Ubuntu alert USN-1789-1 (postgresql-8.3, postgresql-8.4, postgresql-9.1)
| From: | Marc Deslauriers <marc.deslauriers@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-1789-1] PostgreSQL vulnerabilities | |
| Date: | Thu, 04 Apr 2013 10:02:51 -0400 | |
| Message-ID: | <515D880B.1070802@canonical.com> |
========================================================================== Ubuntu Security Notice USN-1789-1 April 04, 2013 postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Several security issues were fixed in PostgreSQL. Software Description: - postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database Details: Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL incorrectly handled certain connection requests containing database names starting with a dash. A remote attacker could use this flaw to damage or destroy files within a server's data directory. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2013-1899) Marko Kreen discovered that PostgreSQL incorrectly generated random numbers. An authenticated attacker could use this flaw to possibly guess another database user's random numbers. (CVE-2013-1900) Noah Misch discovered that PostgreSQL incorrectly handled certain privilege checks. An unprivileged attacker could use this flaw to possibly interfere with in-progress backups. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2013-1901) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: postgresql-9.1 9.1.9-0ubuntu12.10 Ubuntu 12.04 LTS: postgresql-9.1 9.1.9-0ubuntu12.04 Ubuntu 11.10: postgresql-9.1 9.1.9-0ubuntu11.10 Ubuntu 10.04 LTS: postgresql-8.4 8.4.17-0ubuntu10.04 Ubuntu 8.04 LTS: postgresql-8.3 8.3.23-0ubuntu8.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1789-1 CVE-2013-1899, CVE-2013-1900, CVE-2013-1901 Package Information: https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.9... https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.9... https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.9... https://launchpad.net/ubuntu/+source/postgresql-8.4/8.4.1... https://launchpad.net/ubuntu/+source/postgresql-8.3/8.3.2... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...