ports/120133: [patch] Update VuXML to contain recent PostgreSQL vulnerabilities
Nick Barkas
snb at threerings.net
Tue Jan 29 23:30:01 UTC 2008
>Number: 120133
>Category: ports
>Synopsis: [patch] Update VuXML to contain recent PostgreSQL vulnerabilities
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 29 23:30:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Nick Barkas
>Release: FreeBSD 6.2-RELEASE-p4 i386
>Organization:
Three Rings Design, Inc.
>Environment:
System: FreeBSD mail1.earth.threerings.net 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Thu Apr 26 17:55:55 UTC 2007 root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386
>Description:
Several vulnerabilities in PostgreSQL were announced here:
http://www.postgresql.org/about/news.905. I've made a patch to the VuXML
document to notify FreeBSD users of these vulnerabilities via portaudit.
>How-To-Repeat:
>Fix:
--- postgres_vuxml.patch begins here ---
--- vuln.xml.orig Tue Jan 29 07:14:42 2008
+++ vuln.xml Tue Jan 29 14:56:26 2008
@@ -34,6 +34,68 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="222648aa-cead-11dc-8c6a-00304881ac9a">
+ <topic>postgresql -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>postgresql</name>
+ <name>postgresql-server</name>
+ <range><ge>7.3</ge><lt>7.3.21</lt></range>
+ <range><ge>7.4</ge><lt>7.4.19</lt></range>
+ <range><ge>8.0</ge><lt>8.0.15</lt></range>
+ <range><ge>8.1</ge><lt>8.1.11</lt></range>
+ <range><ge>8.2</ge><lt>8.2.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PostgreSQL developers report:</p>
+ <blockquote cite="http://www.postgresql.org/about/news.905">
+ <p>Index Functions Privilege Escalation (CVE-2007-6600): as a unique
+ feature, PostgreSQL allows users to create indexes on the results of
+ user-defined functions, known as "expression indexes". This provided
+ two vulnerabilities to privilege escalation: (1) index functions
+ were executed as the superuser and not the table owner during VACUUM
+ and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION
+ were permitted within index functions. Both of these holes have now
+ been closed.</p>
+
+ <p>Regular Expression Denial-of-Service (CVE-2007-4772,
+ CVE-2007-6067, CVE-2007-4769): three separate issues in the regular
+ expression libraries used by PostgreSQL allowed malicious users to
+ initiate a denial-of-service by passing certain regular expressions
+ in SQL queries. First, users could create infinite loops using some
+ specific regular expressions. Second, certain complex regular
+ expressions could consume excessive amounts of memory. Third,
+ out-of-range backref numbers could be used to crash the backend. All
+ of these issues have been patched.</p>
+
+ <p>DBLink Privilege Escalation (CVE-2007-6601): DBLink functions
+ combined with local trust or ident authentication could be used by a
+ malicious user to gain superuser privileges. This issue has been
+ fixed, and does not affect users who have not installed DBLink (an
+ optional module), or who are using password authentication for local
+ access. This same problem was addressed in the previous release
+ cycle (see CVE-2007-3278), but that patch failed to close all forms
+ of the loophole.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2007-6600</cvename>
+ <cvename>CVE-2007-4772</cvename>
+ <cvename>CVE-2007-6067</cvename>
+ <cvename>CVE-2007-4769</cvename>
+ <cvename>CVE-2007-6601</cvename>
+ <bid>27163</bid>
+ <url>http://www.postgresql.org/about/news.905</url>
+ </references>
+ <dates>
+ <discovery>2008-01-06</discovery>
+ <entry>2008-01-29</entry>
+ </dates>
+ </vuln>
+
<vuln vid="6ecd0b42-ce77-11dc-89b1-000e35248ad7">
<topic>libxine -- buffer overflow vulnerability</topic>
<affects>
--- postgres_vuxml.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list