lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070427112613.GA20761@tsunami.trustix.net>
Date: Fri, 27 Apr 2007 12:26:13 +0100
From: Trustix Security Advisor <tsl@...stix.org>
To: bugtraq@...urityfocus.com
Subject: TSLSA-2007-0015 - postgresql

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2007-0015

Package names:	   postgresql
Summary:           Multiple vulnerabilities
Date:              2007-04-27
Affected versions: Trustix Secure Linux 2.2
                   Trustix Secure Linux 3.0
                   Trustix Secure Linux 3.0.5
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  postgresql
  PostgreSQL is an advanced Object-Relational database management system
  (DBMS) that supports almost all SQL constructs (including transactions,
  subselects and user-defined types and functions). The postgresql package
  includes the client programs and libraries that you'll need to access a
  PostgreSQL DBMS server. These PostgreSQL client programs are programs
  that directly manipulate the internal structure of PostgreSQL databases
  on a PostgreSQL server. These client programs can be located on the same
  machine with the PostgreSQL server, or may be on a remote machine which
  accesses a PostgreSQL server over a network connection. This package
  contains the docs in HTML for the whole package, as well as command-line
  utilities for managing PostgreSQL databases on a PostgreSQL server.

Problem description:
  postgresql < TSL 3.0.5 >  < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
  - New upstream.
  - SECURITY Fix: A vulnerability has been identified, which could
    be exploited by malicious users to obtain elevated privileges.
    This issue is caused by an insecure "search_path" settings,
    which could be exploited by unprivileged users to gain the SQL
    privileges of the owner of any SECURITY DEFINER function they
    are allowed to call

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2007-2138 to this issue.

Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.2/>
  <URI:http://www.trustix.org/errata/trustix-3.0/> and
  <URI:http://www.trustix.org/errata/trustix-3.0.5/>
  or directly at
  <URI:http://www.trustix.org/errata/2007/0015/>


MD5sums of the packages:
- --------------------------------------------------------------------------
c11e33ceceb5727389ccbe3758346685  3.0.5/rpms/postgresql-8.2.4-1tr.i586.rpm
2ebd428a46e0b22404b4c7cba6ab1d2b  3.0.5/rpms/postgresql-contrib-8.2.4-1tr.i586.rpm
7846323bf5b7c5cad66fc1e2943eb823  3.0.5/rpms/postgresql-devel-8.2.4-1tr.i586.rpm
082c2480a2470e4bfdfdd49728bdec66  3.0.5/rpms/postgresql-docs-8.2.4-1tr.i586.rpm
0194afe42b2a78c5e80a3cc1a7a01348  3.0.5/rpms/postgresql-libs-8.2.4-1tr.i586.rpm
9952b9136c90dd9225e25afc42b7ce00  3.0.5/rpms/postgresql-plperl-8.2.4-1tr.i586.rpm
8485cbd69d7979075693681677f9cafc  3.0.5/rpms/postgresql-python-8.2.4-1tr.i586.rpm
c033ccc811e83e6a7eea5e9e07ac811f  3.0.5/rpms/postgresql-server-8.2.4-1tr.i586.rpm
e09095ff553c892baecb2504f1a5a64e  3.0.5/rpms/postgresql-test-8.2.4-1tr.i586.rpm

db1e46847bdb559560327a709c60c20e  3.0/rpms/postgresql-8.0.13-1tr.i586.rpm
65d589540e3163158d4fb548bc0eea0c  3.0/rpms/postgresql-contrib-8.0.13-1tr.i586.rpm
7ed871a7413ad0e551a5d6e31e8c7478  3.0/rpms/postgresql-devel-8.0.13-1tr.i586.rpm
6e8bebe4fc16084b12fa418b8800c14d  3.0/rpms/postgresql-docs-8.0.13-1tr.i586.rpm
25d92f457566db7d1189d9adce179cf2  3.0/rpms/postgresql-libs-8.0.13-1tr.i586.rpm
ba78ef596f92925f86acc158f1c1a977  3.0/rpms/postgresql-plperl-8.0.13-1tr.i586.rpm
d29ffb6e02ea23a0f1f317eeb8badf7b  3.0/rpms/postgresql-python-8.0.13-1tr.i586.rpm
e9ee32fb0239171648dc592072737cbd  3.0/rpms/postgresql-server-8.0.13-1tr.i586.rpm
060d6169466cd85c598f80b4739b0ebc  3.0/rpms/postgresql-test-8.0.13-1tr.i586.rpm

32bd8555e6c7149d373b67da3900ab40  2.2/rpms/postgresql-8.0.13-1tr.i586.rpm
5d59b60f659ba949907da494e303973f  2.2/rpms/postgresql-contrib-8.0.13-1tr.i586.rpm
bd1e7f2d66cc20272fd0d8e44cda41a1  2.2/rpms/postgresql-devel-8.0.13-1tr.i586.rpm
46a3f160a7a3b4c09ec9917f47f40240  2.2/rpms/postgresql-docs-8.0.13-1tr.i586.rpm
ba4bbb9f20c192614861f819a6cd8783  2.2/rpms/postgresql-libs-8.0.13-1tr.i586.rpm
feb77db7845db023cef235964da1e4b2  2.2/rpms/postgresql-plperl-8.0.13-1tr.i586.rpm
d0f97bbb8161ad7f3f3e247152f05296  2.2/rpms/postgresql-python-8.0.13-1tr.i586.rpm
13e64da7ead6f02966bac78f1d73014c  2.2/rpms/postgresql-server-8.0.13-1tr.i586.rpm
b90ac770fa46a12dfcf363b02898576f  2.2/rpms/postgresql-test-8.0.13-1tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFGMdjbi8CEzsK9IksRAtAsAJ46Nr7tL2GBb8GD7lvtlNw1aGdiMgCeK8cu
mtrEquLaM6ja9mdllNo4aY4=
=FHSX
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ