[SECURITY] [DSA 397-1] New PostgreSQL packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 397-1 [email protected] http://www.debian.org/security/ Martin Schulze November 7th, 2003 http://www.debian.org/security/faq -...

DSA-397 postgresql - buffer overflow

Bulletin has no description...

[OpenPKG-SA-2003.047] OpenPKG Security Advisory (postgresql)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [email protected] [email protected] OpenPKG-SA-2003.047 30-Oct-2003 Package: postgresql Vulnerability: remote code execution OpenPKG...

@(#)Mordred Labs advisory - Remote DoS in PostgreSQL <= 7.2.2

-----BEGIN PGP SIGNED MESSAGE----- //@ Mordred Labs advisory 0x0007 Release date: August 26, 2002 Name: Remote DoS condition in PostgreSQL Versions affected: = 7.2.2 Conditions: entry in a pghba.conf file that matches attacker's host. Risk: average Author: Sir Mordred http://mslabs.iwebland.com I...

PostgreSQL DoS

User-supplied value is used for memory allocation...

CVE-2002-1399

Unknown vulnerability in cashout and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cashout2...

CVE-2002-1398

Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input."...

CVE-2002-1400

Heap-based buffer overflow in the repeat function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat to generate a large string...

CVE-2002-1398

Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input."...

CVE-2002-1401

Buffer overflows in 1 circlepoly, 2 pathencode and 3 pathadd also incorrectly identified as pathaddr for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow...

CVE-2002-1397

Vulnerability in the cashwords function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow...

CVE-2002-1400

Heap-based buffer overflow in the repeat function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat to generate a large string...

CVE-2002-1657

PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack...

CVE-2002-1642

PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction log pgclog data and cause a denial of service data loss via the VACUUM command...

@(#)Mordred Labs advisory 0x0004: Multiple buffer overflows in PostgreSQL.

//@ Mordred Labs advisory 0x0004 Release data: 20/08/02 Name: Two buffer overflows in PostgreSQL Versions affected: all versions Conditions: multibyte support Risk: average -- Description: I guess all of you already hear about the PostgreSQL. If not, try to visit...

CVE-2002-0802

The multibyte support in PostgreSQL 6.5.x with SQLASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks...

CVE-2001-0201

The Postaci frontend for PostgreSQL does not properly filter characters such as semicolons, which could allow remote attackers to execute arbitrary SQL queries via the deletecontact.php program...

Postaci allows arbitrary SQL query execution

Popular webmail software Postaci ships with Debian lacks of checking for malicious SQL code in variables coming from user while deleting addressbook contacts, bookmarks and notes. This gives opportunity to malicious user to execute arbitrary SQL query. The problem affects Postaci if using...