[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Mt3y5-0002sV-AC@titan.mandriva.com>
Date: Wed, 30 Sep 2009 20:32:01 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2009:176 ] postgresql
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:176
http://www.mandriva.com/security/
_______________________________________________________________________
Package : postgresql
Date : September 30, 2009
Affected: Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before
8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22,
and 7.4 before 7.4.26 does not use the appropriate privileges for
the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations,
which allows remote authenticated users to gain privileges. NOTE:
this is due to an incomplete fix for CVE-2007-6600 (CVE-2009-3230).
This update provides a fix for this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230
_______________________________________________________________________
Updated Packages:
Corporate 3.0:
1929c054467e461c3345c16dee6c97f3 corporate/3.0/i586/libecpg3-7.4.26-0.1.C30mdk.i586.rpm
8dd98dafb3dd31cd96e3d99506cac462 corporate/3.0/i586/libecpg3-devel-7.4.26-0.1.C30mdk.i586.rpm
6bb0e11db96faa5a2080413fbc576282 corporate/3.0/i586/libpgtcl2-7.4.26-0.1.C30mdk.i586.rpm
9d64c23e87f979fe15afddd32f8f442c corporate/3.0/i586/libpgtcl2-devel-7.4.26-0.1.C30mdk.i586.rpm
eec7e7ff106f78604f16775d8f9f48ae corporate/3.0/i586/libpq3-7.4.26-0.1.C30mdk.i586.rpm
65879d23793826965699df7304307127 corporate/3.0/i586/libpq3-devel-7.4.26-0.1.C30mdk.i586.rpm
3dcd3e0dddbfe6c6f8af7008e415c3a8 corporate/3.0/i586/postgresql-7.4.26-0.1.C30mdk.i586.rpm
fdcb8ab4f043a93651d3d9e08c5430d8 corporate/3.0/i586/postgresql-contrib-7.4.26-0.1.C30mdk.i586.rpm
52aba19ff8c021210ed6b69e862958bc corporate/3.0/i586/postgresql-devel-7.4.26-0.1.C30mdk.i586.rpm
5ee5a574c6603b2bcf6d93ddb45a7eeb corporate/3.0/i586/postgresql-docs-7.4.26-0.1.C30mdk.i586.rpm
6ef9fa81860e576cbd02a0cec5f16ca7 corporate/3.0/i586/postgresql-jdbc-7.4.26-0.1.C30mdk.i586.rpm
3d05ea5969170700c8cd2da172a23904 corporate/3.0/i586/postgresql-pl-7.4.26-0.1.C30mdk.i586.rpm
fe5e1dc8ca21d99a0d9efea4e9ca70fe corporate/3.0/i586/postgresql-server-7.4.26-0.1.C30mdk.i586.rpm
48a983024a138fd28842584c42718b12 corporate/3.0/i586/postgresql-tcl-7.4.26-0.1.C30mdk.i586.rpm
bff860c01b98053958c4481732e9280d corporate/3.0/i586/postgresql-test-7.4.26-0.1.C30mdk.i586.rpm
04b3c70744a007bb24fe4895cef60d6c corporate/3.0/SRPMS/postgresql-7.4.26-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
cabfabde318f3b426e1507cad427994c corporate/3.0/x86_64/lib64ecpg3-7.4.26-0.1.C30mdk.x86_64.rpm
4f6caf785709077e29ee430834771494 corporate/3.0/x86_64/lib64ecpg3-devel-7.4.26-0.1.C30mdk.x86_64.rpm
c0422ce2cb71f6daadafece0343ea29e corporate/3.0/x86_64/lib64pgtcl2-7.4.26-0.1.C30mdk.x86_64.rpm
0dfb23cd2cb21ff9804f9c74c91611c7 corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.26-0.1.C30mdk.x86_64.rpm
5fb30f95e34da096f111feb443a9bde0 corporate/3.0/x86_64/lib64pq3-7.4.26-0.1.C30mdk.x86_64.rpm
58edfbaf8f3406e09181cd0b3559c019 corporate/3.0/x86_64/lib64pq3-devel-7.4.26-0.1.C30mdk.x86_64.rpm
db5b5e2932907e7a2be177df6b320c16 corporate/3.0/x86_64/postgresql-7.4.26-0.1.C30mdk.x86_64.rpm
8722f0fbdbcfcdec7f53ed0465b8f7a6 corporate/3.0/x86_64/postgresql-contrib-7.4.26-0.1.C30mdk.x86_64.rpm
39a5d0d05521291dae3f4964e3ec1d91 corporate/3.0/x86_64/postgresql-devel-7.4.26-0.1.C30mdk.x86_64.rpm
dea59ffea0dcc6d3e5718ce826d92490 corporate/3.0/x86_64/postgresql-docs-7.4.26-0.1.C30mdk.x86_64.rpm
f053a335de9d2f950f0be7b5638e4e4b corporate/3.0/x86_64/postgresql-jdbc-7.4.26-0.1.C30mdk.x86_64.rpm
e49e8061402605afc8155e7738765c92 corporate/3.0/x86_64/postgresql-pl-7.4.26-0.1.C30mdk.x86_64.rpm
46ade6bc397485c5191f8987c621a4b5 corporate/3.0/x86_64/postgresql-server-7.4.26-0.1.C30mdk.x86_64.rpm
c9306c7dc29c35cd351abd44ed338ec8 corporate/3.0/x86_64/postgresql-tcl-7.4.26-0.1.C30mdk.x86_64.rpm
14a59e129085aecd862e85b0d1d2afdc corporate/3.0/x86_64/postgresql-test-7.4.26-0.1.C30mdk.x86_64.rpm
04b3c70744a007bb24fe4895cef60d6c corporate/3.0/SRPMS/postgresql-7.4.26-0.1.C30mdk.src.rpm
Corporate 4.0:
dd5fd7f5d0d77bd4231ee1edddf2f488 corporate/4.0/i586/libecpg5-8.1.18-0.1.20060mlcs4.i586.rpm
022fcfd3f26d3e33928591d0bf65ce75 corporate/4.0/i586/libecpg5-devel-8.1.18-0.1.20060mlcs4.i586.rpm
ebd8e1c4d8e412889117ee9ee0555cf6 corporate/4.0/i586/libpq4-8.1.18-0.1.20060mlcs4.i586.rpm
47335465d898f9082b05ba6795eb5c49 corporate/4.0/i586/libpq4-devel-8.1.18-0.1.20060mlcs4.i586.rpm
f9509df0d178c0e317034a8aa331c4a2 corporate/4.0/i586/postgresql-8.1.18-0.1.20060mlcs4.i586.rpm
163a0f1702a406a056a849802d07820a corporate/4.0/i586/postgresql-contrib-8.1.18-0.1.20060mlcs4.i586.rpm
067adf7c039e58d3ff0da9698f8b14b4 corporate/4.0/i586/postgresql-devel-8.1.18-0.1.20060mlcs4.i586.rpm
64b9b78c9b579a7cbf077fc715001477 corporate/4.0/i586/postgresql-docs-8.1.18-0.1.20060mlcs4.i586.rpm
00a0077db9bf3276b6e244578d1cef6e corporate/4.0/i586/postgresql-pl-8.1.18-0.1.20060mlcs4.i586.rpm
bce9456fa8f0270ae63655b73083c9b5 corporate/4.0/i586/postgresql-plperl-8.1.18-0.1.20060mlcs4.i586.rpm
f00cd9bc86dacdd122e9f0427c4b53e5 corporate/4.0/i586/postgresql-plpgsql-8.1.18-0.1.20060mlcs4.i586.rpm
a386ef451546d4fc862b8ae1f4dc300d corporate/4.0/i586/postgresql-plpython-8.1.18-0.1.20060mlcs4.i586.rpm
da74a334338d03adafc22bd94a14e495 corporate/4.0/i586/postgresql-pltcl-8.1.18-0.1.20060mlcs4.i586.rpm
6b8e85641a0ac84ec352e72604889810 corporate/4.0/i586/postgresql-server-8.1.18-0.1.20060mlcs4.i586.rpm
c49787bfe34528529342a0396b24d7de corporate/4.0/i586/postgresql-test-8.1.18-0.1.20060mlcs4.i586.rpm
298101b846540072a6af791340de08dc corporate/4.0/SRPMS/postgresql-8.1.18-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
6b3df04b45fd1b0d79a60cfbc89d1ee4 corporate/4.0/x86_64/lib64ecpg5-8.1.18-0.1.20060mlcs4.x86_64.rpm
0d13a0d12391801c23d3bb45f54ed3a8 corporate/4.0/x86_64/lib64ecpg5-devel-8.1.18-0.1.20060mlcs4.x86_64.rpm
508a98605e92ca64224162bab14fac25 corporate/4.0/x86_64/lib64pq4-8.1.18-0.1.20060mlcs4.x86_64.rpm
c2ebdfbd5276cd1f0571f8779af0b2c3 corporate/4.0/x86_64/lib64pq4-devel-8.1.18-0.1.20060mlcs4.x86_64.rpm
910360f74ac1cd62586c67731ec14c87 corporate/4.0/x86_64/postgresql-8.1.18-0.1.20060mlcs4.x86_64.rpm
257fe2756d78719bec8fb22bc4edece5 corporate/4.0/x86_64/postgresql-contrib-8.1.18-0.1.20060mlcs4.x86_64.rpm
5dd5dec707ec5860cd2a59d5f852ede0 corporate/4.0/x86_64/postgresql-devel-8.1.18-0.1.20060mlcs4.x86_64.rpm
67661aaa75522f1aa6e43d92db9ec9d8 corporate/4.0/x86_64/postgresql-docs-8.1.18-0.1.20060mlcs4.x86_64.rpm
58e3c1ef1a2616b246c285a484d49bd7 corporate/4.0/x86_64/postgresql-pl-8.1.18-0.1.20060mlcs4.x86_64.rpm
e302ba48835b6a572e76e379bb00afbf corporate/4.0/x86_64/postgresql-plperl-8.1.18-0.1.20060mlcs4.x86_64.rpm
22ea68b363dfa14521426e28d35dbd19 corporate/4.0/x86_64/postgresql-plpgsql-8.1.18-0.1.20060mlcs4.x86_64.rpm
1864462b86204d25f3eef191229c04f4 corporate/4.0/x86_64/postgresql-plpython-8.1.18-0.1.20060mlcs4.x86_64.rpm
a6a4323bfc7bde8677e42ee70708d841 corporate/4.0/x86_64/postgresql-pltcl-8.1.18-0.1.20060mlcs4.x86_64.rpm
9197be9651978469f54af90f27b71a5a corporate/4.0/x86_64/postgresql-server-8.1.18-0.1.20060mlcs4.x86_64.rpm
9a9613d72460a9faed47b9a4c5cf00ca corporate/4.0/x86_64/postgresql-test-8.1.18-0.1.20060mlcs4.x86_64.rpm
298101b846540072a6af791340de08dc corporate/4.0/SRPMS/postgresql-8.1.18-0.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKw3jtmqjQ0CJFipgRAh4hAKC1gY7JNurllieceTOo6FsKun2UOgCfSBEf
4zDvL897MXHFHtOy3s90+mI=
=PBCz
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists