September 27, 2016

Exim, CouchDB and PostgreSQL All Updated To Close Security Holes

Three major open source server components have been updated to fix unrelated vulnerabilities. With Microsoft’s recent announcement of problems with the MHTML handler in all versions of Windows since XP, now it is the turn of some of the major open source projects to patch their software.

The Exim email server project has announced the release of Exim 4.74 which is primarily a security and bug fix release with the top security fix being for CVE-2011-0017. Errors in the open_log function in log.c in Exim 4.72 and earlier means the function does not check the return value from setuid or setgid system calls. This in turn could allow local users to append log data to arbitrary files via a symlink attack.

The NoSQL document-oriented database Apache CouchDB Project has released version 1.0.2 with over 30 changes and fixes. Amongst the bugs squashed are cross site scripting issues as detailed in CVE-2010-3854. Due to inadequate validation of request parameters and cookie data in Futon, CouchDB’s web-based administration UI, a malicious site can execute arbitrary code in the context of a user’s browsing session.

Apache are recommending that all users upgrade to V1.0.2. Upgrades from the 0.11.x and 0.10.x series should be seamless. Users on earlier versions should consult http://wiki.apache.org/couchdb/Breaking_changes

And another popular open source database has also been updated, this time PostgreSQL. The project has released security updates for all active branches of PostgreSQL including versions 9.0.3, 8.4.7, 8.3.14 and 8.2.20.

This security release tackles 63 bugs with the most important being a buffer overrun problem as described in CVE-2010-4015. This buffer overflow bug (present in all branches before 9.0.3, 8.4.7, 8.3.14, and 8.2.20) allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.