USN-933-1: PostgreSQL vulnerability
Ubuntu Security Notice USN-933-1 April 28, 2010
postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability
CVE-2010-0442
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
postgresql-8.1 8.1.20-0ubuntu0.6.06.1
Ubuntu 8.04 LTS:
postgresql-8.3 8.3.10-0ubuntu8.04.1
Ubuntu 9.04:
postgresql-8.3 8.3.10-0ubuntu9.04.1
Ubuntu 9.10:
postgresql-8.4 8.4.3-0ubuntu9.10.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that PostgreSQL did not properly sanitize its input when
using substring() with a SELECT statement. A remote authenticated attacker
could exploit this to cause a denial of service via application crash.
