[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041214002426.31780.qmail@updates.mandrakesoft.com>
Date: 14 Dec 2004 00:24:26 -0000
From: Mandrake Linux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2004:149 - Updated postgresql packages fix temporary file vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: postgresql
Advisory ID: MDKSA-2004:149
Date: December 13th, 2004
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
The Trustix development team found insecure temporary file creation
problems in a script included in the postgresql package. This could
allow an attacker to trick a user into overwriting arbitrary files he
has access to.
The updated packages have been patched to prevent this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0977
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
42ee929f1d987654c3d18a93651bd71e 10.0/RPMS/libecpg3-7.4.1-2.2.100mdk.i586.rpm
db39f8074f6d90240c23bf5ec1f785a0 10.0/RPMS/libecpg3-devel-7.4.1-2.2.100mdk.i586.rpm
a7746beff4b6d47aa8d9cc5c5ca46bf3 10.0/RPMS/libpgtcl2-7.4.1-2.2.100mdk.i586.rpm
2d2ede92fbdbcc7a9504015fc532b150 10.0/RPMS/libpgtcl2-devel-7.4.1-2.2.100mdk.i586.rpm
f13bdbed6efc524a7bbdf6d232b0093e 10.0/RPMS/libpq3-7.4.1-2.2.100mdk.i586.rpm
470b28bf6f82a13a2d266c5417d04533 10.0/RPMS/libpq3-devel-7.4.1-2.2.100mdk.i586.rpm
d02317c7fd9db0a3faf225688b4874b1 10.0/RPMS/postgresql-7.4.1-2.2.100mdk.i586.rpm
549800345474a3b33d59db5376389885 10.0/RPMS/postgresql-contrib-7.4.1-2.2.100mdk.i586.rpm
2fd5328fa98becbdaa22007926c473b4 10.0/RPMS/postgresql-devel-7.4.1-2.2.100mdk.i586.rpm
415467b037e260e3a8a5f6451e4bf415 10.0/RPMS/postgresql-docs-7.4.1-2.2.100mdk.i586.rpm
fe6cfe7cfd7c24062305dff1a6e1b294 10.0/RPMS/postgresql-jdbc-7.4.1-2.2.100mdk.i586.rpm
bc01788a5b21564916fdf995c7b0e47d 10.0/RPMS/postgresql-pl-7.4.1-2.2.100mdk.i586.rpm
5d9a6bfc0dd20edddb7bdf6f56fd0e95 10.0/RPMS/postgresql-server-7.4.1-2.2.100mdk.i586.rpm
40fcaecae0fe467eb082f065cbf06865 10.0/RPMS/postgresql-tcl-7.4.1-2.2.100mdk.i586.rpm
77d53b5d459ba3d31b50895da67689b4 10.0/RPMS/postgresql-test-7.4.1-2.2.100mdk.i586.rpm
b5e9dd330b5a93f2e31c78612da3a1ba 10.0/SRPMS/postgresql-7.4.1-2.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
d3440d6317df79751543b7f22dc20b60 amd64/10.0/RPMS/lib64ecpg3-7.4.1-2.2.100mdk.amd64.rpm
ddd1b953d28b8910af06d8decfa0149d amd64/10.0/RPMS/lib64ecpg3-devel-7.4.1-2.2.100mdk.amd64.rpm
607243700c600e07c9e763c0ece9b182 amd64/10.0/RPMS/lib64pgtcl2-7.4.1-2.2.100mdk.amd64.rpm
989358fda80fecaadb0e2e7d6bd2b6f3 amd64/10.0/RPMS/lib64pgtcl2-devel-7.4.1-2.2.100mdk.amd64.rpm
19fbfbcd84538a8410746bd2f3ea84c9 amd64/10.0/RPMS/lib64pq3-7.4.1-2.2.100mdk.amd64.rpm
57584a8013b252ffd59226ee2f470074 amd64/10.0/RPMS/lib64pq3-devel-7.4.1-2.2.100mdk.amd64.rpm
06d45b7bb58f706efad0d7d9402863e3 amd64/10.0/RPMS/postgresql-7.4.1-2.2.100mdk.amd64.rpm
3051717bc1a5ec844ff7fb9297c60a18 amd64/10.0/RPMS/postgresql-contrib-7.4.1-2.2.100mdk.amd64.rpm
7d20ec815a7ad95e15d3a3bc7224edb8 amd64/10.0/RPMS/postgresql-devel-7.4.1-2.2.100mdk.amd64.rpm
91eb092a900105a459d12731ef8b3849 amd64/10.0/RPMS/postgresql-docs-7.4.1-2.2.100mdk.amd64.rpm
f2da22a5c1dad2e5f717031ee6a2646f amd64/10.0/RPMS/postgresql-jdbc-7.4.1-2.2.100mdk.amd64.rpm
d692ef3e7a59ede26a01640e48417b5f amd64/10.0/RPMS/postgresql-pl-7.4.1-2.2.100mdk.amd64.rpm
f607a841fe8f40bd6ca89822c3bdb6e6 amd64/10.0/RPMS/postgresql-server-7.4.1-2.2.100mdk.amd64.rpm
4b6fe73d3fd986dd9a770ba8ff5864e7 amd64/10.0/RPMS/postgresql-tcl-7.4.1-2.2.100mdk.amd64.rpm
1de143fdd0ac197b19cb451a86c63f46 amd64/10.0/RPMS/postgresql-test-7.4.1-2.2.100mdk.amd64.rpm
b5e9dd330b5a93f2e31c78612da3a1ba amd64/10.0/SRPMS/postgresql-7.4.1-2.2.100mdk.src.rpm
Mandrakelinux 10.1:
038b421964e5a06edc0cac07bc6f3357 10.1/RPMS/libecpg3-7.4.5-4.1.101mdk.i586.rpm
f3e8e3f87c09151241dc48eb9c650d38 10.1/RPMS/libecpg3-devel-7.4.5-4.1.101mdk.i586.rpm
90ec55f75b39ef3c8c3ed9b99f832414 10.1/RPMS/libpgtcl2-7.4.5-4.1.101mdk.i586.rpm
231c7257b30d0ce6adfd3a98f55cf0e7 10.1/RPMS/libpgtcl2-devel-7.4.5-4.1.101mdk.i586.rpm
549bb1646113fd1d26453ad7e036bc47 10.1/RPMS/libpq3-7.4.5-4.1.101mdk.i586.rpm
1c42911cd577275f87fc8af503e58ae8 10.1/RPMS/libpq3-devel-7.4.5-4.1.101mdk.i586.rpm
cc6539fd61356d1ea6ec7b2d99d092da 10.1/RPMS/postgresql-7.4.5-4.1.101mdk.i586.rpm
ba9dc03f958ed7839eead88c4520fc82 10.1/RPMS/postgresql-contrib-7.4.5-4.1.101mdk.i586.rpm
e8fe9519d222e7350723bed3b1d9d969 10.1/RPMS/postgresql-devel-7.4.5-4.1.101mdk.i586.rpm
09e6494b80b19df104092c60b8ce756d 10.1/RPMS/postgresql-docs-7.4.5-4.1.101mdk.i586.rpm
8453edde5e91a015a44c1217a08d6f78 10.1/RPMS/postgresql-jdbc-7.4.5-4.1.101mdk.i586.rpm
36b29f846bee72f41cc1dc8f626d25ad 10.1/RPMS/postgresql-pl-7.4.5-4.1.101mdk.i586.rpm
01f682ba687913c50099b1c0b009b988 10.1/RPMS/postgresql-server-7.4.5-4.1.101mdk.i586.rpm
920e43ddab348634e52e840792aeb8f5 10.1/RPMS/postgresql-tcl-7.4.5-4.1.101mdk.i586.rpm
8efb20c5240dfd3b6c0bc3d9e64e84b9 10.1/RPMS/postgresql-test-7.4.5-4.1.101mdk.i586.rpm
292193400d7813990be865f293124501 10.1/SRPMS/postgresql-7.4.5-4.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
6ec21fdc7cad01b8a4e8dc29a3960f8b x86_64/10.1/RPMS/lib64ecpg3-7.4.5-4.1.101mdk.x86_64.rpm
16c09677bb10ed07f6d471e2019044d7 x86_64/10.1/RPMS/lib64ecpg3-devel-7.4.5-4.1.101mdk.x86_64.rpm
bc26791211a5dca9f763c255f37df9e6 x86_64/10.1/RPMS/lib64pgtcl2-7.4.5-4.1.101mdk.x86_64.rpm
e23806d64a0deab807386c86e52dae16 x86_64/10.1/RPMS/lib64pgtcl2-devel-7.4.5-4.1.101mdk.x86_64.rpm
b6feb4c09cb845a253f6a7007c8a11d9 x86_64/10.1/RPMS/lib64pq3-7.4.5-4.1.101mdk.x86_64.rpm
cca224d5eacf0bd54706fb3f65bee943 x86_64/10.1/RPMS/lib64pq3-devel-7.4.5-4.1.101mdk.x86_64.rpm
9de90f3d97d7575921576740c2fb9ce3 x86_64/10.1/RPMS/postgresql-7.4.5-4.1.101mdk.x86_64.rpm
4b85e80adc337f0640a176ad329e360e x86_64/10.1/RPMS/postgresql-contrib-7.4.5-4.1.101mdk.x86_64.rpm
75dc09a9290fd56034f99f213c0956da x86_64/10.1/RPMS/postgresql-devel-7.4.5-4.1.101mdk.x86_64.rpm
ad406f522abcb278de9e16324165efac x86_64/10.1/RPMS/postgresql-docs-7.4.5-4.1.101mdk.x86_64.rpm
365d7596860d4832ef9d56ee2479e3f1 x86_64/10.1/RPMS/postgresql-jdbc-7.4.5-4.1.101mdk.x86_64.rpm
9bc7275c01374582cbac17da054d1777 x86_64/10.1/RPMS/postgresql-pl-7.4.5-4.1.101mdk.x86_64.rpm
4658e428b35795a78455e20f0e38fefe x86_64/10.1/RPMS/postgresql-server-7.4.5-4.1.101mdk.x86_64.rpm
7cf5a6545c5ae5897dc1ce32b0c4b3db x86_64/10.1/RPMS/postgresql-tcl-7.4.5-4.1.101mdk.x86_64.rpm
8c51186bccbc4448de47a3309a45b8c8 x86_64/10.1/RPMS/postgresql-test-7.4.5-4.1.101mdk.x86_64.rpm
292193400d7813990be865f293124501 x86_64/10.1/SRPMS/postgresql-7.4.5-4.1.101mdk.src.rpm
Corporate Server 2.1:
d022cd961c05e657463edbc70845e9ce corporate/2.1/RPMS/libecpg3-7.2.2-1.5.C21mdk.i586.rpm
c5019b3e01e4c9e2c257d9f5b34f47d7 corporate/2.1/RPMS/libpgperl-7.2.2-1.5.C21mdk.i586.rpm
b795620fff920ac80e4a56284c4fdc6e corporate/2.1/RPMS/libpgsql2-7.2.2-1.5.C21mdk.i586.rpm
fc685cb269ff0793d7c996e7a14f8c5a corporate/2.1/RPMS/libpgsqlodbc0-7.2.2-1.5.C21mdk.i586.rpm
510173f27010b3f4dc7e9607baf65b43 corporate/2.1/RPMS/libpgtcl2-7.2.2-1.5.C21mdk.i586.rpm
57f1f00f797206fa88a4568f2fc9d30c corporate/2.1/RPMS/postgresql-7.2.2-1.5.C21mdk.i586.rpm
12a784a3da037aeea4d5c2ef9edf514b corporate/2.1/RPMS/postgresql-contrib-7.2.2-1.5.C21mdk.i586.rpm
fbe3b2288a3c9ac27f9aa87f40745f13 corporate/2.1/RPMS/postgresql-devel-7.2.2-1.5.C21mdk.i586.rpm
a2005700f5785e8500ddbd47f6339f7a corporate/2.1/RPMS/postgresql-docs-7.2.2-1.5.C21mdk.i586.rpm
16e1741a45057b0153e4c859602f9347 corporate/2.1/RPMS/postgresql-jdbc-7.2.2-1.5.C21mdk.i586.rpm
2dea178aa7de43d6e8ef55dba5bf611e corporate/2.1/RPMS/postgresql-python-7.2.2-1.5.C21mdk.i586.rpm
8c5bb8efdcb8d1e36d2e88f771d3c63c corporate/2.1/RPMS/postgresql-server-7.2.2-1.5.C21mdk.i586.rpm
80e77abb1a2f3ca838084be70fd8de23 corporate/2.1/RPMS/postgresql-tcl-7.2.2-1.5.C21mdk.i586.rpm
29fab63997c6a08c7f926b962cb9e389 corporate/2.1/RPMS/postgresql-test-7.2.2-1.5.C21mdk.i586.rpm
ae8da67f7fd5975b34c82ce030e138e2 corporate/2.1/RPMS/postgresql-tk-7.2.2-1.5.C21mdk.i586.rpm
a25011601914e23dd61bab79dbb45d01 corporate/2.1/SRPMS/postgresql-7.2.2-1.5.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
15bdf9f3362ad77ef0230f6e5499351d x86_64/corporate/2.1/RPMS/libecpg3-7.2.2-1.5.C21mdk.x86_64.rpm
1c63a7aa7effbeed43338ecab9fec590 x86_64/corporate/2.1/RPMS/libpgperl-7.2.2-1.5.C21mdk.x86_64.rpm
0a38f33b0d1444e5fc8d77e8253bdd6a x86_64/corporate/2.1/RPMS/libpgsql2-7.2.2-1.5.C21mdk.x86_64.rpm
2f1c19013fe39a229c7a0c4fcbd0cd50 x86_64/corporate/2.1/RPMS/libpgsqlodbc0-7.2.2-1.5.C21mdk.x86_64.rpm
fee3ae104e853bc1bb328607746cdef1 x86_64/corporate/2.1/RPMS/libpgtcl2-7.2.2-1.5.C21mdk.x86_64.rpm
cdb838c60d8b829d819f5c73befbe4c9 x86_64/corporate/2.1/RPMS/postgresql-7.2.2-1.5.C21mdk.x86_64.rpm
45ead71320f0c0e744306eaf0d95379a x86_64/corporate/2.1/RPMS/postgresql-contrib-7.2.2-1.5.C21mdk.x86_64.rpm
787e733325d7df27b0a223950fe0c749 x86_64/corporate/2.1/RPMS/postgresql-devel-7.2.2-1.5.C21mdk.x86_64.rpm
7c16ba4e4cc84ace4a7d45cc9a0ff3a8 x86_64/corporate/2.1/RPMS/postgresql-docs-7.2.2-1.5.C21mdk.x86_64.rpm
585229208bcdbbd91e7fa39370354f26 x86_64/corporate/2.1/RPMS/postgresql-jdbc-7.2.2-1.5.C21mdk.x86_64.rpm
7ca7e40602da3cb897f874deaf3dc7aa x86_64/corporate/2.1/RPMS/postgresql-python-7.2.2-1.5.C21mdk.x86_64.rpm
35d2095552e69a94370a40c2f0b57883 x86_64/corporate/2.1/RPMS/postgresql-server-7.2.2-1.5.C21mdk.x86_64.rpm
6003298dacd098e898fcd2a786d9b6b1 x86_64/corporate/2.1/RPMS/postgresql-tcl-7.2.2-1.5.C21mdk.x86_64.rpm
0f8e7cb8f7db8a2e4138eccf6bc4ce61 x86_64/corporate/2.1/RPMS/postgresql-test-7.2.2-1.5.C21mdk.x86_64.rpm
9c698daa17937ee304cf67e775ac1f9f x86_64/corporate/2.1/RPMS/postgresql-tk-7.2.2-1.5.C21mdk.x86_64.rpm
a25011601914e23dd61bab79dbb45d01 x86_64/corporate/2.1/SRPMS/postgresql-7.2.2-1.5.C21mdk.src.rpm
Mandrakelinux 9.2:
d0078b151e7eb45ebe2228f989629c58 9.2/RPMS/libecpg3-7.3.4-3.1.92mdk.i586.rpm
6a7a09fc264f5ff881b858009b139e19 9.2/RPMS/libecpg3-devel-7.3.4-3.1.92mdk.i586.rpm
e38a3444013cc11a7fa314a14e30e8ca 9.2/RPMS/libpgtcl2-7.3.4-3.1.92mdk.i586.rpm
061057164351e02c5c9fecbefe0f57b9 9.2/RPMS/libpgtcl2-devel-7.3.4-3.1.92mdk.i586.rpm
ac290d173ee5bad4d00d8e6ced7b57e1 9.2/RPMS/libpq3-7.3.4-3.1.92mdk.i586.rpm
0243523c0378c0dda1e0921b28529d27 9.2/RPMS/libpq3-devel-7.3.4-3.1.92mdk.i586.rpm
61dccb2131084e82861f7c924c5ada76 9.2/RPMS/postgresql-7.3.4-3.1.92mdk.i586.rpm
4ae07bd394812cb0d5942ebd9eb9ccab 9.2/RPMS/postgresql-contrib-7.3.4-3.1.92mdk.i586.rpm
72ed5aa265b0fcc12164e3a0892bd2b0 9.2/RPMS/postgresql-devel-7.3.4-3.1.92mdk.i586.rpm
b0f8ac986367b03ff68887054f8b1d97 9.2/RPMS/postgresql-docs-7.3.4-3.1.92mdk.i586.rpm
f7b05064cdb3ab43112e090c4dbe00d4 9.2/RPMS/postgresql-jdbc-7.3.4-3.1.92mdk.i586.rpm
6d6bede725e5390c724b21574ea91f62 9.2/RPMS/postgresql-pl-7.3.4-3.1.92mdk.i586.rpm
1dc67d78a8c6822f9155ae02794d23c7 9.2/RPMS/postgresql-python-7.3.4-3.1.92mdk.i586.rpm
b36df52025ff07b5df65ab202d5a5e4c 9.2/RPMS/postgresql-server-7.3.4-3.1.92mdk.i586.rpm
8ee633f85b7e1712e4526540b6888f6f 9.2/RPMS/postgresql-tcl-7.3.4-3.1.92mdk.i586.rpm
18e4b698056fe783eb3d814a89216d1b 9.2/RPMS/postgresql-test-7.3.4-3.1.92mdk.i586.rpm
4f6776fd9b0eecf4e92ec1d30937a0c3 9.2/SRPMS/postgresql-7.3.4-3.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
ed0d88c0e870f5fffaabfd58ae479ab5 amd64/9.2/RPMS/lib64ecpg3-7.3.4-3.1.92mdk.amd64.rpm
8e675f9a736722c9663619670e792846 amd64/9.2/RPMS/lib64ecpg3-devel-7.3.4-3.1.92mdk.amd64.rpm
cc23092f8a3acbfcf5fa675d4506dbc8 amd64/9.2/RPMS/lib64pgtcl2-7.3.4-3.1.92mdk.amd64.rpm
d71c28e9896df7727a73d19c40341d36 amd64/9.2/RPMS/lib64pgtcl2-devel-7.3.4-3.1.92mdk.amd64.rpm
d67a6007ebf0a299fa0264b3feb7cdb3 amd64/9.2/RPMS/lib64pq3-7.3.4-3.1.92mdk.amd64.rpm
a08f264d6eadfe84afa3dc5f0333467c amd64/9.2/RPMS/lib64pq3-devel-7.3.4-3.1.92mdk.amd64.rpm
9651d89d9e8fb7a1c8ceb1fb8972e7c2 amd64/9.2/RPMS/postgresql-7.3.4-3.1.92mdk.amd64.rpm
9fbfd6fc58ab4c0d51c42f2d24b60bda amd64/9.2/RPMS/postgresql-contrib-7.3.4-3.1.92mdk.amd64.rpm
950a9b42b66f79920c185a33a1242370 amd64/9.2/RPMS/postgresql-devel-7.3.4-3.1.92mdk.amd64.rpm
ece2006b6cb6406540361c64873c85ec amd64/9.2/RPMS/postgresql-docs-7.3.4-3.1.92mdk.amd64.rpm
40b425552eac286f191489ca58d64898 amd64/9.2/RPMS/postgresql-jdbc-7.3.4-3.1.92mdk.amd64.rpm
c968c4ef557762518c356b2d06ac0c9d amd64/9.2/RPMS/postgresql-pl-7.3.4-3.1.92mdk.amd64.rpm
63c4e04d4b71de80a72181099aaa0fea amd64/9.2/RPMS/postgresql-python-7.3.4-3.1.92mdk.amd64.rpm
7aa9d7a7690b5fd4f63b6c57845b28ef amd64/9.2/RPMS/postgresql-server-7.3.4-3.1.92mdk.amd64.rpm
9f76feb6acddf11ae1413a3f45822aa5 amd64/9.2/RPMS/postgresql-tcl-7.3.4-3.1.92mdk.amd64.rpm
7ae63a7101d32df569dbe68b5fc4d982 amd64/9.2/RPMS/postgresql-test-7.3.4-3.1.92mdk.amd64.rpm
4f6776fd9b0eecf4e92ec1d30937a0c3 amd64/9.2/SRPMS/postgresql-7.3.4-3.1.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBvjK6mqjQ0CJFipgRAvyfAKCOKKU5pcNQbOPm/m0/F062fTxHyACg7V8S
t7FSv+JS/5oZszPjp0Hwg5o=
=Xz93
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists