[SECURITY] [DSA 1909-1] New postgresql-ocaml packages provide secure escaping

URL: http://www.securityfocus.com/archive/1/507190

[USN-753-1] PostgreSQL vulnerability

<!– Envelope-to: email@address Delivery-date: Tue, 07 Apr 2009 18:36:12 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1LrFDX-00055K-TP for email@address; Tue, 07 Apr 2009 18:36:12 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id DE1F223736A; Tue, 7 Apr 2009 10:33:59 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 13130 invoked from network); 7 Apr 2009 15:38:43 -0000 Reply-To: Ubuntu Security <security@ubuntu.com> Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk X-Original-To: marc.deslauriers@cleanmail.canonical.com X-Mailcontrol-Inbound: uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xw= X-Spam-Score: -15 X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.74.0.154 Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-EkOmRjtPenBTJ5mcQ7pH" Message-Id: <1239118997.5645.37.camel@mdlinux.technorage.com> Mime-Version: 1.0 X-Mailer: Evolution 2.26.0 X-IMAPbase: 1176125385 8696 Status: O X-UID: 8696 Content-Length: 36874 X-Keywords:

]]> http://sechero.com/postgresql-vulnerability-2/feed/ 0 http://sechero.com/postgresql-vulnerability/ http://sechero.com/postgresql-vulnerability/#comments Tue, 07 Apr 2009 15:43:17 +0000 invalid string http://sechero.com/postgresql-vulnerability/

[USN-753-1] PostgreSQL vulnerability

Posted by Marc Deslauriers on Apr 07

===========================================================
Ubuntu Security Notice USN-753-1 April 07, 2009
postgresql-8.1, postgresql-8.3 vulnerability
CVE-2009-0922
===========================================================

A security issue affects the following Ubuntu…

URL: http://seclists.org/fulldisclosure/2009/Apr/0058.html

Next-gen SQL injection opens server door

A vulnerability estimated to affect more than 1 in 10 websites could go lethal with the finding that it can be used to reliably take complete control of the site’s underlying server.

Research to be presented at the Black Hat security conference in Amsterdam later this month will show how so-called SQL injection attacks open the door to much more serious exploits that give hackers unfettered access to a website’s database and the operating system that runs it. Penetration tester Bernardo Damele Assumpcao Guimaraes says his techniques prey on design flaws in three of the most popular databases, including MySQL, PostgreSQL, and Microsoft SQL Server.

SQL injections are the result of applications that fail to vet user-supplied input entered into search boxes and other website fields. Hackers can abuse this failure to access private information by entering valid commands that get executed by a website’s back-end database. Over the past five years, SQL injections have tripped up some of the world’s most sensitive sites, including the Department of Homeland Security, embassies, banks, and security companies.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=30753

Bugtraq: [ MDVSA-2009:079 ] postgresql

[ MDVSA-2009:079 ] postgresql

URL: http://www.securityfocus.com/archive/1/502056

[ MDVSA-2009:079 ] postgresql

Posted by security_at_mandriva.com on Mar 23

 _______________________________________________________________________

 Mandriva Linux Security Advisory MDVSA-2009:079
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package :…

URL: http://seclists.org/fulldisclosure/2009/Mar/0322.html

Vuln: PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability

PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability

URL: http://www.securityfocus.com/bid/34090

CVE-2009-0922 (postgresql)

PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0922