USN-367-1: Pike vulnerability

18 October 2006

pike7.6 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04

Software Description

Details

An SQL injection was discovered in Pike’s PostgreSQL module.
Applications using a PostgreSQL database and uncommon character encodings could be fooled into running arbitrary SQL commands, which could result in privilege escalation within the application, application data exposure, or denial of service.

Please refer to http://www.ubuntu.com/usn/usn-288-1 for more detailled information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
pike7.6-pg - 7.6.13-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References