USN-568-1: PostgreSQL vulnerabilities

Releases

• Ubuntu 7.10
• Ubuntu 7.04
• Ubuntu 6.10
• Ubuntu 6.06

Packages

• postgresql-8.1 -
• postgresql-8.2 -

Details

Nico Leidecker discovered that PostgreSQL did not properly
restrict dblink functions. An authenticated user could exploit
this flaw to access arbitrary accounts and execute arbitrary
SQL queries. (CVE-2007-3278, CVE-2007-6601)

It was discovered that the TCL regular expression parser used
by PostgreSQL did not properly check its input. An attacker
could send crafted regular expressions to PostgreSQL and cause
a denial of service via resource exhaustion or database crash.
(CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)

It was discovered that PostgreSQL executed VACUUM and ANALYZE
operations within index functions with superuser privileges and
also allowed SET ROLE and SET SESSION AUTHORIZATION within index
functions. A remote authenticated user could exploit these flaws
to gain privileges. (CVE-2007-6600)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.10

• postgresql-8.2 - 8.2.6-0ubuntu0.7.10.1
• postgresql-pltcl-8.2 - 8.2.6-0ubuntu0.7.10.1

Ubuntu 7.04

• postgresql-8.2 - 8.2.6-0ubuntu0.7.04.1
• postgresql-pltcl-8.2 - 8.2.6-0ubuntu0.7.04.1

Ubuntu 6.10

• postgresql-8.1 - 8.1.11-0ubuntu0.6.10.1
• postgresql-pltcl-8.1 - 8.1.11-0ubuntu0.6.10.1

Ubuntu 6.06

• postgresql-8.1 - 8.1.11-0ubuntu0.6.06.1
• postgresql-pltcl-8.1 - 8.1.11-0ubuntu0.6.06.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

References

• CVE-2007-3278
• CVE-2007-4769
• CVE-2007-4772
• CVE-2007-6067
• CVE-2007-6600
• CVE-2007-6601