[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [ MDVSA-2009:176 ] postgresql
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] [ MDVSA-2009:176 ] postgresql
- From: security@xxxxxxxxxxxx
- Date: Wed, 30 Sep 2009 20:32:01 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:176
http://www.mandriva.com/security/
_______________________________________________________________________
Package : postgresql
Date : September 30, 2009
Affected: Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before
8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22,
and 7.4 before 7.4.26 does not use the appropriate privileges for
the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations,
which allows remote authenticated users to gain privileges. NOTE:
this is due to an incomplete fix for CVE-2007-6600 (CVE-2009-3230).
This update provides a fix for this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230
_______________________________________________________________________
Updated Packages:
Corporate 3.0:
1929c054467e461c3345c16dee6c97f3
corporate/3.0/i586/libecpg3-7.4.26-0.1.C30mdk.i586.rpm
8dd98dafb3dd31cd96e3d99506cac462
corporate/3.0/i586/libecpg3-devel-7.4.26-0.1.C30mdk.i586.rpm
6bb0e11db96faa5a2080413fbc576282
corporate/3.0/i586/libpgtcl2-7.4.26-0.1.C30mdk.i586.rpm
9d64c23e87f979fe15afddd32f8f442c
corporate/3.0/i586/libpgtcl2-devel-7.4.26-0.1.C30mdk.i586.rpm
eec7e7ff106f78604f16775d8f9f48ae
corporate/3.0/i586/libpq3-7.4.26-0.1.C30mdk.i586.rpm
65879d23793826965699df7304307127
corporate/3.0/i586/libpq3-devel-7.4.26-0.1.C30mdk.i586.rpm
3dcd3e0dddbfe6c6f8af7008e415c3a8
corporate/3.0/i586/postgresql-7.4.26-0.1.C30mdk.i586.rpm
fdcb8ab4f043a93651d3d9e08c5430d8
corporate/3.0/i586/postgresql-contrib-7.4.26-0.1.C30mdk.i586.rpm
52aba19ff8c021210ed6b69e862958bc
corporate/3.0/i586/postgresql-devel-7.4.26-0.1.C30mdk.i586.rpm
5ee5a574c6603b2bcf6d93ddb45a7eeb
corporate/3.0/i586/postgresql-docs-7.4.26-0.1.C30mdk.i586.rpm
6ef9fa81860e576cbd02a0cec5f16ca7
corporate/3.0/i586/postgresql-jdbc-7.4.26-0.1.C30mdk.i586.rpm
3d05ea5969170700c8cd2da172a23904
corporate/3.0/i586/postgresql-pl-7.4.26-0.1.C30mdk.i586.rpm
fe5e1dc8ca21d99a0d9efea4e9ca70fe
corporate/3.0/i586/postgresql-server-7.4.26-0.1.C30mdk.i586.rpm
48a983024a138fd28842584c42718b12
corporate/3.0/i586/postgresql-tcl-7.4.26-0.1.C30mdk.i586.rpm
bff860c01b98053958c4481732e9280d
corporate/3.0/i586/postgresql-test-7.4.26-0.1.C30mdk.i586.rpm
04b3c70744a007bb24fe4895cef60d6c
corporate/3.0/SRPMS/postgresql-7.4.26-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
cabfabde318f3b426e1507cad427994c
corporate/3.0/x86_64/lib64ecpg3-7.4.26-0.1.C30mdk.x86_64.rpm
4f6caf785709077e29ee430834771494
corporate/3.0/x86_64/lib64ecpg3-devel-7.4.26-0.1.C30mdk.x86_64.rpm
c0422ce2cb71f6daadafece0343ea29e
corporate/3.0/x86_64/lib64pgtcl2-7.4.26-0.1.C30mdk.x86_64.rpm
0dfb23cd2cb21ff9804f9c74c91611c7
corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.26-0.1.C30mdk.x86_64.rpm
5fb30f95e34da096f111feb443a9bde0
corporate/3.0/x86_64/lib64pq3-7.4.26-0.1.C30mdk.x86_64.rpm
58edfbaf8f3406e09181cd0b3559c019
corporate/3.0/x86_64/lib64pq3-devel-7.4.26-0.1.C30mdk.x86_64.rpm
db5b5e2932907e7a2be177df6b320c16
corporate/3.0/x86_64/postgresql-7.4.26-0.1.C30mdk.x86_64.rpm
8722f0fbdbcfcdec7f53ed0465b8f7a6
corporate/3.0/x86_64/postgresql-contrib-7.4.26-0.1.C30mdk.x86_64.rpm
39a5d0d05521291dae3f4964e3ec1d91
corporate/3.0/x86_64/postgresql-devel-7.4.26-0.1.C30mdk.x86_64.rpm
dea59ffea0dcc6d3e5718ce826d92490
corporate/3.0/x86_64/postgresql-docs-7.4.26-0.1.C30mdk.x86_64.rpm
f053a335de9d2f950f0be7b5638e4e4b
corporate/3.0/x86_64/postgresql-jdbc-7.4.26-0.1.C30mdk.x86_64.rpm
e49e8061402605afc8155e7738765c92
corporate/3.0/x86_64/postgresql-pl-7.4.26-0.1.C30mdk.x86_64.rpm
46ade6bc397485c5191f8987c621a4b5
corporate/3.0/x86_64/postgresql-server-7.4.26-0.1.C30mdk.x86_64.rpm
c9306c7dc29c35cd351abd44ed338ec8
corporate/3.0/x86_64/postgresql-tcl-7.4.26-0.1.C30mdk.x86_64.rpm
14a59e129085aecd862e85b0d1d2afdc
corporate/3.0/x86_64/postgresql-test-7.4.26-0.1.C30mdk.x86_64.rpm
04b3c70744a007bb24fe4895cef60d6c
corporate/3.0/SRPMS/postgresql-7.4.26-0.1.C30mdk.src.rpm
Corporate 4.0:
dd5fd7f5d0d77bd4231ee1edddf2f488
corporate/4.0/i586/libecpg5-8.1.18-0.1.20060mlcs4.i586.rpm
022fcfd3f26d3e33928591d0bf65ce75
corporate/4.0/i586/libecpg5-devel-8.1.18-0.1.20060mlcs4.i586.rpm
ebd8e1c4d8e412889117ee9ee0555cf6
corporate/4.0/i586/libpq4-8.1.18-0.1.20060mlcs4.i586.rpm
47335465d898f9082b05ba6795eb5c49
corporate/4.0/i586/libpq4-devel-8.1.18-0.1.20060mlcs4.i586.rpm
f9509df0d178c0e317034a8aa331c4a2
corporate/4.0/i586/postgresql-8.1.18-0.1.20060mlcs4.i586.rpm
163a0f1702a406a056a849802d07820a
corporate/4.0/i586/postgresql-contrib-8.1.18-0.1.20060mlcs4.i586.rpm
067adf7c039e58d3ff0da9698f8b14b4
corporate/4.0/i586/postgresql-devel-8.1.18-0.1.20060mlcs4.i586.rpm
64b9b78c9b579a7cbf077fc715001477
corporate/4.0/i586/postgresql-docs-8.1.18-0.1.20060mlcs4.i586.rpm
00a0077db9bf3276b6e244578d1cef6e
corporate/4.0/i586/postgresql-pl-8.1.18-0.1.20060mlcs4.i586.rpm
bce9456fa8f0270ae63655b73083c9b5
corporate/4.0/i586/postgresql-plperl-8.1.18-0.1.20060mlcs4.i586.rpm
f00cd9bc86dacdd122e9f0427c4b53e5
corporate/4.0/i586/postgresql-plpgsql-8.1.18-0.1.20060mlcs4.i586.rpm
a386ef451546d4fc862b8ae1f4dc300d
corporate/4.0/i586/postgresql-plpython-8.1.18-0.1.20060mlcs4.i586.rpm
da74a334338d03adafc22bd94a14e495
corporate/4.0/i586/postgresql-pltcl-8.1.18-0.1.20060mlcs4.i586.rpm
6b8e85641a0ac84ec352e72604889810
corporate/4.0/i586/postgresql-server-8.1.18-0.1.20060mlcs4.i586.rpm
c49787bfe34528529342a0396b24d7de
corporate/4.0/i586/postgresql-test-8.1.18-0.1.20060mlcs4.i586.rpm
298101b846540072a6af791340de08dc
corporate/4.0/SRPMS/postgresql-8.1.18-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
6b3df04b45fd1b0d79a60cfbc89d1ee4
corporate/4.0/x86_64/lib64ecpg5-8.1.18-0.1.20060mlcs4.x86_64.rpm
0d13a0d12391801c23d3bb45f54ed3a8
corporate/4.0/x86_64/lib64ecpg5-devel-8.1.18-0.1.20060mlcs4.x86_64.rpm
508a98605e92ca64224162bab14fac25
corporate/4.0/x86_64/lib64pq4-8.1.18-0.1.20060mlcs4.x86_64.rpm
c2ebdfbd5276cd1f0571f8779af0b2c3
corporate/4.0/x86_64/lib64pq4-devel-8.1.18-0.1.20060mlcs4.x86_64.rpm
910360f74ac1cd62586c67731ec14c87
corporate/4.0/x86_64/postgresql-8.1.18-0.1.20060mlcs4.x86_64.rpm
257fe2756d78719bec8fb22bc4edece5
corporate/4.0/x86_64/postgresql-contrib-8.1.18-0.1.20060mlcs4.x86_64.rpm
5dd5dec707ec5860cd2a59d5f852ede0
corporate/4.0/x86_64/postgresql-devel-8.1.18-0.1.20060mlcs4.x86_64.rpm
67661aaa75522f1aa6e43d92db9ec9d8
corporate/4.0/x86_64/postgresql-docs-8.1.18-0.1.20060mlcs4.x86_64.rpm
58e3c1ef1a2616b246c285a484d49bd7
corporate/4.0/x86_64/postgresql-pl-8.1.18-0.1.20060mlcs4.x86_64.rpm
e302ba48835b6a572e76e379bb00afbf
corporate/4.0/x86_64/postgresql-plperl-8.1.18-0.1.20060mlcs4.x86_64.rpm
22ea68b363dfa14521426e28d35dbd19
corporate/4.0/x86_64/postgresql-plpgsql-8.1.18-0.1.20060mlcs4.x86_64.rpm
1864462b86204d25f3eef191229c04f4
corporate/4.0/x86_64/postgresql-plpython-8.1.18-0.1.20060mlcs4.x86_64.rpm
a6a4323bfc7bde8677e42ee70708d841
corporate/4.0/x86_64/postgresql-pltcl-8.1.18-0.1.20060mlcs4.x86_64.rpm
9197be9651978469f54af90f27b71a5a
corporate/4.0/x86_64/postgresql-server-8.1.18-0.1.20060mlcs4.x86_64.rpm
9a9613d72460a9faed47b9a4c5cf00ca
corporate/4.0/x86_64/postgresql-test-8.1.18-0.1.20060mlcs4.x86_64.rpm
298101b846540072a6af791340de08dc
corporate/4.0/SRPMS/postgresql-8.1.18-0.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKw3jtmqjQ0CJFipgRAh4hAKC1gY7JNurllieceTOo6FsKun2UOgCfSBEf
4zDvL897MXHFHtOy3s90+mI=
=PBCz
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/