[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1GeioH-0005mz-36@mercury.mandriva.com>
Date: Mon, 30 Oct 2006 18:53:00 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2006:194 ] - Updated PostgreSQL packages
fix vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:194
http://www.mandriva.com/security/
_______________________________________________________________________
Package : postgresql
Date : October 30, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability in PostgreSQL 8.1.x allowed remote authenticated users
to cause a Denial of Service (daemon crash) via certain aggregate
functions in an UPDATE statement which were not handled correctly
(CVE-2006-5540).
Another DoS issue in PostgreSQL 7.4.x, 8.0.x, and 8.1.x allowed remote
authenticated users to crash the daemon via a coercion of an unknown
element to ANYARRAY (CVE-2006-5541).
Finally, another vulnerability in 8.1.x could allow a remote
authenticated user to cause a DoS related to duration logging of
V3-protocol Execute message for COMMIT and ROLLBACK statements
(CVE-2006-5542).
This updated provides the latest 8.0.x and 8.1.x PostgreSQL versions
and patches the version of PostgreSQL shipped with Corporate 3.0.
After installing this upgrade, you will need to execute "service
postgresql restart" for it to take effect.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5542
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
1fb571748d2c90bd15e3cd8fd8f2ce44 2006.0/i586/libecpg5-8.0.9-0.1.20060mdk.i586.rpm
ed4f5712c8981cad55401043600820cf 2006.0/i586/libecpg5-devel-8.0.9-0.1.20060mdk.i586.rpm
0466a77d44a3b0dadd9c4f3e50339eb5 2006.0/i586/libpq4-8.0.9-0.1.20060mdk.i586.rpm
1149c289545be7a75d702665672d5191 2006.0/i586/libpq4-devel-8.0.9-0.1.20060mdk.i586.rpm
01bf40cba5982c032fe7c30890ea4ba3 2006.0/i586/postgresql-8.0.9-0.1.20060mdk.i586.rpm
43b86ce619e0e838dabe50a4db0de4b5 2006.0/i586/postgresql-contrib-8.0.9-0.1.20060mdk.i586.rpm
d04bbd08d8a46211738e8ce6f1bf4e32 2006.0/i586/postgresql-devel-8.0.9-0.1.20060mdk.i586.rpm
0ca91af936b21233550407b77a062d17 2006.0/i586/postgresql-docs-8.0.9-0.1.20060mdk.i586.rpm
9d7db675ef8020751378eddff8472940 2006.0/i586/postgresql-jdbc-8.0.9-0.1.20060mdk.i586.rpm
8b02452736d9b74b563f859f14427f26 2006.0/i586/postgresql-pl-8.0.9-0.1.20060mdk.i586.rpm
d6044790a99203e54f036bd81b236bb6 2006.0/i586/postgresql-plperl-8.0.9-0.1.20060mdk.i586.rpm
2fda8e8a6fa08089aac4b0862b68553b 2006.0/i586/postgresql-plpgsql-8.0.9-0.1.20060mdk.i586.rpm
eff79cf24be0c26d58ee2995b12bb130 2006.0/i586/postgresql-plpython-8.0.9-0.1.20060mdk.i586.rpm
fd72f96206ef85c1b55488bb68462408 2006.0/i586/postgresql-pltcl-8.0.9-0.1.20060mdk.i586.rpm
f5904aecf7f0eaf88d5ec7cf80a910da 2006.0/i586/postgresql-server-8.0.9-0.1.20060mdk.i586.rpm
1477b09a635ca665aef8ba43d6ee5c2e 2006.0/i586/postgresql-test-8.0.9-0.1.20060mdk.i586.rpm
ff24736bd204ad38a014215bd32a006a 2006.0/SRPMS/postgresql-8.0.9-0.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
5fc89eca9286a691155eb5e53519af42 2006.0/x86_64/lib64ecpg5-8.0.9-0.1.20060mdk.x86_64.rpm
00de88aa7317e47520524e433df4983d 2006.0/x86_64/lib64ecpg5-devel-8.0.9-0.1.20060mdk.x86_64.rpm
cf2533c6dd26873da1df50f310669acd 2006.0/x86_64/lib64pq4-8.0.9-0.1.20060mdk.x86_64.rpm
8ea480eb47f34581a647820f3a9b2a6c 2006.0/x86_64/lib64pq4-devel-8.0.9-0.1.20060mdk.x86_64.rpm
f021ef750b2705421014f90ade870d43 2006.0/x86_64/postgresql-8.0.9-0.1.20060mdk.x86_64.rpm
adbdd69d8ae11e1b068c58f25d8f64eb 2006.0/x86_64/postgresql-contrib-8.0.9-0.1.20060mdk.x86_64.rpm
e35b8a7ee77fd1a5a6a031016514b195 2006.0/x86_64/postgresql-devel-8.0.9-0.1.20060mdk.x86_64.rpm
314b05df0f065843135a4d4920fc2599 2006.0/x86_64/postgresql-docs-8.0.9-0.1.20060mdk.x86_64.rpm
5a6d3aaa058ea31eb1e05e54104d5350 2006.0/x86_64/postgresql-jdbc-8.0.9-0.1.20060mdk.x86_64.rpm
32fb058d2d478c505a1f3957dcb7c994 2006.0/x86_64/postgresql-pl-8.0.9-0.1.20060mdk.x86_64.rpm
f1a1d5a54e4ac529744eeca2de780066 2006.0/x86_64/postgresql-plperl-8.0.9-0.1.20060mdk.x86_64.rpm
76665f281a7696f710fc2dc9a8138374 2006.0/x86_64/postgresql-plpgsql-8.0.9-0.1.20060mdk.x86_64.rpm
ff50a1b54276a6d5d80689ef1d8069ff 2006.0/x86_64/postgresql-plpython-8.0.9-0.1.20060mdk.x86_64.rpm
19ea6350ab699a2224325b2de5ebd84b 2006.0/x86_64/postgresql-pltcl-8.0.9-0.1.20060mdk.x86_64.rpm
bdaf40227e8352392a33be14f546bf72 2006.0/x86_64/postgresql-server-8.0.9-0.1.20060mdk.x86_64.rpm
f3729161d74e40ec9755f4d6ed00719c 2006.0/x86_64/postgresql-test-8.0.9-0.1.20060mdk.x86_64.rpm
ff24736bd204ad38a014215bd32a006a 2006.0/SRPMS/postgresql-8.0.9-0.1.20060mdk.src.rpm
Mandriva Linux 2007.0:
ac56fa5052022abcd0e14020b358f405 2007.0/i586/libecpg5-8.1.5-1.1mdv2007.0.i586.rpm
3478d9db597de1ca4301f215dc0d723b 2007.0/i586/libecpg5-devel-8.1.5-1.1mdv2007.0.i586.rpm
8a3118cd7c30bd148f8c28eb67634ed4 2007.0/i586/libpq4-8.1.5-1.1mdv2007.0.i586.rpm
faf39e2ca0b08d3f3fecb653c29cb3ee 2007.0/i586/libpq4-devel-8.1.5-1.1mdv2007.0.i586.rpm
9455b83b95b34dcc4f63cae6bb09ba43 2007.0/i586/postgresql-8.1.5-1.1mdv2007.0.i586.rpm
73ad9b8f3b64f30606df8df0c9c50cae 2007.0/i586/postgresql-contrib-8.1.5-1.1mdv2007.0.i586.rpm
f413df37137b6442f8f0f98f90cdd0f2 2007.0/i586/postgresql-devel-8.1.5-1.1mdv2007.0.i586.rpm
1ea0dbdee49b367698c4a154328a9c2a 2007.0/i586/postgresql-docs-8.1.5-1.1mdv2007.0.i586.rpm
4c05a60ab179ccf2bf0d26b516976abf 2007.0/i586/postgresql-pl-8.1.5-1.1mdv2007.0.i586.rpm
25e2b5df178be8deb2f2f2bfeae29d48 2007.0/i586/postgresql-plperl-8.1.5-1.1mdv2007.0.i586.rpm
eee6444693f723372a287d62dc2ea0da 2007.0/i586/postgresql-plpgsql-8.1.5-1.1mdv2007.0.i586.rpm
08044754f6a3bb70aab008e0f91395f1 2007.0/i586/postgresql-plpython-8.1.5-1.1mdv2007.0.i586.rpm
a75b7c287e4946f3ff4c2b66be1f8931 2007.0/i586/postgresql-pltcl-8.1.5-1.1mdv2007.0.i586.rpm
46150f94055d88e114d6d7563a0a2af6 2007.0/i586/postgresql-server-8.1.5-1.1mdv2007.0.i586.rpm
c1c48e44ea40621c7b9166161bafbdbd 2007.0/i586/postgresql-test-8.1.5-1.1mdv2007.0.i586.rpm
2445c13c47075faa93f8a74c1dff9b15 2007.0/SRPMS/postgresql-8.1.5-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
c9f5a2bd635f3a8f71a642fdb0c61a70 2007.0/x86_64/lib64ecpg5-8.1.5-1.1mdv2007.0.x86_64.rpm
97356c96c606e93ea935929817e1bdf9 2007.0/x86_64/lib64ecpg5-devel-8.1.5-1.1mdv2007.0.x86_64.rpm
df65534147d923dfd8aed7cecd15d2b1 2007.0/x86_64/lib64pq4-8.1.5-1.1mdv2007.0.x86_64.rpm
88b41f69996829f9113afbc526630431 2007.0/x86_64/lib64pq4-devel-8.1.5-1.1mdv2007.0.x86_64.rpm
c721cb020ae8d47d3953a9b5d3942b58 2007.0/x86_64/postgresql-8.1.5-1.1mdv2007.0.x86_64.rpm
92a27c6b77e20e943781dcf117e36439 2007.0/x86_64/postgresql-contrib-8.1.5-1.1mdv2007.0.x86_64.rpm
67ba2ad1be4c65c711f443178a32364e 2007.0/x86_64/postgresql-devel-8.1.5-1.1mdv2007.0.x86_64.rpm
4ed8e29d73fffe92e7d90a8cd913ca18 2007.0/x86_64/postgresql-docs-8.1.5-1.1mdv2007.0.x86_64.rpm
932fb1d2b0592953fa9d6a931140d6a2 2007.0/x86_64/postgresql-pl-8.1.5-1.1mdv2007.0.x86_64.rpm
299452ce74af7d7a5913a292bf649ac2 2007.0/x86_64/postgresql-plperl-8.1.5-1.1mdv2007.0.x86_64.rpm
f0477ff759d4026051e68a927f7ee0d4 2007.0/x86_64/postgresql-plpgsql-8.1.5-1.1mdv2007.0.x86_64.rpm
0dd0e8a435d403ea8fffcc8f4d708070 2007.0/x86_64/postgresql-plpython-8.1.5-1.1mdv2007.0.x86_64.rpm
a42972ca797bebef9faa861fd32917fa 2007.0/x86_64/postgresql-pltcl-8.1.5-1.1mdv2007.0.x86_64.rpm
201faf962540b78f49fb1c6ad6657c57 2007.0/x86_64/postgresql-server-8.1.5-1.1mdv2007.0.x86_64.rpm
f307467b7567da24cd4e46fb8745e05f 2007.0/x86_64/postgresql-test-8.1.5-1.1mdv2007.0.x86_64.rpm
2445c13c47075faa93f8a74c1dff9b15 2007.0/SRPMS/postgresql-8.1.5-1.1mdv2007.0.src.rpm
Corporate 3.0:
ea5314d8ea3b3f18c0075aff95bc7200 corporate/3.0/i586/libecpg3-7.4.1-2.7.C30mdk.i586.rpm
23c6670398f27abf928992a9812fc578 corporate/3.0/i586/libecpg3-devel-7.4.1-2.7.C30mdk.i586.rpm
101e16a7faf1a6920d24af4ccc66e319 corporate/3.0/i586/libpgtcl2-7.4.1-2.7.C30mdk.i586.rpm
ca2d39a28d8c86fa1ff2e1f8ed510e89 corporate/3.0/i586/libpgtcl2-devel-7.4.1-2.7.C30mdk.i586.rpm
bc955518e6ad3315226fe5ab14ffc6d7 corporate/3.0/i586/libpq3-7.4.1-2.7.C30mdk.i586.rpm
f65ec0a99e111f76e7bb6e515648cd0a corporate/3.0/i586/libpq3-devel-7.4.1-2.7.C30mdk.i586.rpm
e47e849098af0d788b406a982391edbe corporate/3.0/i586/postgresql-7.4.1-2.7.C30mdk.i586.rpm
4435fecede0b88db775c2c9aee378158 corporate/3.0/i586/postgresql-contrib-7.4.1-2.7.C30mdk.i586.rpm
033ad03ff0dd8632d420f16993a7d7ec corporate/3.0/i586/postgresql-devel-7.4.1-2.7.C30mdk.i586.rpm
4b795893f10706b85f51502e403b4044 corporate/3.0/i586/postgresql-docs-7.4.1-2.7.C30mdk.i586.rpm
7e784bcba9573e52774256c8b3219c1e corporate/3.0/i586/postgresql-jdbc-7.4.1-2.7.C30mdk.i586.rpm
58d483706e95cd39a5df02a32a7b81d4 corporate/3.0/i586/postgresql-pl-7.4.1-2.7.C30mdk.i586.rpm
766327598604b042b2311489ce876a99 corporate/3.0/i586/postgresql-server-7.4.1-2.7.C30mdk.i586.rpm
81c7ca36c3e6dabc88c03cbe4134a7d2 corporate/3.0/i586/postgresql-tcl-7.4.1-2.7.C30mdk.i586.rpm
9fc697243ac48f3553de9b1ff6500965 corporate/3.0/i586/postgresql-test-7.4.1-2.7.C30mdk.i586.rpm
a43af6d9f276cc26e1c35aca23ef2bbc corporate/3.0/SRPMS/postgresql-7.4.1-2.7.C30mdk.src.rpm
Corporate 3.0/X86_64:
34954f43ad725af7530b6232bd5bd556 corporate/3.0/x86_64/lib64ecpg3-7.4.1-2.7.C30mdk.x86_64.rpm
761e273759dfab143dc126f48d511b45 corporate/3.0/x86_64/lib64ecpg3-devel-7.4.1-2.7.C30mdk.x86_64.rpm
517c15b8f4a1d54a4c950220c25dd23b corporate/3.0/x86_64/lib64pgtcl2-7.4.1-2.7.C30mdk.x86_64.rpm
a10677a6af9609fbf8f05526ce9caec6 corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.1-2.7.C30mdk.x86_64.rpm
4a5b755a9dbbe425bef61e6269da112f corporate/3.0/x86_64/lib64pq3-7.4.1-2.7.C30mdk.x86_64.rpm
3a4c7d4ef3830c057adb3aa47655d21a corporate/3.0/x86_64/lib64pq3-devel-7.4.1-2.7.C30mdk.x86_64.rpm
e7fe9777ad5637ba96a1260c77a373e0 corporate/3.0/x86_64/postgresql-7.4.1-2.7.C30mdk.x86_64.rpm
4f492571534522371d1b6bc6dc27b02c corporate/3.0/x86_64/postgresql-contrib-7.4.1-2.7.C30mdk.x86_64.rpm
7ca9240f5038a2d90da56b31fc698824 corporate/3.0/x86_64/postgresql-devel-7.4.1-2.7.C30mdk.x86_64.rpm
7a92752be990700ef7ef1cde076c7bb0 corporate/3.0/x86_64/postgresql-docs-7.4.1-2.7.C30mdk.x86_64.rpm
3c660c199d346b565706be8cd1f94196 corporate/3.0/x86_64/postgresql-jdbc-7.4.1-2.7.C30mdk.x86_64.rpm
a742de9115bf59fcf57e97f6d4bde9a5 corporate/3.0/x86_64/postgresql-pl-7.4.1-2.7.C30mdk.x86_64.rpm
69599b34d2fa9ab8a35dc76acefbaebb corporate/3.0/x86_64/postgresql-server-7.4.1-2.7.C30mdk.x86_64.rpm
5d049cafa926f353f2d999af21511b5b corporate/3.0/x86_64/postgresql-tcl-7.4.1-2.7.C30mdk.x86_64.rpm
f495fdcccc678549b1984a20d6d29134 corporate/3.0/x86_64/postgresql-test-7.4.1-2.7.C30mdk.x86_64.rpm
a43af6d9f276cc26e1c35aca23ef2bbc corporate/3.0/SRPMS/postgresql-7.4.1-2.7.C30mdk.src.rpm
Corporate 4.0:
7377cc8a31eef5d5862075e95574c042 corporate/4.0/i586/libecpg5-8.1.5-0.1.20060mlcs4.i586.rpm
af17c7a5144cf9c234b785fe6cf341ee corporate/4.0/i586/libecpg5-devel-8.1.5-0.1.20060mlcs4.i586.rpm
6ccbc4dcd5546a264c4e7e8172f50ed9 corporate/4.0/i586/libpq4-8.1.5-0.1.20060mlcs4.i586.rpm
2a3d0e8816cce25df125b943c6862fbb corporate/4.0/i586/libpq4-devel-8.1.5-0.1.20060mlcs4.i586.rpm
a58c5c6ee6dc30d7be1193c73d5976c8 corporate/4.0/i586/postgresql-8.1.5-0.1.20060mlcs4.i586.rpm
d313f326da2c44bb6dd5db7aa9bba64a corporate/4.0/i586/postgresql-contrib-8.1.5-0.1.20060mlcs4.i586.rpm
7d902b81a6bbfaca675b09143553406c corporate/4.0/i586/postgresql-devel-8.1.5-0.1.20060mlcs4.i586.rpm
0c901f454fa377a319aafc3c5dec9675 corporate/4.0/i586/postgresql-docs-8.1.5-0.1.20060mlcs4.i586.rpm
2e593d9d3fa83c175eac3f12ad9e45a1 corporate/4.0/i586/postgresql-pl-8.1.5-0.1.20060mlcs4.i586.rpm
47d521dbd90198753aab1a70a11081ea corporate/4.0/i586/postgresql-plperl-8.1.5-0.1.20060mlcs4.i586.rpm
cfdf1d454446d5638e2bb0ab1c66522b corporate/4.0/i586/postgresql-plpgsql-8.1.5-0.1.20060mlcs4.i586.rpm
9c9d461b05bb5843668f950592805d59 corporate/4.0/i586/postgresql-plpython-8.1.5-0.1.20060mlcs4.i586.rpm
a3e7bffc4a5538ff1177a9cbf1a5ca6b corporate/4.0/i586/postgresql-pltcl-8.1.5-0.1.20060mlcs4.i586.rpm
f7e14aa31b44838a3fdec11ea353f2de corporate/4.0/i586/postgresql-server-8.1.5-0.1.20060mlcs4.i586.rpm
8a38fe370cc5003e3556d83b39ff8dc1 corporate/4.0/i586/postgresql-test-8.1.5-0.1.20060mlcs4.i586.rpm
ff0ac92c00839335e1514eb0c3ed52e4 corporate/4.0/SRPMS/postgresql-8.1.5-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
7f2c7a45cfda3307178149237df2f6bd corporate/4.0/x86_64/lib64ecpg5-8.1.5-0.1.20060mlcs4.x86_64.rpm
eda7da21931ef9d9b234e1b570bbe61c corporate/4.0/x86_64/lib64ecpg5-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm
ab765fe8f17e0fe3f13039755305d852 corporate/4.0/x86_64/lib64pq4-8.1.5-0.1.20060mlcs4.x86_64.rpm
0e78d974ee02cd74123508c7f85a6e08 corporate/4.0/x86_64/lib64pq4-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm
d779d763187c574e4eaaeb2e1e4137e2 corporate/4.0/x86_64/postgresql-8.1.5-0.1.20060mlcs4.x86_64.rpm
8ffb912e00dbde3a9554e18367b9aad4 corporate/4.0/x86_64/postgresql-contrib-8.1.5-0.1.20060mlcs4.x86_64.rpm
1510c836a5d1975322d2f57f6827f8ae corporate/4.0/x86_64/postgresql-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm
21fed3a03cff7118fd02a207e5a639a2 corporate/4.0/x86_64/postgresql-docs-8.1.5-0.1.20060mlcs4.x86_64.rpm
cf226c1042bc4dab1a53e81b2452ff0e corporate/4.0/x86_64/postgresql-pl-8.1.5-0.1.20060mlcs4.x86_64.rpm
a027caad15e8b0e4a41743774e686737 corporate/4.0/x86_64/postgresql-plperl-8.1.5-0.1.20060mlcs4.x86_64.rpm
b34462b8c3a671e602758f5ccdff1e02 corporate/4.0/x86_64/postgresql-plpgsql-8.1.5-0.1.20060mlcs4.x86_64.rpm
010df242aead3b2a30d1892508f3060f corporate/4.0/x86_64/postgresql-plpython-8.1.5-0.1.20060mlcs4.x86_64.rpm
f3f7ccfec77ba15d04a11b9bfa7662ae corporate/4.0/x86_64/postgresql-pltcl-8.1.5-0.1.20060mlcs4.x86_64.rpm
15602549144e5445384aec5ae8378083 corporate/4.0/x86_64/postgresql-server-8.1.5-0.1.20060mlcs4.x86_64.rpm
0937f8b274f06f7485671ab6fe29e914 corporate/4.0/x86_64/postgresql-test-8.1.5-0.1.20060mlcs4.x86_64.rpm
ff0ac92c00839335e1514eb0c3ed52e4 corporate/4.0/SRPMS/postgresql-8.1.5-0.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFRos7mqjQ0CJFipgRAiqMAJ9+dxlWXvh/9K3fp5sCIVlFCcOuOACePkNj
+YB22ZQxAXehK90Llcv6TEs=
=XPKB
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists