[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070427112613.GA20761@tsunami.trustix.net>
Date: Fri, 27 Apr 2007 12:26:13 +0100
From: Trustix Security Advisor <tsl@...stix.org>
To: bugtraq@...urityfocus.com
Subject: TSLSA-2007-0015 - postgresql
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2007-0015
Package names: postgresql
Summary: Multiple vulnerabilities
Date: 2007-04-27
Affected versions: Trustix Secure Linux 2.2
Trustix Secure Linux 3.0
Trustix Secure Linux 3.0.5
Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
postgresql
PostgreSQL is an advanced Object-Relational database management system
(DBMS) that supports almost all SQL constructs (including transactions,
subselects and user-defined types and functions). The postgresql package
includes the client programs and libraries that you'll need to access a
PostgreSQL DBMS server. These PostgreSQL client programs are programs
that directly manipulate the internal structure of PostgreSQL databases
on a PostgreSQL server. These client programs can be located on the same
machine with the PostgreSQL server, or may be on a remote machine which
accesses a PostgreSQL server over a network connection. This package
contains the docs in HTML for the whole package, as well as command-line
utilities for managing PostgreSQL databases on a PostgreSQL server.
Problem description:
postgresql < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New upstream.
- SECURITY Fix: A vulnerability has been identified, which could
be exploited by malicious users to obtain elevated privileges.
This issue is caused by an insecure "search_path" settings,
which could be exploited by unprivileged users to gain the SQL
privileges of the owner of any SECURITY DEFINER function they
are allowed to call
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-2138 to this issue.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/>
<URI:http://www.trustix.org/errata/trustix-3.0/> and
<URI:http://www.trustix.org/errata/trustix-3.0.5/>
or directly at
<URI:http://www.trustix.org/errata/2007/0015/>
MD5sums of the packages:
- --------------------------------------------------------------------------
c11e33ceceb5727389ccbe3758346685 3.0.5/rpms/postgresql-8.2.4-1tr.i586.rpm
2ebd428a46e0b22404b4c7cba6ab1d2b 3.0.5/rpms/postgresql-contrib-8.2.4-1tr.i586.rpm
7846323bf5b7c5cad66fc1e2943eb823 3.0.5/rpms/postgresql-devel-8.2.4-1tr.i586.rpm
082c2480a2470e4bfdfdd49728bdec66 3.0.5/rpms/postgresql-docs-8.2.4-1tr.i586.rpm
0194afe42b2a78c5e80a3cc1a7a01348 3.0.5/rpms/postgresql-libs-8.2.4-1tr.i586.rpm
9952b9136c90dd9225e25afc42b7ce00 3.0.5/rpms/postgresql-plperl-8.2.4-1tr.i586.rpm
8485cbd69d7979075693681677f9cafc 3.0.5/rpms/postgresql-python-8.2.4-1tr.i586.rpm
c033ccc811e83e6a7eea5e9e07ac811f 3.0.5/rpms/postgresql-server-8.2.4-1tr.i586.rpm
e09095ff553c892baecb2504f1a5a64e 3.0.5/rpms/postgresql-test-8.2.4-1tr.i586.rpm
db1e46847bdb559560327a709c60c20e 3.0/rpms/postgresql-8.0.13-1tr.i586.rpm
65d589540e3163158d4fb548bc0eea0c 3.0/rpms/postgresql-contrib-8.0.13-1tr.i586.rpm
7ed871a7413ad0e551a5d6e31e8c7478 3.0/rpms/postgresql-devel-8.0.13-1tr.i586.rpm
6e8bebe4fc16084b12fa418b8800c14d 3.0/rpms/postgresql-docs-8.0.13-1tr.i586.rpm
25d92f457566db7d1189d9adce179cf2 3.0/rpms/postgresql-libs-8.0.13-1tr.i586.rpm
ba78ef596f92925f86acc158f1c1a977 3.0/rpms/postgresql-plperl-8.0.13-1tr.i586.rpm
d29ffb6e02ea23a0f1f317eeb8badf7b 3.0/rpms/postgresql-python-8.0.13-1tr.i586.rpm
e9ee32fb0239171648dc592072737cbd 3.0/rpms/postgresql-server-8.0.13-1tr.i586.rpm
060d6169466cd85c598f80b4739b0ebc 3.0/rpms/postgresql-test-8.0.13-1tr.i586.rpm
32bd8555e6c7149d373b67da3900ab40 2.2/rpms/postgresql-8.0.13-1tr.i586.rpm
5d59b60f659ba949907da494e303973f 2.2/rpms/postgresql-contrib-8.0.13-1tr.i586.rpm
bd1e7f2d66cc20272fd0d8e44cda41a1 2.2/rpms/postgresql-devel-8.0.13-1tr.i586.rpm
46a3f160a7a3b4c09ec9917f47f40240 2.2/rpms/postgresql-docs-8.0.13-1tr.i586.rpm
ba4bbb9f20c192614861f819a6cd8783 2.2/rpms/postgresql-libs-8.0.13-1tr.i586.rpm
feb77db7845db023cef235964da1e4b2 2.2/rpms/postgresql-plperl-8.0.13-1tr.i586.rpm
d0f97bbb8161ad7f3f3e247152f05296 2.2/rpms/postgresql-python-8.0.13-1tr.i586.rpm
13e64da7ead6f02966bac78f1d73014c 2.2/rpms/postgresql-server-8.0.13-1tr.i586.rpm
b90ac770fa46a12dfcf363b02898576f 2.2/rpms/postgresql-test-8.0.13-1tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFGMdjbi8CEzsK9IksRAtAsAJ46Nr7tL2GBb8GD7lvtlNw1aGdiMgCeK8cu
mtrEquLaM6ja9mdllNo4aY4=
=FHSX
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists