[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [ MDVSA-2009:176 ] postgresql



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:176
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : postgresql
 Date    : September 30, 2009
 Affected: Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before
 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22,
 and 7.4 before 7.4.26 does not use the appropriate privileges for
 the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations,
 which allows remote authenticated users to gain privileges.  NOTE:
 this is due to an incomplete fix for CVE-2007-6600 (CVE-2009-3230).
 
 This update provides a fix for this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230
 _______________________________________________________________________

 Updated Packages:

 Corporate 3.0:
 1929c054467e461c3345c16dee6c97f3  
corporate/3.0/i586/libecpg3-7.4.26-0.1.C30mdk.i586.rpm
 8dd98dafb3dd31cd96e3d99506cac462  
corporate/3.0/i586/libecpg3-devel-7.4.26-0.1.C30mdk.i586.rpm
 6bb0e11db96faa5a2080413fbc576282  
corporate/3.0/i586/libpgtcl2-7.4.26-0.1.C30mdk.i586.rpm
 9d64c23e87f979fe15afddd32f8f442c  
corporate/3.0/i586/libpgtcl2-devel-7.4.26-0.1.C30mdk.i586.rpm
 eec7e7ff106f78604f16775d8f9f48ae  
corporate/3.0/i586/libpq3-7.4.26-0.1.C30mdk.i586.rpm
 65879d23793826965699df7304307127  
corporate/3.0/i586/libpq3-devel-7.4.26-0.1.C30mdk.i586.rpm
 3dcd3e0dddbfe6c6f8af7008e415c3a8  
corporate/3.0/i586/postgresql-7.4.26-0.1.C30mdk.i586.rpm
 fdcb8ab4f043a93651d3d9e08c5430d8  
corporate/3.0/i586/postgresql-contrib-7.4.26-0.1.C30mdk.i586.rpm
 52aba19ff8c021210ed6b69e862958bc  
corporate/3.0/i586/postgresql-devel-7.4.26-0.1.C30mdk.i586.rpm
 5ee5a574c6603b2bcf6d93ddb45a7eeb  
corporate/3.0/i586/postgresql-docs-7.4.26-0.1.C30mdk.i586.rpm
 6ef9fa81860e576cbd02a0cec5f16ca7  
corporate/3.0/i586/postgresql-jdbc-7.4.26-0.1.C30mdk.i586.rpm
 3d05ea5969170700c8cd2da172a23904  
corporate/3.0/i586/postgresql-pl-7.4.26-0.1.C30mdk.i586.rpm
 fe5e1dc8ca21d99a0d9efea4e9ca70fe  
corporate/3.0/i586/postgresql-server-7.4.26-0.1.C30mdk.i586.rpm
 48a983024a138fd28842584c42718b12  
corporate/3.0/i586/postgresql-tcl-7.4.26-0.1.C30mdk.i586.rpm
 bff860c01b98053958c4481732e9280d  
corporate/3.0/i586/postgresql-test-7.4.26-0.1.C30mdk.i586.rpm 
 04b3c70744a007bb24fe4895cef60d6c  
corporate/3.0/SRPMS/postgresql-7.4.26-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 cabfabde318f3b426e1507cad427994c  
corporate/3.0/x86_64/lib64ecpg3-7.4.26-0.1.C30mdk.x86_64.rpm
 4f6caf785709077e29ee430834771494  
corporate/3.0/x86_64/lib64ecpg3-devel-7.4.26-0.1.C30mdk.x86_64.rpm
 c0422ce2cb71f6daadafece0343ea29e  
corporate/3.0/x86_64/lib64pgtcl2-7.4.26-0.1.C30mdk.x86_64.rpm
 0dfb23cd2cb21ff9804f9c74c91611c7  
corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.26-0.1.C30mdk.x86_64.rpm
 5fb30f95e34da096f111feb443a9bde0  
corporate/3.0/x86_64/lib64pq3-7.4.26-0.1.C30mdk.x86_64.rpm
 58edfbaf8f3406e09181cd0b3559c019  
corporate/3.0/x86_64/lib64pq3-devel-7.4.26-0.1.C30mdk.x86_64.rpm
 db5b5e2932907e7a2be177df6b320c16  
corporate/3.0/x86_64/postgresql-7.4.26-0.1.C30mdk.x86_64.rpm
 8722f0fbdbcfcdec7f53ed0465b8f7a6  
corporate/3.0/x86_64/postgresql-contrib-7.4.26-0.1.C30mdk.x86_64.rpm
 39a5d0d05521291dae3f4964e3ec1d91  
corporate/3.0/x86_64/postgresql-devel-7.4.26-0.1.C30mdk.x86_64.rpm
 dea59ffea0dcc6d3e5718ce826d92490  
corporate/3.0/x86_64/postgresql-docs-7.4.26-0.1.C30mdk.x86_64.rpm
 f053a335de9d2f950f0be7b5638e4e4b  
corporate/3.0/x86_64/postgresql-jdbc-7.4.26-0.1.C30mdk.x86_64.rpm
 e49e8061402605afc8155e7738765c92  
corporate/3.0/x86_64/postgresql-pl-7.4.26-0.1.C30mdk.x86_64.rpm
 46ade6bc397485c5191f8987c621a4b5  
corporate/3.0/x86_64/postgresql-server-7.4.26-0.1.C30mdk.x86_64.rpm
 c9306c7dc29c35cd351abd44ed338ec8  
corporate/3.0/x86_64/postgresql-tcl-7.4.26-0.1.C30mdk.x86_64.rpm
 14a59e129085aecd862e85b0d1d2afdc  
corporate/3.0/x86_64/postgresql-test-7.4.26-0.1.C30mdk.x86_64.rpm 
 04b3c70744a007bb24fe4895cef60d6c  
corporate/3.0/SRPMS/postgresql-7.4.26-0.1.C30mdk.src.rpm

 Corporate 4.0:
 dd5fd7f5d0d77bd4231ee1edddf2f488  
corporate/4.0/i586/libecpg5-8.1.18-0.1.20060mlcs4.i586.rpm
 022fcfd3f26d3e33928591d0bf65ce75  
corporate/4.0/i586/libecpg5-devel-8.1.18-0.1.20060mlcs4.i586.rpm
 ebd8e1c4d8e412889117ee9ee0555cf6  
corporate/4.0/i586/libpq4-8.1.18-0.1.20060mlcs4.i586.rpm
 47335465d898f9082b05ba6795eb5c49  
corporate/4.0/i586/libpq4-devel-8.1.18-0.1.20060mlcs4.i586.rpm
 f9509df0d178c0e317034a8aa331c4a2  
corporate/4.0/i586/postgresql-8.1.18-0.1.20060mlcs4.i586.rpm
 163a0f1702a406a056a849802d07820a  
corporate/4.0/i586/postgresql-contrib-8.1.18-0.1.20060mlcs4.i586.rpm
 067adf7c039e58d3ff0da9698f8b14b4  
corporate/4.0/i586/postgresql-devel-8.1.18-0.1.20060mlcs4.i586.rpm
 64b9b78c9b579a7cbf077fc715001477  
corporate/4.0/i586/postgresql-docs-8.1.18-0.1.20060mlcs4.i586.rpm
 00a0077db9bf3276b6e244578d1cef6e  
corporate/4.0/i586/postgresql-pl-8.1.18-0.1.20060mlcs4.i586.rpm
 bce9456fa8f0270ae63655b73083c9b5  
corporate/4.0/i586/postgresql-plperl-8.1.18-0.1.20060mlcs4.i586.rpm
 f00cd9bc86dacdd122e9f0427c4b53e5  
corporate/4.0/i586/postgresql-plpgsql-8.1.18-0.1.20060mlcs4.i586.rpm
 a386ef451546d4fc862b8ae1f4dc300d  
corporate/4.0/i586/postgresql-plpython-8.1.18-0.1.20060mlcs4.i586.rpm
 da74a334338d03adafc22bd94a14e495  
corporate/4.0/i586/postgresql-pltcl-8.1.18-0.1.20060mlcs4.i586.rpm
 6b8e85641a0ac84ec352e72604889810  
corporate/4.0/i586/postgresql-server-8.1.18-0.1.20060mlcs4.i586.rpm
 c49787bfe34528529342a0396b24d7de  
corporate/4.0/i586/postgresql-test-8.1.18-0.1.20060mlcs4.i586.rpm 
 298101b846540072a6af791340de08dc  
corporate/4.0/SRPMS/postgresql-8.1.18-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 6b3df04b45fd1b0d79a60cfbc89d1ee4  
corporate/4.0/x86_64/lib64ecpg5-8.1.18-0.1.20060mlcs4.x86_64.rpm
 0d13a0d12391801c23d3bb45f54ed3a8  
corporate/4.0/x86_64/lib64ecpg5-devel-8.1.18-0.1.20060mlcs4.x86_64.rpm
 508a98605e92ca64224162bab14fac25  
corporate/4.0/x86_64/lib64pq4-8.1.18-0.1.20060mlcs4.x86_64.rpm
 c2ebdfbd5276cd1f0571f8779af0b2c3  
corporate/4.0/x86_64/lib64pq4-devel-8.1.18-0.1.20060mlcs4.x86_64.rpm
 910360f74ac1cd62586c67731ec14c87  
corporate/4.0/x86_64/postgresql-8.1.18-0.1.20060mlcs4.x86_64.rpm
 257fe2756d78719bec8fb22bc4edece5  
corporate/4.0/x86_64/postgresql-contrib-8.1.18-0.1.20060mlcs4.x86_64.rpm
 5dd5dec707ec5860cd2a59d5f852ede0  
corporate/4.0/x86_64/postgresql-devel-8.1.18-0.1.20060mlcs4.x86_64.rpm
 67661aaa75522f1aa6e43d92db9ec9d8  
corporate/4.0/x86_64/postgresql-docs-8.1.18-0.1.20060mlcs4.x86_64.rpm
 58e3c1ef1a2616b246c285a484d49bd7  
corporate/4.0/x86_64/postgresql-pl-8.1.18-0.1.20060mlcs4.x86_64.rpm
 e302ba48835b6a572e76e379bb00afbf  
corporate/4.0/x86_64/postgresql-plperl-8.1.18-0.1.20060mlcs4.x86_64.rpm
 22ea68b363dfa14521426e28d35dbd19  
corporate/4.0/x86_64/postgresql-plpgsql-8.1.18-0.1.20060mlcs4.x86_64.rpm
 1864462b86204d25f3eef191229c04f4  
corporate/4.0/x86_64/postgresql-plpython-8.1.18-0.1.20060mlcs4.x86_64.rpm
 a6a4323bfc7bde8677e42ee70708d841  
corporate/4.0/x86_64/postgresql-pltcl-8.1.18-0.1.20060mlcs4.x86_64.rpm
 9197be9651978469f54af90f27b71a5a  
corporate/4.0/x86_64/postgresql-server-8.1.18-0.1.20060mlcs4.x86_64.rpm
 9a9613d72460a9faed47b9a4c5cf00ca  
corporate/4.0/x86_64/postgresql-test-8.1.18-0.1.20060mlcs4.x86_64.rpm 
 298101b846540072a6af791340de08dc  
corporate/4.0/SRPMS/postgresql-8.1.18-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKw3jtmqjQ0CJFipgRAh4hAKC1gY7JNurllieceTOo6FsKun2UOgCfSBEf
4zDvL897MXHFHtOy3s90+mI=
=PBCz
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/