Date: Tue, 29 Jan 2008 15:05:30 -0800 (PST) From: Nick Barkas <snb@threerings.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/120133: [patch] Update VuXML to contain recent PostgreSQL vulnerabilities Message-ID: <20080129230530.4F11161F6F@smtp.earth.threerings.net> Resent-Message-ID: <200801292330.m0TNU17T096614@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 120133 >Category: ports >Synopsis: [patch] Update VuXML to contain recent PostgreSQL vulnerabilities >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Jan 29 23:30:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Nick Barkas >Release: FreeBSD 6.2-RELEASE-p4 i386 >Organization: Three Rings Design, Inc. >Environment: System: FreeBSD mail1.earth.threerings.net 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Thu Apr 26 17:55:55 UTC 2007 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386 >Description: Several vulnerabilities in PostgreSQL were announced here: http://www.postgresql.org/about/news.905. I've made a patch to the VuXML document to notify FreeBSD users of these vulnerabilities via portaudit. >How-To-Repeat: >Fix: --- postgres_vuxml.patch begins here --- --- vuln.xml.orig Tue Jan 29 07:14:42 2008 +++ vuln.xml Tue Jan 29 14:56:26 2008 @@ -34,6 +34,68 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="222648aa-cead-11dc-8c6a-00304881ac9a"> + <topic>postgresql -- multiple vulnerabilities</topic> + <affects> + <package> + <name>postgresql</name> + <name>postgresql-server</name> + <range><ge>7.3</ge><lt>7.3.21</lt></range> + <range><ge>7.4</ge><lt>7.4.19</lt></range> + <range><ge>8.0</ge><lt>8.0.15</lt></range> + <range><ge>8.1</ge><lt>8.1.11</lt></range> + <range><ge>8.2</ge><lt>8.2.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The PostgreSQL developers report:</p> + <blockquote cite="http://www.postgresql.org/about/news.905">; + <p>Index Functions Privilege Escalation (CVE-2007-6600): as a unique + feature, PostgreSQL allows users to create indexes on the results of + user-defined functions, known as "expression indexes". This provided + two vulnerabilities to privilege escalation: (1) index functions + were executed as the superuser and not the table owner during VACUUM + and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION + were permitted within index functions. Both of these holes have now + been closed.</p> + + <p>Regular Expression Denial-of-Service (CVE-2007-4772, + CVE-2007-6067, CVE-2007-4769): three separate issues in the regular + expression libraries used by PostgreSQL allowed malicious users to + initiate a denial-of-service by passing certain regular expressions + in SQL queries. First, users could create infinite loops using some + specific regular expressions. Second, certain complex regular + expressions could consume excessive amounts of memory. Third, + out-of-range backref numbers could be used to crash the backend. All + of these issues have been patched.</p> + + <p>DBLink Privilege Escalation (CVE-2007-6601): DBLink functions + combined with local trust or ident authentication could be used by a + malicious user to gain superuser privileges. This issue has been + fixed, and does not affect users who have not installed DBLink (an + optional module), or who are using password authentication for local + access. This same problem was addressed in the previous release + cycle (see CVE-2007-3278), but that patch failed to close all forms + of the loophole.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-6600</cvename> + <cvename>CVE-2007-4772</cvename> + <cvename>CVE-2007-6067</cvename> + <cvename>CVE-2007-4769</cvename> + <cvename>CVE-2007-6601</cvename> + <bid>27163</bid> + <url>http://www.postgresql.org/about/news.905</url>; + </references> + <dates> + <discovery>2008-01-06</discovery> + <entry>2008-01-29</entry> + </dates> + </vuln> + <vuln vid="6ecd0b42-ce77-11dc-89b1-000e35248ad7"> <topic>libxine -- buffer overflow vulnerability</topic> <affects> --- postgres_vuxml.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080129230530.4F11161F6F>