-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2002-76 http://www/turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Postgresql System stop by local user Release date : 2002-11-28 Solution: package : postgresql-7.2.2-1 Problem * Buffer overflow problem exists in function below the postgresql. - Lpad () - Rpad () - Circle_poly () - Path_encode () - Path_addr () Solution: Using turbopkg command, please do automatic operation update. When necessary, update is done automatically. Use the following command to verify the version currently installed. # rpm -qa | grep package name When automatic operation update is used, those which are presently are installed update all objects. Select the package, and use the rpm command to select when you would like to update. Execution example --------------------------------------------------------------------- 1. In super user modification $ su - 2. Password of super user input Password: 3. Starting the turbopkg # turbopkg 4. Menu selection " Update " " FTP server " " Update sight " Optional sight selection 5. In general user modification # exit --------------------------------------------------------------------- < Turbolinux 8 Server > * Correspondence being completed. < Turbolinux 8 Workstation > postgresql-7.2.2-1.i586.rpm postgresql-contrib-7.2.2-1.i586.rpm postgresql-devel-7.2.2-1.i586.rpm postgresql-docs-7.2.2-1.i586.rpm postgresql-jdbc-7.2.2-1.i586.rpm Postgresql-libs-7.2.2-1.i586.rpm postgresql-odbc-7.2.2-1.i586.rpm postgresql-perl-7.2.2-1.i586.rpm postgresql-python-7.2.2-1.i586.rpm postgresql-server-7.2.2-1.i586.rpm postgresql-tcl-7.2.2-1.i586.rpm postgresql-tk-7.2.2-1.i586.rpm < Turbolinux 7 Server > postgresql-7.2.2-1.i586.rpm postgresql-contrib-7.2.2-1.i586.rpm postgresql-devel-7.2.2-1.i586.rpm postgresql-docs-7.2.2-1.i586.rpm postgresql-jdbc-7.2.2-1.i586.rpm postgresql-libs-7.2.2-1.i586.rpm postgresql-odbc-7.2.2-1.i586.rpm postgresql-perl-7.2.2-1.i586.rpm postgresql-python-7.2.2-1.i586.rpm postgresql-server-7.2.2-1.i586.rpm postgresql-tcl-7.2.2-1.i586.rpm postgresql-test-7.2.2-1.i586.rpm postgresql-tk-7.2.2-1.i586.rpm ruby-postgres-0.6.4-3.i586.rpm * The case where version of the postgresql is increased the point of caution < Turbolinux 7 Workstation > postgresql-7.1.3-2.i586.rpm postgresql-contrib-7.1.3-2.i586.rpm postgresql-devel-7.1.3-2.i586.rpm postgresql-docs-7.1.3-2.i586.rpm postgresql-jdbc-7.1.3-2.i586.rpm postgresql-libs-7.1.3-2.i586.rpm postgresql-odbc-7.1.3-2.i586.rpm postgresql-perl-7.1.3-2.i586.rpm postgresql-python-7.1.3-2.i586.rpm postgresql-server-7.1.3-2.i586.rpm postgresql-tcl-7.1.3-2.i586.rpm postgresql-test-7.1.3-2.i586.rpm postgresql-tk-7.1.3-2.i586.rpm < Turbolinux Server 6.5 > < Turbolinux Advanced Server 6 > < Turbolinux Server 6.1 > postgresql-7.0.3-5.i386.rpm postgresql-devel-7.0.3-5.i386.rpm postgresql-jdbc-7.0.3-5.i386.rpm postgresql-odbc-7.0.3-5.i386.rpm postgresql-perl-7.0.3-5.i386.rpm postgresql-python-7.0.3-5.i386.rpm postgresql-server-7.0.3-5.i386.rpm postgresql-tcl-7.0.3-5.i386.rpm postgresql-test-7.0.3-5.i386.rpm postgresql-tk-7.0.3-5.i386.rpm < Turbolinux Workstation 6.0 > * If Postgresql is not being recorded, it is not necessary to update. * Upon the maintenance of our company FTP sight, we determined that update of the turbopkg is neccesary. Details the below-mentioned URL reference. http://www.turbolinux.co.jp/download/zabom.html Package updates: http://www.turbolinux.co.jp/update/