User: Password:
|
|
Subscribe / Log in / New account

Mandriva alert MDKSA-2005:093 (postgresql)

From:  Mandriva Security Team <security@mandriva.com>
To:  security-announce@mandrivalinux.org
Subject:  [Security Announce] MDKSA-2005:093 - Updated PostgreSQL packages fix multiple vulnerabilities
Date:  Wed, 01 Jun 2005 16:27:32 -0600

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: postgresql Advisory ID: MDKSA-2005:093 Date: May 26th, 2005 Affected versions: 10.0, 10.1, 10.2, Corporate 3.0 ______________________________________________________________________ Problem Description: A number of vulnerabilities were found and corrected in the PostgreSQL DBMS: Two serious security errors have been found in PostgreSQL 7.3 and newer releases. These errors at least allow an unprivileged database user to crash the backend process, and may make it possible for an unprivileged user to gain the privileges of a database superuser. Functions that support client-to-server character set conversion can be called from SQL commands by unprivileged users, but these functions are not designed to be safe against malicious choices of argument values. (CAN-2005-1409) The contrib/tsearch2 module misdeclares several functions as returning type "internal" when they do not have any "internal" argument. This breaks the type safety of "internal" by allowing users to construct SQL commands that invoke other functions accepting "internal" arguments. (CAN-2005-1410) These vulnerabilities must also be fixed in all existing databases when upgrading. The post-installation script of the updated postgresql-server package attempts to do this automatically. The updated packages have been patched to correct these problems. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1410 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: aeedc1072185c106fcafe2797a52302b 10.0/RPMS/libecpg3-7.4.1-2.5.100mdk.i586.rpm d81d17fb9e13e0bb887f4663624c52e0 10.0/RPMS/libecpg3-devel-7.4.1-2.5.100mdk.i586.rpm ec386e33401e002a09ac6c54aec9eaeb 10.0/RPMS/libpgtcl2-7.4.1-2.5.100mdk.i586.rpm bafb74ea7dc4cd80996b249e2ce0a532 10.0/RPMS/libpgtcl2-devel-7.4.1-2.5.100mdk.i586.rpm 58ce2d043358b14d9f09cc2b5e952940 10.0/RPMS/libpq3-7.4.1-2.5.100mdk.i586.rpm 3d036161d3d50e02147a4f84b4d9200c 10.0/RPMS/libpq3-devel-7.4.1-2.5.100mdk.i586.rpm bae8fa690bc501efddfda5f182981c7e 10.0/RPMS/postgresql-7.4.1-2.5.100mdk.i586.rpm ab74642e890a5824208be7e0cb05352f 10.0/RPMS/postgresql-contrib-7.4.1-2.5.100mdk.i586.rpm 35fd0d594e8fab8822bfb7620877f919 10.0/RPMS/postgresql-devel-7.4.1-2.5.100mdk.i586.rpm 3f9c657ce179b9546789255b65f6c977 10.0/RPMS/postgresql-docs-7.4.1-2.5.100mdk.i586.rpm 02f3a3878d2fbf0666cc8aa5979064e6 10.0/RPMS/postgresql-jdbc-7.4.1-2.5.100mdk.i586.rpm 3ebe274bcb0914335abad73e246f36bb 10.0/RPMS/postgresql-pl-7.4.1-2.5.100mdk.i586.rpm 4b6bd61c9d7b9ce663a88f0c2e0d915a 10.0/RPMS/postgresql-server-7.4.1-2.5.100mdk.i586.rpm 79a2686235e0465f7dba8999ad177ec8 10.0/RPMS/postgresql-tcl-7.4.1-2.5.100mdk.i586.rpm e18521d0a723f63f75864195618a540a 10.0/RPMS/postgresql-test-7.4.1-2.5.100mdk.i586.rpm 378f0e512dd7f333b587453755882383 10.0/SRPMS/postgresql-7.4.1-2.5.100mdk.src.rpm Mandrakelinux 10.0/AMD64: a03225fe2348b3c94b69a0cf024a72b4 amd64/10.0/RPMS/lib64ecpg3-7.4.1-2.5.100mdk.amd64.rpm b844f646558df72e9066e0dda8293ad0 amd64/10.0/RPMS/lib64ecpg3-devel-7.4.1-2.5.100mdk.amd64.rpm 4abf07522176fab45e3cedfa4ea486ab amd64/10.0/RPMS/lib64pgtcl2-7.4.1-2.5.100mdk.amd64.rpm edadf59a66119ea2053cdaf1b706bae0 amd64/10.0/RPMS/lib64pgtcl2-devel-7.4.1-2.5.100mdk.amd64.rpm cacc38a0324383c5b5c1a7ede85e893a amd64/10.0/RPMS/lib64pq3-7.4.1-2.5.100mdk.amd64.rpm 781bd584c08364468c468e1f20ac024b amd64/10.0/RPMS/lib64pq3-devel-7.4.1-2.5.100mdk.amd64.rpm 01cc41dd346dbd97f902669aceadcbc1 amd64/10.0/RPMS/postgresql-7.4.1-2.5.100mdk.amd64.rpm 9e31560671ab5f98e667cc0ffef509ff amd64/10.0/RPMS/postgresql-contrib-7.4.1-2.5.100mdk.amd64.rpm d68cd3987e1fb07c85e8677a922aea57 amd64/10.0/RPMS/postgresql-devel-7.4.1-2.5.100mdk.amd64.rpm 66454d5034e732ef7d2cc6b0b86ff67b amd64/10.0/RPMS/postgresql-docs-7.4.1-2.5.100mdk.amd64.rpm f1d6651b86cf725df5350b0152ca6a56 amd64/10.0/RPMS/postgresql-jdbc-7.4.1-2.5.100mdk.amd64.rpm fb10823047b3ff5b55867c60dccb75fc amd64/10.0/RPMS/postgresql-pl-7.4.1-2.5.100mdk.amd64.rpm 33617c7b030b95f0665782ff6e66abaf amd64/10.0/RPMS/postgresql-server-7.4.1-2.5.100mdk.amd64.rpm 55f7443460141b83b1af9db28b3ed613 amd64/10.0/RPMS/postgresql-tcl-7.4.1-2.5.100mdk.amd64.rpm db4eaf039b41a3b72f4d2e634269ceb7 amd64/10.0/RPMS/postgresql-test-7.4.1-2.5.100mdk.amd64.rpm 378f0e512dd7f333b587453755882383 amd64/10.0/SRPMS/postgresql-7.4.1-2.5.100mdk.src.rpm Mandrakelinux 10.1: 09606474acc279cf257c232276a80f6d 10.1/RPMS/libecpg3-7.4.5-4.3.101mdk.i586.rpm 8e4a27778ba55f2b2713c4ff03147b91 10.1/RPMS/libecpg3-devel-7.4.5-4.3.101mdk.i586.rpm a8351c0abe59c0f668e73ddea0414b90 10.1/RPMS/libpgtcl2-7.4.5-4.3.101mdk.i586.rpm b0821e8cd84d21680b99ef1d0f59e93b 10.1/RPMS/libpgtcl2-devel-7.4.5-4.3.101mdk.i586.rpm c248b5409ec28142da7dd2c42b82bf7e 10.1/RPMS/libpq3-7.4.5-4.3.101mdk.i586.rpm cc865b79edf26e5959e2d2c4f3303bdf 10.1/RPMS/libpq3-devel-7.4.5-4.3.101mdk.i586.rpm b86715d30a1760abf186492dceedcd0b 10.1/RPMS/postgresql-7.4.5-4.3.101mdk.i586.rpm 02a611cfb25fa10b342d4c4e99166fb1 10.1/RPMS/postgresql-contrib-7.4.5-4.3.101mdk.i586.rpm bc2d9475031ca568de4c523d5a732d0a 10.1/RPMS/postgresql-devel-7.4.5-4.3.101mdk.i586.rpm 63839ede6a4b8baa70a441567c42443f 10.1/RPMS/postgresql-docs-7.4.5-4.3.101mdk.i586.rpm fe1ef871c021672de9fc5c0deaea3368 10.1/RPMS/postgresql-jdbc-7.4.5-4.3.101mdk.i586.rpm c9a8be14fbf5a3a76aca31b6f13d9fc4 10.1/RPMS/postgresql-pl-7.4.5-4.3.101mdk.i586.rpm a906c3ef7edb6c69b8da32b32857e64b 10.1/RPMS/postgresql-server-7.4.5-4.3.101mdk.i586.rpm 474ad52e73e70c6a68b6ba2d61f53b3c 10.1/RPMS/postgresql-tcl-7.4.5-4.3.101mdk.i586.rpm 2ffc7c3402f23607ec0d2178bfec0926 10.1/RPMS/postgresql-test-7.4.5-4.3.101mdk.i586.rpm 8241f1ad851b1ab1e6325f972db24d43 10.1/SRPMS/postgresql-7.4.5-4.3.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 5a60b5d1caa1a8d24d52bd1d64b9e6d7 x86_64/10.1/RPMS/lib64ecpg3-7.4.5-4.3.101mdk.x86_64.rpm 0938c879ccdc1385796005ab2697fc38 x86_64/10.1/RPMS/lib64ecpg3-devel-7.4.5-4.3.101mdk.x86_64.rpm 40bbe3d1f9d72cb2b4a71f2345a9bf56 x86_64/10.1/RPMS/lib64pgtcl2-7.4.5-4.3.101mdk.x86_64.rpm 26ea7696e0f3416e53fc5747f4bd38d6 x86_64/10.1/RPMS/lib64pgtcl2-devel-7.4.5-4.3.101mdk.x86_64.rpm 1ff13822321bfc41c82ee7b903c10958 x86_64/10.1/RPMS/lib64pq3-7.4.5-4.3.101mdk.x86_64.rpm c76722085f68d98e442534ed52fc7b16 x86_64/10.1/RPMS/lib64pq3-devel-7.4.5-4.3.101mdk.x86_64.rpm b07617ff5b49437f34a54ddfea917d2c x86_64/10.1/RPMS/postgresql-7.4.5-4.3.101mdk.x86_64.rpm d576aebbff57bdfaf4ecca953f6333b4 x86_64/10.1/RPMS/postgresql-contrib-7.4.5-4.3.101mdk.x86_64.rpm a09f7ea1b574465a9c078e20aa876451 x86_64/10.1/RPMS/postgresql-devel-7.4.5-4.3.101mdk.x86_64.rpm 5679dc9d250bfa18ce8822633dde80fc x86_64/10.1/RPMS/postgresql-docs-7.4.5-4.3.101mdk.x86_64.rpm 272f98ec19d1762bcd1b9f4728a331a1 x86_64/10.1/RPMS/postgresql-jdbc-7.4.5-4.3.101mdk.x86_64.rpm 5cbad6ef4166de69de826fe3b3ba0efc x86_64/10.1/RPMS/postgresql-pl-7.4.5-4.3.101mdk.x86_64.rpm 16ecc03b01dccf331e4bb7be51f44fbf x86_64/10.1/RPMS/postgresql-server-7.4.5-4.3.101mdk.x86_64.rpm 3fdcab04553bb9120ba4b7d4993224fe x86_64/10.1/RPMS/postgresql-tcl-7.4.5-4.3.101mdk.x86_64.rpm 0584d593511c3ac5fb8a268d5e7ab83a x86_64/10.1/RPMS/postgresql-test-7.4.5-4.3.101mdk.x86_64.rpm 8241f1ad851b1ab1e6325f972db24d43 x86_64/10.1/SRPMS/postgresql-7.4.5-4.3.101mdk.src.rpm Mandrakelinux 10.2: 61c64c9b20bb80fe6757a0e4c7894b63 10.2/RPMS/libecpg3-8.0.1-6.1.102mdk.i586.rpm 4de064827bb13edf67e412a4294bd533 10.2/RPMS/libecpg3-devel-8.0.1-6.1.102mdk.i586.rpm 0f45c58fc5230b807fbbd8ca6f5f2725 10.2/RPMS/libpq3-8.0.1-6.1.102mdk.i586.rpm 19a908b24da05da597f6b86203d872e7 10.2/RPMS/libpq3-devel-8.0.1-6.1.102mdk.i586.rpm 41d5f625312105ee64dd2befe0b70d7b 10.2/RPMS/postgresql-8.0.1-6.1.102mdk.i586.rpm 9dffbcad7032dfba00d12147e909b086 10.2/RPMS/postgresql-contrib-8.0.1-6.1.102mdk.i586.rpm fd5ce05efcb9d7ddc11db907b4025424 10.2/RPMS/postgresql-devel-8.0.1-6.1.102mdk.i586.rpm aca7525d2ecc366460634e9d8fb3fa42 10.2/RPMS/postgresql-docs-8.0.1-6.1.102mdk.i586.rpm 3fd2312905f4f176cc09772c54db330f 10.2/RPMS/postgresql-jdbc-8.0.1-6.1.102mdk.i586.rpm 9ad8301e937e88763788a025b4dfcead 10.2/RPMS/postgresql-pl-8.0.1-6.1.102mdk.i586.rpm 798f14f65e655b5bbb5b931a2a89faef 10.2/RPMS/postgresql-plperl-8.0.1-6.1.102mdk.i586.rpm 2b16d3bb6c09c87b07be760b5235f209 10.2/RPMS/postgresql-plpgsql-8.0.1-6.1.102mdk.i586.rpm 08fbc6c56c8f1c98b32a75c91615651d 10.2/RPMS/postgresql-plpython-8.0.1-6.1.102mdk.i586.rpm 5efe64db2293f1a2f2c000b16862a462 10.2/RPMS/postgresql-pltcl-8.0.1-6.1.102mdk.i586.rpm 392d86d0de31b2ac369db079d18e91d2 10.2/RPMS/postgresql-server-8.0.1-6.1.102mdk.i586.rpm 983ffbe5df3072aa1600192e0ad957fa 10.2/RPMS/postgresql-test-8.0.1-6.1.102mdk.i586.rpm e0448322820d9d84bcb5b9634dd71f7a 10.2/SRPMS/postgresql-8.0.1-6.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: bb236f6a074b84ec758ab6e46d3265ef x86_64/10.2/RPMS/lib64ecpg3-8.0.1-6.1.102mdk.x86_64.rpm 90625e7c22b561141a1047b1d7c43529 x86_64/10.2/RPMS/lib64ecpg3-devel-8.0.1-6.1.102mdk.x86_64.rpm 12e0df06b9dbaeb2a937434f1b199b6a x86_64/10.2/RPMS/lib64pq3-8.0.1-6.1.102mdk.x86_64.rpm 51481227bf7a9e408179af112166813b x86_64/10.2/RPMS/lib64pq3-devel-8.0.1-6.1.102mdk.x86_64.rpm eb8ff843ef146fc9695e71019c4c21e5 x86_64/10.2/RPMS/postgresql-8.0.1-6.1.102mdk.x86_64.rpm eb81533aa4ceb19b2ad7f2625dccf711 x86_64/10.2/RPMS/postgresql-contrib-8.0.1-6.1.102mdk.x86_64.rpm a3253f9558f17d3f774619fc64e6ab24 x86_64/10.2/RPMS/postgresql-devel-8.0.1-6.1.102mdk.x86_64.rpm 7199380968ebbac84c607d6be752bf7a x86_64/10.2/RPMS/postgresql-docs-8.0.1-6.1.102mdk.x86_64.rpm 2c20a3d479e0209932937566a17082a0 x86_64/10.2/RPMS/postgresql-jdbc-8.0.1-6.1.102mdk.x86_64.rpm 067014855679381323083143793d3e2b x86_64/10.2/RPMS/postgresql-pl-8.0.1-6.1.102mdk.x86_64.rpm da9b74b4d0d1e9c838256fe37fa8de6b x86_64/10.2/RPMS/postgresql-plperl-8.0.1-6.1.102mdk.x86_64.rpm 06083864d339c8c01d3e7c025872b5bb x86_64/10.2/RPMS/postgresql-plpgsql-8.0.1-6.1.102mdk.x86_64.rpm 8104f8e470d2d5a727a23f0c14e17b23 x86_64/10.2/RPMS/postgresql-plpython-8.0.1-6.1.102mdk.x86_64.rpm cc5ad304dfe9afdf37db8e52977c9c2a x86_64/10.2/RPMS/postgresql-pltcl-8.0.1-6.1.102mdk.x86_64.rpm 071540a64c49a0f683b7b01702ab8e2c x86_64/10.2/RPMS/postgresql-server-8.0.1-6.1.102mdk.x86_64.rpm 0284882f4a617159335d61d5ad5d9305 x86_64/10.2/RPMS/postgresql-test-8.0.1-6.1.102mdk.x86_64.rpm e0448322820d9d84bcb5b9634dd71f7a x86_64/10.2/SRPMS/postgresql-8.0.1-6.1.102mdk.src.rpm Corporate 3.0: 1084cc1f3a3da18bd773e6a54de4038f corporate/3.0/RPMS/libecpg3-7.4.1-2.5.C30mdk.i586.rpm 9baf7e49e166581c3c0e0b17c42b2c61 corporate/3.0/RPMS/libecpg3-devel-7.4.1-2.5.C30mdk.i586.rpm 3653201f8d29ad836e1ee8a3f6171575 corporate/3.0/RPMS/libpgtcl2-7.4.1-2.5.C30mdk.i586.rpm 17dcd61c96b56c741114fab9ca780c3e corporate/3.0/RPMS/libpgtcl2-devel-7.4.1-2.5.C30mdk.i586.rpm 2eb7ad8e0f230b038cb9046a80ddc299 corporate/3.0/RPMS/libpq3-7.4.1-2.5.C30mdk.i586.rpm 320aa6315ae8bacc4379b1404346ae44 corporate/3.0/RPMS/libpq3-devel-7.4.1-2.5.C30mdk.i586.rpm 5784c53a7932abda8d8343adcf08d350 corporate/3.0/RPMS/postgresql-7.4.1-2.5.C30mdk.i586.rpm 8a8c0a27c10485d7905946f9d87450aa corporate/3.0/RPMS/postgresql-devel-7.4.1-2.5.C30mdk.i586.rpm 6c5c1595e1e44818c46d2d3591b0b3bc corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.5.C30mdk.i586.rpm 59a9a365b643025a1165af9d392f5bbf corporate/3.0/RPMS/postgresql-server-7.4.1-2.5.C30mdk.i586.rpm 42f850d67cb9eabd30c72639d199d15c corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.5.C30mdk.i586.rpm 2c1a549736575e2ea17e8bc677a60d6b corporate/3.0/RPMS/postgresql-test-7.4.1-2.5.C30mdk.i586.rpm 1a5d1e1335c762cffdae8ef99f9ee8b0 corporate/3.0/SRPMS/postgresql-7.4.1-2.5.C30mdk.src.rpm Corporate 3.0/X86_64: 61cf52dae208a64c9d9a86f7f84e4715 x86_64/corporate/3.0/RPMS/lib64ecpg3-7.4.1-2.5.C30mdk.x86_64.rpm 4650e70174d13b7532bd2e3ce34bc7d2 x86_64/corporate/3.0/RPMS/lib64ecpg3-devel-7.4.1-2.5.C30mdk.x86_64.rpm 75f69e6e12e87aea7f26d70fc98bd41a x86_64/corporate/3.0/RPMS/lib64pgtcl2-7.4.1-2.5.C30mdk.x86_64.rpm 46a0b82d33e6c3039edc97df1e7c101d x86_64/corporate/3.0/RPMS/lib64pgtcl2-devel-7.4.1-2.5.C30mdk.x86_64.rpm 0e3f53f79b8c8a2ac40fd8a74c3e22ed x86_64/corporate/3.0/RPMS/lib64pq3-7.4.1-2.5.C30mdk.x86_64.rpm 8eb7832db36961e35882f7a6968285eb x86_64/corporate/3.0/RPMS/lib64pq3-devel-7.4.1-2.5.C30mdk.x86_64.rpm d2333ac12f0da54186d9d7cbad4cf0a8 x86_64/corporate/3.0/RPMS/postgresql-7.4.1-2.5.C30mdk.x86_64.rpm 86d61ab130fe5fc1a2eb4ac8a34e458d x86_64/corporate/3.0/RPMS/postgresql-devel-7.4.1-2.5.C30mdk.x86_64.rpm b3f04130766368997f072ad35d96fb05 x86_64/corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.5.C30mdk.x86_64.rpm 18cf866bcff3fb0de49c96beb564023e x86_64/corporate/3.0/RPMS/postgresql-server-7.4.1-2.5.C30mdk.x86_64.rpm 5393b957bc89d366e87bd16c68dd828c x86_64/corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.5.C30mdk.x86_64.rpm 31809ff793c8e22bfd8323e16b85580f x86_64/corporate/3.0/RPMS/postgresql-test-7.4.1-2.5.C30mdk.x86_64.rpm 1a5d1e1335c762cffdae8ef99f9ee8b0 x86_64/corporate/3.0/SRPMS/postgresql-7.4.1-2.5.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCnjZTmqjQ0CJFipgRAnf4AKCT8aSpLcH/C6IJa6zZZs1LPs9SlwCfe0IP tqGfwjWDWN7be9wNSOhgvx4= =OoL4 -----END PGP SIGNATURE----- To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds