lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041214002426.31780.qmail@updates.mandrakesoft.com>
Date: 14 Dec 2004 00:24:26 -0000
From: Mandrake Linux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2004:149 - Updated postgresql packages fix temporary file vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           postgresql
 Advisory ID:            MDKSA-2004:149
 Date:                   December 13th, 2004

 Affected versions:	 10.0, 10.1, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 The Trustix development team found insecure temporary file creation
 problems in a script included in the postgresql package.  This could
 allow an attacker to trick a user into overwriting arbitrary files he
 has access to.
 
 The updated packages have been patched to prevent this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0977
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 42ee929f1d987654c3d18a93651bd71e  10.0/RPMS/libecpg3-7.4.1-2.2.100mdk.i586.rpm
 db39f8074f6d90240c23bf5ec1f785a0  10.0/RPMS/libecpg3-devel-7.4.1-2.2.100mdk.i586.rpm
 a7746beff4b6d47aa8d9cc5c5ca46bf3  10.0/RPMS/libpgtcl2-7.4.1-2.2.100mdk.i586.rpm
 2d2ede92fbdbcc7a9504015fc532b150  10.0/RPMS/libpgtcl2-devel-7.4.1-2.2.100mdk.i586.rpm
 f13bdbed6efc524a7bbdf6d232b0093e  10.0/RPMS/libpq3-7.4.1-2.2.100mdk.i586.rpm
 470b28bf6f82a13a2d266c5417d04533  10.0/RPMS/libpq3-devel-7.4.1-2.2.100mdk.i586.rpm
 d02317c7fd9db0a3faf225688b4874b1  10.0/RPMS/postgresql-7.4.1-2.2.100mdk.i586.rpm
 549800345474a3b33d59db5376389885  10.0/RPMS/postgresql-contrib-7.4.1-2.2.100mdk.i586.rpm
 2fd5328fa98becbdaa22007926c473b4  10.0/RPMS/postgresql-devel-7.4.1-2.2.100mdk.i586.rpm
 415467b037e260e3a8a5f6451e4bf415  10.0/RPMS/postgresql-docs-7.4.1-2.2.100mdk.i586.rpm
 fe6cfe7cfd7c24062305dff1a6e1b294  10.0/RPMS/postgresql-jdbc-7.4.1-2.2.100mdk.i586.rpm
 bc01788a5b21564916fdf995c7b0e47d  10.0/RPMS/postgresql-pl-7.4.1-2.2.100mdk.i586.rpm
 5d9a6bfc0dd20edddb7bdf6f56fd0e95  10.0/RPMS/postgresql-server-7.4.1-2.2.100mdk.i586.rpm
 40fcaecae0fe467eb082f065cbf06865  10.0/RPMS/postgresql-tcl-7.4.1-2.2.100mdk.i586.rpm
 77d53b5d459ba3d31b50895da67689b4  10.0/RPMS/postgresql-test-7.4.1-2.2.100mdk.i586.rpm
 b5e9dd330b5a93f2e31c78612da3a1ba  10.0/SRPMS/postgresql-7.4.1-2.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 d3440d6317df79751543b7f22dc20b60  amd64/10.0/RPMS/lib64ecpg3-7.4.1-2.2.100mdk.amd64.rpm
 ddd1b953d28b8910af06d8decfa0149d  amd64/10.0/RPMS/lib64ecpg3-devel-7.4.1-2.2.100mdk.amd64.rpm
 607243700c600e07c9e763c0ece9b182  amd64/10.0/RPMS/lib64pgtcl2-7.4.1-2.2.100mdk.amd64.rpm
 989358fda80fecaadb0e2e7d6bd2b6f3  amd64/10.0/RPMS/lib64pgtcl2-devel-7.4.1-2.2.100mdk.amd64.rpm
 19fbfbcd84538a8410746bd2f3ea84c9  amd64/10.0/RPMS/lib64pq3-7.4.1-2.2.100mdk.amd64.rpm
 57584a8013b252ffd59226ee2f470074  amd64/10.0/RPMS/lib64pq3-devel-7.4.1-2.2.100mdk.amd64.rpm
 06d45b7bb58f706efad0d7d9402863e3  amd64/10.0/RPMS/postgresql-7.4.1-2.2.100mdk.amd64.rpm
 3051717bc1a5ec844ff7fb9297c60a18  amd64/10.0/RPMS/postgresql-contrib-7.4.1-2.2.100mdk.amd64.rpm
 7d20ec815a7ad95e15d3a3bc7224edb8  amd64/10.0/RPMS/postgresql-devel-7.4.1-2.2.100mdk.amd64.rpm
 91eb092a900105a459d12731ef8b3849  amd64/10.0/RPMS/postgresql-docs-7.4.1-2.2.100mdk.amd64.rpm
 f2da22a5c1dad2e5f717031ee6a2646f  amd64/10.0/RPMS/postgresql-jdbc-7.4.1-2.2.100mdk.amd64.rpm
 d692ef3e7a59ede26a01640e48417b5f  amd64/10.0/RPMS/postgresql-pl-7.4.1-2.2.100mdk.amd64.rpm
 f607a841fe8f40bd6ca89822c3bdb6e6  amd64/10.0/RPMS/postgresql-server-7.4.1-2.2.100mdk.amd64.rpm
 4b6fe73d3fd986dd9a770ba8ff5864e7  amd64/10.0/RPMS/postgresql-tcl-7.4.1-2.2.100mdk.amd64.rpm
 1de143fdd0ac197b19cb451a86c63f46  amd64/10.0/RPMS/postgresql-test-7.4.1-2.2.100mdk.amd64.rpm
 b5e9dd330b5a93f2e31c78612da3a1ba  amd64/10.0/SRPMS/postgresql-7.4.1-2.2.100mdk.src.rpm

 Mandrakelinux 10.1:
 038b421964e5a06edc0cac07bc6f3357  10.1/RPMS/libecpg3-7.4.5-4.1.101mdk.i586.rpm
 f3e8e3f87c09151241dc48eb9c650d38  10.1/RPMS/libecpg3-devel-7.4.5-4.1.101mdk.i586.rpm
 90ec55f75b39ef3c8c3ed9b99f832414  10.1/RPMS/libpgtcl2-7.4.5-4.1.101mdk.i586.rpm
 231c7257b30d0ce6adfd3a98f55cf0e7  10.1/RPMS/libpgtcl2-devel-7.4.5-4.1.101mdk.i586.rpm
 549bb1646113fd1d26453ad7e036bc47  10.1/RPMS/libpq3-7.4.5-4.1.101mdk.i586.rpm
 1c42911cd577275f87fc8af503e58ae8  10.1/RPMS/libpq3-devel-7.4.5-4.1.101mdk.i586.rpm
 cc6539fd61356d1ea6ec7b2d99d092da  10.1/RPMS/postgresql-7.4.5-4.1.101mdk.i586.rpm
 ba9dc03f958ed7839eead88c4520fc82  10.1/RPMS/postgresql-contrib-7.4.5-4.1.101mdk.i586.rpm
 e8fe9519d222e7350723bed3b1d9d969  10.1/RPMS/postgresql-devel-7.4.5-4.1.101mdk.i586.rpm
 09e6494b80b19df104092c60b8ce756d  10.1/RPMS/postgresql-docs-7.4.5-4.1.101mdk.i586.rpm
 8453edde5e91a015a44c1217a08d6f78  10.1/RPMS/postgresql-jdbc-7.4.5-4.1.101mdk.i586.rpm
 36b29f846bee72f41cc1dc8f626d25ad  10.1/RPMS/postgresql-pl-7.4.5-4.1.101mdk.i586.rpm
 01f682ba687913c50099b1c0b009b988  10.1/RPMS/postgresql-server-7.4.5-4.1.101mdk.i586.rpm
 920e43ddab348634e52e840792aeb8f5  10.1/RPMS/postgresql-tcl-7.4.5-4.1.101mdk.i586.rpm
 8efb20c5240dfd3b6c0bc3d9e64e84b9  10.1/RPMS/postgresql-test-7.4.5-4.1.101mdk.i586.rpm
 292193400d7813990be865f293124501  10.1/SRPMS/postgresql-7.4.5-4.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 6ec21fdc7cad01b8a4e8dc29a3960f8b  x86_64/10.1/RPMS/lib64ecpg3-7.4.5-4.1.101mdk.x86_64.rpm
 16c09677bb10ed07f6d471e2019044d7  x86_64/10.1/RPMS/lib64ecpg3-devel-7.4.5-4.1.101mdk.x86_64.rpm
 bc26791211a5dca9f763c255f37df9e6  x86_64/10.1/RPMS/lib64pgtcl2-7.4.5-4.1.101mdk.x86_64.rpm
 e23806d64a0deab807386c86e52dae16  x86_64/10.1/RPMS/lib64pgtcl2-devel-7.4.5-4.1.101mdk.x86_64.rpm
 b6feb4c09cb845a253f6a7007c8a11d9  x86_64/10.1/RPMS/lib64pq3-7.4.5-4.1.101mdk.x86_64.rpm
 cca224d5eacf0bd54706fb3f65bee943  x86_64/10.1/RPMS/lib64pq3-devel-7.4.5-4.1.101mdk.x86_64.rpm
 9de90f3d97d7575921576740c2fb9ce3  x86_64/10.1/RPMS/postgresql-7.4.5-4.1.101mdk.x86_64.rpm
 4b85e80adc337f0640a176ad329e360e  x86_64/10.1/RPMS/postgresql-contrib-7.4.5-4.1.101mdk.x86_64.rpm
 75dc09a9290fd56034f99f213c0956da  x86_64/10.1/RPMS/postgresql-devel-7.4.5-4.1.101mdk.x86_64.rpm
 ad406f522abcb278de9e16324165efac  x86_64/10.1/RPMS/postgresql-docs-7.4.5-4.1.101mdk.x86_64.rpm
 365d7596860d4832ef9d56ee2479e3f1  x86_64/10.1/RPMS/postgresql-jdbc-7.4.5-4.1.101mdk.x86_64.rpm
 9bc7275c01374582cbac17da054d1777  x86_64/10.1/RPMS/postgresql-pl-7.4.5-4.1.101mdk.x86_64.rpm
 4658e428b35795a78455e20f0e38fefe  x86_64/10.1/RPMS/postgresql-server-7.4.5-4.1.101mdk.x86_64.rpm
 7cf5a6545c5ae5897dc1ce32b0c4b3db  x86_64/10.1/RPMS/postgresql-tcl-7.4.5-4.1.101mdk.x86_64.rpm
 8c51186bccbc4448de47a3309a45b8c8  x86_64/10.1/RPMS/postgresql-test-7.4.5-4.1.101mdk.x86_64.rpm
 292193400d7813990be865f293124501  x86_64/10.1/SRPMS/postgresql-7.4.5-4.1.101mdk.src.rpm

 Corporate Server 2.1:
 d022cd961c05e657463edbc70845e9ce  corporate/2.1/RPMS/libecpg3-7.2.2-1.5.C21mdk.i586.rpm
 c5019b3e01e4c9e2c257d9f5b34f47d7  corporate/2.1/RPMS/libpgperl-7.2.2-1.5.C21mdk.i586.rpm
 b795620fff920ac80e4a56284c4fdc6e  corporate/2.1/RPMS/libpgsql2-7.2.2-1.5.C21mdk.i586.rpm
 fc685cb269ff0793d7c996e7a14f8c5a  corporate/2.1/RPMS/libpgsqlodbc0-7.2.2-1.5.C21mdk.i586.rpm
 510173f27010b3f4dc7e9607baf65b43  corporate/2.1/RPMS/libpgtcl2-7.2.2-1.5.C21mdk.i586.rpm
 57f1f00f797206fa88a4568f2fc9d30c  corporate/2.1/RPMS/postgresql-7.2.2-1.5.C21mdk.i586.rpm
 12a784a3da037aeea4d5c2ef9edf514b  corporate/2.1/RPMS/postgresql-contrib-7.2.2-1.5.C21mdk.i586.rpm
 fbe3b2288a3c9ac27f9aa87f40745f13  corporate/2.1/RPMS/postgresql-devel-7.2.2-1.5.C21mdk.i586.rpm
 a2005700f5785e8500ddbd47f6339f7a  corporate/2.1/RPMS/postgresql-docs-7.2.2-1.5.C21mdk.i586.rpm
 16e1741a45057b0153e4c859602f9347  corporate/2.1/RPMS/postgresql-jdbc-7.2.2-1.5.C21mdk.i586.rpm
 2dea178aa7de43d6e8ef55dba5bf611e  corporate/2.1/RPMS/postgresql-python-7.2.2-1.5.C21mdk.i586.rpm
 8c5bb8efdcb8d1e36d2e88f771d3c63c  corporate/2.1/RPMS/postgresql-server-7.2.2-1.5.C21mdk.i586.rpm
 80e77abb1a2f3ca838084be70fd8de23  corporate/2.1/RPMS/postgresql-tcl-7.2.2-1.5.C21mdk.i586.rpm
 29fab63997c6a08c7f926b962cb9e389  corporate/2.1/RPMS/postgresql-test-7.2.2-1.5.C21mdk.i586.rpm
 ae8da67f7fd5975b34c82ce030e138e2  corporate/2.1/RPMS/postgresql-tk-7.2.2-1.5.C21mdk.i586.rpm
 a25011601914e23dd61bab79dbb45d01  corporate/2.1/SRPMS/postgresql-7.2.2-1.5.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 15bdf9f3362ad77ef0230f6e5499351d  x86_64/corporate/2.1/RPMS/libecpg3-7.2.2-1.5.C21mdk.x86_64.rpm
 1c63a7aa7effbeed43338ecab9fec590  x86_64/corporate/2.1/RPMS/libpgperl-7.2.2-1.5.C21mdk.x86_64.rpm
 0a38f33b0d1444e5fc8d77e8253bdd6a  x86_64/corporate/2.1/RPMS/libpgsql2-7.2.2-1.5.C21mdk.x86_64.rpm
 2f1c19013fe39a229c7a0c4fcbd0cd50  x86_64/corporate/2.1/RPMS/libpgsqlodbc0-7.2.2-1.5.C21mdk.x86_64.rpm
 fee3ae104e853bc1bb328607746cdef1  x86_64/corporate/2.1/RPMS/libpgtcl2-7.2.2-1.5.C21mdk.x86_64.rpm
 cdb838c60d8b829d819f5c73befbe4c9  x86_64/corporate/2.1/RPMS/postgresql-7.2.2-1.5.C21mdk.x86_64.rpm
 45ead71320f0c0e744306eaf0d95379a  x86_64/corporate/2.1/RPMS/postgresql-contrib-7.2.2-1.5.C21mdk.x86_64.rpm
 787e733325d7df27b0a223950fe0c749  x86_64/corporate/2.1/RPMS/postgresql-devel-7.2.2-1.5.C21mdk.x86_64.rpm
 7c16ba4e4cc84ace4a7d45cc9a0ff3a8  x86_64/corporate/2.1/RPMS/postgresql-docs-7.2.2-1.5.C21mdk.x86_64.rpm
 585229208bcdbbd91e7fa39370354f26  x86_64/corporate/2.1/RPMS/postgresql-jdbc-7.2.2-1.5.C21mdk.x86_64.rpm
 7ca7e40602da3cb897f874deaf3dc7aa  x86_64/corporate/2.1/RPMS/postgresql-python-7.2.2-1.5.C21mdk.x86_64.rpm
 35d2095552e69a94370a40c2f0b57883  x86_64/corporate/2.1/RPMS/postgresql-server-7.2.2-1.5.C21mdk.x86_64.rpm
 6003298dacd098e898fcd2a786d9b6b1  x86_64/corporate/2.1/RPMS/postgresql-tcl-7.2.2-1.5.C21mdk.x86_64.rpm
 0f8e7cb8f7db8a2e4138eccf6bc4ce61  x86_64/corporate/2.1/RPMS/postgresql-test-7.2.2-1.5.C21mdk.x86_64.rpm
 9c698daa17937ee304cf67e775ac1f9f  x86_64/corporate/2.1/RPMS/postgresql-tk-7.2.2-1.5.C21mdk.x86_64.rpm
 a25011601914e23dd61bab79dbb45d01  x86_64/corporate/2.1/SRPMS/postgresql-7.2.2-1.5.C21mdk.src.rpm

 Mandrakelinux 9.2:
 d0078b151e7eb45ebe2228f989629c58  9.2/RPMS/libecpg3-7.3.4-3.1.92mdk.i586.rpm
 6a7a09fc264f5ff881b858009b139e19  9.2/RPMS/libecpg3-devel-7.3.4-3.1.92mdk.i586.rpm
 e38a3444013cc11a7fa314a14e30e8ca  9.2/RPMS/libpgtcl2-7.3.4-3.1.92mdk.i586.rpm
 061057164351e02c5c9fecbefe0f57b9  9.2/RPMS/libpgtcl2-devel-7.3.4-3.1.92mdk.i586.rpm
 ac290d173ee5bad4d00d8e6ced7b57e1  9.2/RPMS/libpq3-7.3.4-3.1.92mdk.i586.rpm
 0243523c0378c0dda1e0921b28529d27  9.2/RPMS/libpq3-devel-7.3.4-3.1.92mdk.i586.rpm
 61dccb2131084e82861f7c924c5ada76  9.2/RPMS/postgresql-7.3.4-3.1.92mdk.i586.rpm
 4ae07bd394812cb0d5942ebd9eb9ccab  9.2/RPMS/postgresql-contrib-7.3.4-3.1.92mdk.i586.rpm
 72ed5aa265b0fcc12164e3a0892bd2b0  9.2/RPMS/postgresql-devel-7.3.4-3.1.92mdk.i586.rpm
 b0f8ac986367b03ff68887054f8b1d97  9.2/RPMS/postgresql-docs-7.3.4-3.1.92mdk.i586.rpm
 f7b05064cdb3ab43112e090c4dbe00d4  9.2/RPMS/postgresql-jdbc-7.3.4-3.1.92mdk.i586.rpm
 6d6bede725e5390c724b21574ea91f62  9.2/RPMS/postgresql-pl-7.3.4-3.1.92mdk.i586.rpm
 1dc67d78a8c6822f9155ae02794d23c7  9.2/RPMS/postgresql-python-7.3.4-3.1.92mdk.i586.rpm
 b36df52025ff07b5df65ab202d5a5e4c  9.2/RPMS/postgresql-server-7.3.4-3.1.92mdk.i586.rpm
 8ee633f85b7e1712e4526540b6888f6f  9.2/RPMS/postgresql-tcl-7.3.4-3.1.92mdk.i586.rpm
 18e4b698056fe783eb3d814a89216d1b  9.2/RPMS/postgresql-test-7.3.4-3.1.92mdk.i586.rpm
 4f6776fd9b0eecf4e92ec1d30937a0c3  9.2/SRPMS/postgresql-7.3.4-3.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 ed0d88c0e870f5fffaabfd58ae479ab5  amd64/9.2/RPMS/lib64ecpg3-7.3.4-3.1.92mdk.amd64.rpm
 8e675f9a736722c9663619670e792846  amd64/9.2/RPMS/lib64ecpg3-devel-7.3.4-3.1.92mdk.amd64.rpm
 cc23092f8a3acbfcf5fa675d4506dbc8  amd64/9.2/RPMS/lib64pgtcl2-7.3.4-3.1.92mdk.amd64.rpm
 d71c28e9896df7727a73d19c40341d36  amd64/9.2/RPMS/lib64pgtcl2-devel-7.3.4-3.1.92mdk.amd64.rpm
 d67a6007ebf0a299fa0264b3feb7cdb3  amd64/9.2/RPMS/lib64pq3-7.3.4-3.1.92mdk.amd64.rpm
 a08f264d6eadfe84afa3dc5f0333467c  amd64/9.2/RPMS/lib64pq3-devel-7.3.4-3.1.92mdk.amd64.rpm
 9651d89d9e8fb7a1c8ceb1fb8972e7c2  amd64/9.2/RPMS/postgresql-7.3.4-3.1.92mdk.amd64.rpm
 9fbfd6fc58ab4c0d51c42f2d24b60bda  amd64/9.2/RPMS/postgresql-contrib-7.3.4-3.1.92mdk.amd64.rpm
 950a9b42b66f79920c185a33a1242370  amd64/9.2/RPMS/postgresql-devel-7.3.4-3.1.92mdk.amd64.rpm
 ece2006b6cb6406540361c64873c85ec  amd64/9.2/RPMS/postgresql-docs-7.3.4-3.1.92mdk.amd64.rpm
 40b425552eac286f191489ca58d64898  amd64/9.2/RPMS/postgresql-jdbc-7.3.4-3.1.92mdk.amd64.rpm
 c968c4ef557762518c356b2d06ac0c9d  amd64/9.2/RPMS/postgresql-pl-7.3.4-3.1.92mdk.amd64.rpm
 63c4e04d4b71de80a72181099aaa0fea  amd64/9.2/RPMS/postgresql-python-7.3.4-3.1.92mdk.amd64.rpm
 7aa9d7a7690b5fd4f63b6c57845b28ef  amd64/9.2/RPMS/postgresql-server-7.3.4-3.1.92mdk.amd64.rpm
 9f76feb6acddf11ae1413a3f45822aa5  amd64/9.2/RPMS/postgresql-tcl-7.3.4-3.1.92mdk.amd64.rpm
 7ae63a7101d32df569dbe68b5fc4d982  amd64/9.2/RPMS/postgresql-test-7.3.4-3.1.92mdk.amd64.rpm
 4f6776fd9b0eecf4e92ec1d30937a0c3  amd64/9.2/SRPMS/postgresql-7.3.4-3.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBvjK6mqjQ0CJFipgRAvyfAKCOKKU5pcNQbOPm/m0/F062fTxHyACg7V8S
t7FSv+JS/5oZszPjp0Hwg5o=
=Xz93
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ