SOT Linux Advisory: postgresql | Linux Today

SOT Linux Advisory: postgresql

Written By
Web Webster
Web Webster
Nov 30, 2003

SOT Linux Security Advisory

Subject: Updated postgresql package for SOT Linux 2003
Advisory ID: SLSA-2003:54
Date: Saturday, November 29, 2003
Product: SOT Linux 2003

1. Problem description

PostgreSQL is an advanced Object-Relational database management
system (DBMS).
Two bugs that can lead to buffer overflows have been found in the
PostgreSQL abstract data type to ASCII conversion routines. A
remote attacker who is able to influence the data passed to the
to_ascii functions may be able to execute arbitrary code in the
context of the PostgreSQL server. These issues affect PostgreSQL
7.2.x, and 7.3.x before 7.3.4. The Common Vulnerabilities and
Exposures project (cve.mitre.org/) has assigned the name
CAN-2003-0901 to these issues. In addition, a bug that can lead to
leaks has been found in the string to timestamp abstract data type
conversion routine. If the input string to the to_timestamp()
routine is shorter than what the template string is expecting, the
routine will run off the end of the input string, resulting in a
leak of previous timestamp behavior and unstable behavior. Users of
PostgreSQL are advised to upgrade to these erratum packages, which
contain backported patches that correct these issues.

2. Updated packages

SOT Linux 2003 Server:

i386:

ftp://ftp.sot.com/updates/2003/Server/i386/postgresql-7.2.4-1.i386.rpm


ftp://ftp.sot.com/updates/2003/Server/i386/postgresql-contrib-7.2.4-1.i386.rpm


ftp://ftp.sot.com/updates/2003/Server/i386/postgresql-devel-7.2.4-1.i386.rpm


ftp://ftp.sot.com/updates/2003/Server/i386/postgresql-docs-7.2.4-1.i386.rpm


ftp://ftp.sot.com/updates/2003/Server/i386/postgresql-jdbc-7.2.4-1.i386.rpm


ftp://ftp.sot.com/updates/2003/Server/i386/postgresql-libs-7.2.4-1.i386.rpm


ftp://ftp.sot.com/updates/2003/Server/i386/postgresql-odbc-7.2.4-1.i386.rpm


ftp://ftp.sot.com/updates/2003/Server/i386/postgresql-perl-7.2.4-1.i386.rpm


ftp://ftp.sot.com/updates/2003/Server/i386/postgresql-python-7.2.4-1.i386.rpm


ftp://ftp.sot.com/updates/2003/Server/i386/postgresql-server-7.2.4-1.i386.rpm


ftp://ftp.sot.com/updates/2003/Server/i386/postgresql-tcl-7.2.4-1.i386.rpm


ftp://ftp.sot.com/updates/2003/Server/i386/postgresql-test-7.2.4-1.i386.rpm


ftp://ftp.sot.com/updates/2003/Server/i386/postgresql-tk-7.2.4-1.i386.rpm

SRPMS:

ftp://ftp.sot.com/updates/2003/Server/SRPMS/postgresql-7.2.4-1.src.rpm

3. Upgrading package

Before applying this update, make sure all previously released
errata relevant to your system have been applied. Use up2date to
automatically upgrade the fixed packages.

If you want to upgrade manually, download the updated package
from the SOT Linux FTP site (use the links above) or from one of
our mirrors. The list of mirrors can be obtained at www.sot.com/en/linux

Update the package with the following command: rpm -Uvh
<filename>

4. Verification

All packages are PGP signed by SOT for security.

You can verify each package with the following command: rpm
–checksig <filename>

If you wish to verify the integrity of the downloaded package,
run “md5sum <filename>” and compare the output with data
given below.

Package Name MD5 sum


/Server/i386/postgresql-7.2.4-1.i386.rpm
bd69df83276d2c0f6e8985911fd0974a
/Server/i386/postgresql-contrib-7.2.4-1.i386.rpm
6d681ded480be80c3264fa16a6e01958
/Server/i386/postgresql-devel-7.2.4-1.i386.rpm
4cf02881e9e85b9c9a5622607033e110
/Server/i386/postgresql-docs-7.2.4-1.i386.rpm
c6088d5a230b57f07f2d1e22bc21c5d9
/Server/i386/postgresql-jdbc-7.2.4-1.i386.rpm
c7ec1d79774ce8bfa94a03ff090f951e
/Server/i386/postgresql-libs-7.2.4-1.i386.rpm
30331059bc8548d81633ae3e8f705e4a
/Server/i386/postgresql-odbc-7.2.4-1.i386.rpm
a3cc8cd3f675993d586f0a47fe91341d
/Server/i386/postgresql-perl-7.2.4-1.i386.rpm
4983e462bbaabee4712ff615fcc40e22
/Server/i386/postgresql-python-7.2.4-1.i386.rpm
8797d9fe3768670b50e09f6cf535c3ae
/Server/i386/postgresql-server-7.2.4-1.i386.rpm
d7d4b4d331d694e0450ba3a3cd1e5ca6
/Server/i386/postgresql-tcl-7.2.4-1.i386.rpm
b5659daa8637c4a7ee3287f6ab559ce1
/Server/i386/postgresql-test-7.2.4-1.i386.rpm
5dd7bfe4af412f3aa0bfb7d7675e368e
/Server/i386/postgresql-tk-7.2.4-1.i386.rpm
bbfc9c0b3d410a02a00dead3b6e30cb7
/Server/SRPMS/postgresql-7.2.4-1.src.rpm
75d56ef663252bfa327735b7a960f721

5. References

http://archives.postgresql.org/pgsql-bugs/2003-09/msg00014.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0901

Copyright(c) 2001-2003 SOT

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.