*Wed, 19 Apr 2006 07:11:27 GMT
ANNOUNCE: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:14.fpu
*Tue, 2 May 2006 23:38:46 -0600
X.Org server security vulnerability (Announced by OpenBSD)
*Thu, 27 Apr 2006 21:40:46 +0100
NetBSD Security Advisory 2006-014: An audio subsystem race condition may crash the system
*Tue, 16 May 2006 17:58:19 +0100
End of life for the NetBSD 1.6 branch
*Thu, 25 May 2006 13:59:10 -0400
FreeBSD 5.5 Released
================= PostgreSQL 1 =================
Vulnerability type: SQL Injection
Remotely exploitable: Depends on client
Affected versions: PostgreSQL 8.1.0-8.1.3, 8.0.0-8.0.7,
7.4.0-7.4.12, 7.3.0-7.3.14
Fixed versions: PostgreSQL 8.1.4, 8.0.8, 7.4.13, 7.3.15
Affected platforms: All
CVE: CVE-2006-2313
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2313)
Vulnerability description
-------------------------
An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands into the database. The attacks covered here work in any multibyte encoding.
================= PostgreSQL 2 =================
Vulnerability type: SQL Injection
Remotely exploitable: Depends on client
Affected versions: PostgreSQL 8.1.0-8.1.3, 8.0.0-8.0.7,
7.4.0-7.4.12, 7.3.0-7.3.14
Fixed versions: PostgreSQL 8.1.4, 8.0.8, 7.4.13, 7.3.15
Affected platforms: All
CVE: CVE-2006-2314
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2314)
Vulnerability description
-------------------------
The widely-used practice of escaping ASCII single quote "'" by turning it into "\'" is unsafe when operating in multibyte encodings that allow 0x5c (ASCII code for backslash) as the trailing byte of a multibyte character; this includes at least SJIS, BIG5, GBK, GB18030, and UHC. An application that uses this conversion while embedding untrusted strings in SQL commands is vulnerable to SQL-injection attacks if it communicates with the server in one of these encodings. While the standard client libraries used with PostgreSQL have escaped "'" in the safe, SQL-standard way of "''" for some time, the older practice remains common. As of PostgreSQL versions 8.1.4, 8.0.8, 7.4.13 and 7.3.15, the server has been modified to reject "\'" when the client is using one of these encodings.
This does NOT in itself fix all variants of the problem, but it will make it obvious that such a client is broken and in need of repair.
More information is available on the PostgreSQL website at
http://www.postgresql.org/docs/techdocs.52.
ANNOUNCE: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:14.fpu
*Tue, 2 May 2006 23:38:46 -0600
X.Org server security vulnerability (Announced by OpenBSD)
*Thu, 27 Apr 2006 21:40:46 +0100
NetBSD Security Advisory 2006-014: An audio subsystem race condition may crash the system
*Tue, 16 May 2006 17:58:19 +0100
End of life for the NetBSD 1.6 branch
*Thu, 25 May 2006 13:59:10 -0400
FreeBSD 5.5 Released
================= PostgreSQL 1 =================
Vulnerability type: SQL Injection
Remotely exploitable: Depends on client
Affected versions: PostgreSQL 8.1.0-8.1.3, 8.0.0-8.0.7,
7.4.0-7.4.12, 7.3.0-7.3.14
Fixed versions: PostgreSQL 8.1.4, 8.0.8, 7.4.13, 7.3.15
Affected platforms: All
CVE: CVE-2006-2313
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2313)
Vulnerability description
-------------------------
An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands into the database. The attacks covered here work in any multibyte encoding.
================= PostgreSQL 2 =================
Vulnerability type: SQL Injection
Remotely exploitable: Depends on client
Affected versions: PostgreSQL 8.1.0-8.1.3, 8.0.0-8.0.7,
7.4.0-7.4.12, 7.3.0-7.3.14
Fixed versions: PostgreSQL 8.1.4, 8.0.8, 7.4.13, 7.3.15
Affected platforms: All
CVE: CVE-2006-2314
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2314)
Vulnerability description
-------------------------
The widely-used practice of escaping ASCII single quote "'" by turning it into "\'" is unsafe when operating in multibyte encodings that allow 0x5c (ASCII code for backslash) as the trailing byte of a multibyte character; this includes at least SJIS, BIG5, GBK, GB18030, and UHC. An application that uses this conversion while embedding untrusted strings in SQL commands is vulnerable to SQL-injection attacks if it communicates with the server in one of these encodings. While the standard client libraries used with PostgreSQL have escaped "'" in the safe, SQL-standard way of "''" for some time, the older practice remains common. As of PostgreSQL versions 8.1.4, 8.0.8, 7.4.13 and 7.3.15, the server has been modified to reject "\'" when the client is using one of these encodings.
This does NOT in itself fix all variants of the problem, but it will make it obvious that such a client is broken and in need of repair.
More information is available on the PostgreSQL website at
http://www.postgresql.org/docs/techdocs.52.
※コメント投稿者のブログIDはブログ作成者のみに通知されます