Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2006-2314

Publication date 24 May 2006

Last updated 24 July 2024

Ubuntu priority

Unknown

Why this priority?

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem.

Status

Package Ubuntu Release Status
amarok 7.04 feisty
Not affected
6.10 edgy
Not affected
6.06 LTS dapper
Not affected
dovecot 7.04 feisty
Fixed 1.0.rc17-1ubuntu2.1
6.10 edgy
Fixed 1.0.rc2-1ubuntu2.2
6.06 LTS dapper
Fixed 1.0.beta3-3ubuntu5.5
exim4 7.04 feisty Ignored end of life, was needed
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper
Fixed 4.60-3ubuntu3.1
libapache2-mod-auth-pgsql 7.04 feisty
Not affected
6.10 edgy
Not affected
6.06 LTS dapper
Not affected
php5 7.04 feisty
Not affected
6.10 edgy
Not affected
6.06 LTS dapper
Not affected
postfix 7.04 feisty
Not affected
6.10 edgy
Not affected
6.06 LTS dapper
Fixed 2.2.10-1ubuntu0.1
postgresql 7.04 feisty Not in release
6.10 edgy
Not affected
6.06 LTS dapper
Not affected
postgresql-7.4 7.04 feisty Not in release
6.10 edgy
Fixed 7.4.13-4
6.06 LTS dapper Ignored end of life, was needed
postgresql-8.1 7.04 feisty
Fixed 8.1.8-1ubuntu3
6.10 edgy
Fixed 8.1.9-0ubuntu0.6.10
6.06 LTS dapper
Fixed 8.1.9-0ubuntu0.6.06
postgresql-8.2 7.04 feisty
Fixed 8.2.4-0ubuntu0.7.04
6.10 edgy Not in release
6.06 LTS dapper Not in release
psycopg 7.04 feisty
Fixed 1.1.21-3ubuntu3
6.10 edgy
Fixed 1.1.21-3ubuntu3
6.06 LTS dapper
Fixed 1.1.21-3ubuntu3
psycopg2 7.04 feisty
Fixed 2.0.5.1-1
6.10 edgy
Fixed 2.0.5.1-1
6.06 LTS dapper Not in release
pygresql 7.04 feisty
Fixed 3.7-1ubuntu2
6.10 edgy
Fixed 3.7-1ubuntu2
6.06 LTS dapper
Fixed 3.7-1ubuntu2
python-pgsql 7.04 feisty
Fixed 2.4.0-6ubuntu3
6.10 edgy
Fixed 2.4.0-6ubuntu3
6.06 LTS dapper
Fixed 2.4.0-6ubuntu3

References

Related Ubuntu Security Notices (USN)

    • USN-288-2
    • PostgreSQL server/client vulnerabilities
    • 9 June 2006
    • USN-288-3
    • PostgreSQL client vulnerabilities
    • 9 June 2006
    • USN-288-1
    • PostgreSQL server/client vulnerabilities
    • 29 May 2006

Other references