.x86_64.rpm 54f0c1c62319716d3d6d372162656c0e x86_64/10.2/RPMS/postgresql-server-8.0.8-0.1.102mdk.x86_64.rpm 8ed0ce1d8932b1d1b5e47300cf436ae5 x86_64/10.2/RPMS/postgresql-test-8.0.8-0.1.102mdk.x86_64.rpm 0806b379df8b7c9b955f0bd519cf213f x86_64/10.2/SRPMS/postgresql-8.0.8-0.1.102mdk.src.rpm Mandriva Linux 2006.0: 2b9e406b4646a1ae6657b1bd0fafe0a3 2006.0/RPMS/libecpg5-8.0.8-0.1.20060mdk.i586.rpm 243ddb16f72e02221c2188b0d5b09594 2006.0/RPMS/libecpg5-devel-8.0.8-0.1.20060mdk.i586.rpm 10a9c8bce7c1361d2a9e1e213e628e2a 2006.0/RPMS/libpq4-8.0.8-0.1.20060mdk.i586.rpm 0ba3382f18b64288b1314fdf337c05ee 2006.0/RPMS/libpq4-devel-8.0.8-0.1.20060mdk.i586.rpm 13c88ef9b006a32ce6cccb5e6a20edcf 2006.0/RPMS/postgresql-8.0.8-0.1.20060mdk.i586.rpm 04c1e95d8a38ef41ab44d6fd1925cca3 2006.0/RPMS/postgresql-contrib-8.0.8-0.1.20060mdk.i586.rpm e9af4ed2860766dea84f09e97f3238da 2006.0/RPMS/postgresql-devel-8.0.8-0.1.20060mdk.i586.rpm adfdd91733e3aa04d86d25a40a101381 2006.0/RPMS/postgresql-docs-8.0.8-0.1.20060mdk.i586.rpm b49599532eee6d806f644ca833e01217 2006.0/RPMS/postgresql-jdbc-8.0.8-0.1.20060mdk.i586.rpm 5ec0d9ce965a5cdad6456d628977c39b 2006.0/RPMS/postgresql-pl-8.0.8-0.1.20060mdk.i586.rpm 978c15526ba8a61fef212796ddc61463 2006.0/RPMS/postgresql-plperl-8.0.8-0.1.20060mdk.i586.rpm 91830da3acb37b022c4fbdb5836bf632 2006.0/RPMS/postgresql-plpgsql-8.0.8-0.1.20060mdk.i586.rpm cc0f900c787437928f380e645d17d37c 2006.0/RPMS/postgresql-plpython-8.0.8-0.1.20060mdk.i586.rpm 3708cb949b4c8603960ed44c9b513df5 2006.0/RPMS/postgresql-pltcl-8.0.8-0.1.20060mdk.i586.rpm 696143a0a2883c8ced5437f21c5dbdf2 2006.0/RPMS/postgresql-server-8.0.8-0.1.20060mdk.i586.rpm 16d7bdc245d2ce5b1811222bf1c6e360 2006.0/RPMS/postgresql-test-8.0.8-0.1.20060mdk.i586.rpm 903a96aaa883cb62f0be8c0ba26d6b0c 2006.0/SRPMS/postgresql-8.0.8-0.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 3c6c8898c78e75eba130fa873f938535 x86_64/2006.0/RPMS/lib64ecpg5-8.0.8-0.1.20060mdk.x86_64.rpm 3e670208f7426f7269a861840e3f442b x86_64/2006.0/RPMS/lib64ecpg5-devel-8.0.8-0.1.20060mdk.x86_64.rpm 4b773b4fcc75c32827e0f0e0ecb77250 x86_64/2006.0/RPMS/lib64pq4-8.0.8-0.1.20060mdk.x86_64.rpm ad28bfc29df3a742724ef29b0d1ba0fd x86_64/2006.0/RPMS/lib64pq4-devel-8.0.8-0.1.20060mdk.x86_64.rpm 538aa8c9317953b6484fd6a190f6d89c x86_64/2006.0/RPMS/postgresql-8.0.8-0.1.20060mdk.x86_64.rpm c75a24e068fd9405ef942d9c081dcb4f x86_64/2006.0/RPMS/postgresql-contrib-8.0.8-0.1.20060mdk.x86_64.rpm f7247dc49eb9693eaadb24aa317fd20d x86_64/2006.0/RPMS/postgresql-devel-8.0.8-0.1.20060mdk.x86_64.rpm 442188ad9654ce43eed5f4475bfcb38c x86_64/2006.0/RPMS/postgresql-docs-8.0.8-0.1.20060mdk.x86_64.rpm 936340667b8c25af2a3991361e53b83e x86_64/2006.0/RPMS/postgresql-jdbc-8.0.8-0.1.20060mdk.x86_64.rpm e9d824016ecb58efffe335c6d26d7f18 x86_64/2006.0/RPMS/postgresql-pl-8.0.8-0.1.20060mdk.x86_64.rpm ddb424def79f631061365d3cbe85ef09 x86_64/2006.0/RPMS/postgresql-plperl-8.0.8-0.1.20060mdk.x86_64.rpm 0b6426978856e248528b791652fe880c x86_64/2006.0/RPMS/postgresql-plpgsql-8.0.8-0.1.20060mdk.x86_64.rpm 99ef20d223d5ba314ff90eac22fa4d33 x86_64/2006.0/RPMS/postgresql-plpython-8.0.8-0.1.20060mdk.x86_64.rpm fbce3702380d2ff8eb89e47e792142b0 x86_64/2006.0/RPMS/postgresql-pltcl-8.0.8-0.1.20060mdk.x86_64.rpm 9bceb314082b2800a710157cce5b80f9 x86_64/2006.0/RPMS/postgresql-server-8.0.8-0.1.20060mdk.x86_64.rpm 540a0e2cb80e4aada968f09633dbbcfc x86_64/2006.0/RPMS/postgresql-test-8.0.8-0.1.20060mdk.x86_64.rpm 903a96aaa883cb62f0be8c0ba26d6b0c x86_64/2006.0/SRPMS/postgresql-8.0.8-0.1.20060mdk.src.rpm Corporate 3.0: cd86a91e81c16b73b56e22795cc75ac1 corporate/3.0/RPMS/libecpg3-7.4.1-2.6.C30mdk.i586.rpm 81032809705e397ff92a36473cac3d46 corporate/3.0/RPMS/libecpg3-devel-7.4.1-2.6.C30mdk.i586.rpm 8ed7ddb1e22609f94619fb5ebf8f7a58 corporate/3.0/RPMS/libpgtcl2-7.4.1-2.6.C30mdk.i586.rpm e1a85f2ebb03443f752e2ddd1c0b778d corporate/3.0/RPMS/libpgtcl2-devel-7.4.1-2.6.C30mdk.i586.rpm b0ef1692772d939198d84cccdcfc30da corporate/3.0/RPMS/libpq3-7.4.1-2.6.C30mdk.i586.rpm f076ba31f6a477b8be7a74f793293770 corporate/3.0/RPMS/libpq3-devel-7.4.1-2.6.C30mdk.i586.rpm be6f85d3fd05ee59f482b90c00e79225 corporate/3.0/RPMS/postgresql-7.4.1-2.6.C30mdk.i586.rpm f4f9b314a43f04c93ba6a456c46eec3f corporate/3.0/RPMS/postgresql-contrib-7.4.1-2.6.C30mdk.i586.rpm cb0baf3e3b998127640e7c3573eda77b corporate/3.0/RPMS/postgresql-devel-7.4.1-2.6.C30mdk.i586.rpm 16fe11d7990e297e56ffb2f8e34eb3ff corporate/3.0/RPMS/postgresql-docs-7.4.1-2.6.C30mdk.i586.rpm f6acadb8c1d3c3e78bb5a7d7e233b73b corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.6.C30mdk.i586.rpm cd1088e858b39ac9c86865048e6e91dc corporate/3.0/RPMS/postgresql-pl-7.4.1-2.6.C30mdk.i586.rpm 2a2f6db2c65c6ec72a00cf22c77d25ed corporate/3.0/RPMS/postgresql-server-7.4.1-2.6.C30mdk.i586.rpm e6dbad550a75cbdaafb882646094b18e corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.6.C30mdk.i586.rpm 1d9bfb14ee7e32157364c02fdb5d39c8 corporate/3.0/RPMS/postgresql-test-7.4.1-2.6.C30mdk.i586.rpm 9e2f9744dbdd29fb5005585f8f0b9c08 corporate/3.0/SRPMS/postgresql-7.4.1-2.6.C30mdk.src.rpm Corporate 3.0/X86_64: d8ed626768c69eb97004d42d47322a4a x86_64/corporate/3.0/RPMS/lib64ecpg3-7.4.1-2.6.C30mdk.x86_64.rpm 19639e5f855af780586871e60365b8f1 x86_64/corporate/3.0/RPMS/lib64ecpg3-devel-7.4.1-2.6.C30mdk.x86_64.rpm 79163d1d52df819b3807445a28a4748f x86_64/corporate/3.0/RPMS/lib64pgtcl2-7.4.1-2.6.C30mdk.x86_64.rpm b4356183d45cdb448e7e8c2195a419e6 x86_64/corporate/3.0/RPMS/lib64pgtcl2-devel-7.4.1-2.6.C30mdk.x86_64.rpm 04732f900babe887c77606063dfe78a0 x86_64/corporate/3.0/RPMS/lib64pq3-7.4.1-2.6.C30mdk.x86_64.rpm a86004f195f5bd3d910b80bd2194b503 x86_64/corporate/3.0/RPMS/lib64pq3-devel-7.4.1-2.6.C30mdk.x86_64.rpm da154afe1362c980ede81914ccf412be x86_64/corporate/3.0/RPMS/postgresql-7.4.1-2.6.C30mdk.x86_64.rpm 0517399d099bd7aa39c0000b5b7eaa73 x86_64/corporate/3.0/RPMS/postgresql-contrib-7.4.1-2.6.C30mdk.x86_64.rpm 094cd54dd316f12b0dc45710f5ec4e22 x86_64/corporate/3.0/RPMS/postgresql-devel-7.4.1-2.6.C30mdk.x86_64.rpm 98f90c8828ae548035cab3dc1a633aa6 x86_64/corporate/3.0/RPMS/postgresql-docs-7.4.1-2.6.C30mdk.x86_64.rpm 2434237858aec19e8e65a4c7b429df9c x86_64/corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.6.C30mdk.x86_64.rpm 4414a59d5929668161aa932ea6e74787 x86_64/corporate/3.0/RPMS/postgresql-pl-7.4.1-2.6.C30mdk.x86_64.rpm 202b10907a8c365fb9408ab31ec4b7f4 x86_64/corporate/3.0/RPMS/postgresql-server-7.4.1-2.6.C30mdk.x86_64.rpm ef3f8cb2101ce12ef4a9d39dba3ef69d x86_64/corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.6.C30mdk.x86_64.rpm 5f38e8842f16de0a78d297542f36381f x86_64/corporate/3.0/RPMS/postgresql-test-7.4.1-2.6.C30mdk.x86_64.rpm 9e2f9744dbdd29fb5005585f8f0b9c08 x86_64/corporate/3.0/SRPMS/postgresql-7.4.1-2.6.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEhwzEmqjQ0CJFipgRAlpPAKDtS/0zzX1FQ5TNZJiomg794t8PuACg5Sy/ MbetQ0f3hu2qISycixCUipE= =t6wa -----END PGP SIGNATURE-----
