User: Password:
|
|
Subscribe / Log in / New account

Trustix alert TSLSA-2007-0015 (postgresql)

From:  Trustix Security Advisor <tsl@trustix.org>
To:  tsl-announce@lists.trustix.org
Subject:  TSLSA-2007-0015 - postgresql
Date:  Fri, 27 Apr 2007 12:25:38 +0100

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2007-0015 Package names: postgresql Summary: Multiple vulnerabilities Date: 2007-04-27 Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux 3.0 Trustix Secure Linux 3.0.5 Trustix Operating System - Enterprise Server 2 - -------------------------------------------------------------------------- Package description: postgresql PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the docs in HTML for the whole package, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. Problem description: postgresql < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - New upstream. - SECURITY Fix: A vulnerability has been identified, which could be exploited by malicious users to obtain elevated privileges. This issue is caused by an insecure "search_path" settings, which could be exploited by unprivileged users to gain the SQL privileges of the owner of any SECURITY DEFINER function they are allowed to call The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2138 to this issue. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from <URI:http://http.trustix.org/pub/trustix/updates/> <URI:ftp://ftp.trustix.org/pub/trustix/updates/> About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Questions? Check out our mailing lists: <URI:http://www.trustix.org/support/> Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.org/TSL-SIGN-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.org/errata/trustix-2.2/> <URI:http://www.trustix.org/errata/trustix-3.0/> and <URI:http://www.trustix.org/errata/trustix-3.0.5/> or directly at <URI:http://www.trustix.org/errata/2007/0015/> MD5sums of the packages: - -------------------------------------------------------------------------- c11e33ceceb5727389ccbe3758346685 3.0.5/rpms/postgresql-8.2.4-1tr.i586.rpm 2ebd428a46e0b22404b4c7cba6ab1d2b 3.0.5/rpms/postgresql-contrib-8.2.4-1tr.i586.rpm 7846323bf5b7c5cad66fc1e2943eb823 3.0.5/rpms/postgresql-devel-8.2.4-1tr.i586.rpm 082c2480a2470e4bfdfdd49728bdec66 3.0.5/rpms/postgresql-docs-8.2.4-1tr.i586.rpm 0194afe42b2a78c5e80a3cc1a7a01348 3.0.5/rpms/postgresql-libs-8.2.4-1tr.i586.rpm 9952b9136c90dd9225e25afc42b7ce00 3.0.5/rpms/postgresql-plperl-8.2.4-1tr.i586.rpm 8485cbd69d7979075693681677f9cafc 3.0.5/rpms/postgresql-python-8.2.4-1tr.i586.rpm c033ccc811e83e6a7eea5e9e07ac811f 3.0.5/rpms/postgresql-server-8.2.4-1tr.i586.rpm e09095ff553c892baecb2504f1a5a64e 3.0.5/rpms/postgresql-test-8.2.4-1tr.i586.rpm db1e46847bdb559560327a709c60c20e 3.0/rpms/postgresql-8.0.13-1tr.i586.rpm 65d589540e3163158d4fb548bc0eea0c 3.0/rpms/postgresql-contrib-8.0.13-1tr.i586.rpm 7ed871a7413ad0e551a5d6e31e8c7478 3.0/rpms/postgresql-devel-8.0.13-1tr.i586.rpm 6e8bebe4fc16084b12fa418b8800c14d 3.0/rpms/postgresql-docs-8.0.13-1tr.i586.rpm 25d92f457566db7d1189d9adce179cf2 3.0/rpms/postgresql-libs-8.0.13-1tr.i586.rpm ba78ef596f92925f86acc158f1c1a977 3.0/rpms/postgresql-plperl-8.0.13-1tr.i586.rpm d29ffb6e02ea23a0f1f317eeb8badf7b 3.0/rpms/postgresql-python-8.0.13-1tr.i586.rpm e9ee32fb0239171648dc592072737cbd 3.0/rpms/postgresql-server-8.0.13-1tr.i586.rpm 060d6169466cd85c598f80b4739b0ebc 3.0/rpms/postgresql-test-8.0.13-1tr.i586.rpm 32bd8555e6c7149d373b67da3900ab40 2.2/rpms/postgresql-8.0.13-1tr.i586.rpm 5d59b60f659ba949907da494e303973f 2.2/rpms/postgresql-contrib-8.0.13-1tr.i586.rpm bd1e7f2d66cc20272fd0d8e44cda41a1 2.2/rpms/postgresql-devel-8.0.13-1tr.i586.rpm 46a3f160a7a3b4c09ec9917f47f40240 2.2/rpms/postgresql-docs-8.0.13-1tr.i586.rpm ba4bbb9f20c192614861f819a6cd8783 2.2/rpms/postgresql-libs-8.0.13-1tr.i586.rpm feb77db7845db023cef235964da1e4b2 2.2/rpms/postgresql-plperl-8.0.13-1tr.i586.rpm d0f97bbb8161ad7f3f3e247152f05296 2.2/rpms/postgresql-python-8.0.13-1tr.i586.rpm 13e64da7ead6f02966bac78f1d73014c 2.2/rpms/postgresql-server-8.0.13-1tr.i586.rpm b90ac770fa46a12dfcf363b02898576f 2.2/rpms/postgresql-test-8.0.13-1tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFGMdjbi8CEzsK9IksRAtAsAJ46Nr7tL2GBb8GD7lvtlNw1aGdiMgCeK8cu mtrEquLaM6ja9mdllNo4aY4= =FHSX -----END PGP SIGNATURE----- _______________________________________________ tsl-announce mailing list tsl-announce@lists.trustix.org http://lists.trustix.org/mailman/listinfo/tsl-announce


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds