| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1286476420.12531.0.camel@mdlinux>
Date: Thu, 07 Oct 2010 14:33:40 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-1002-2] PostgreSQL vulnerability
===========================================================
Ubuntu Security Notice USN-1002-2 October 07, 2010
postgresql-8.4 vulnerability
CVE-2010-3433
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.10:
postgresql-plperl-8.4 8.4.5-0ubuntu10.10
postgresql-pltcl-8.4 8.4.5-0ubuntu10.10
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
Details follow:
USN-1002-1 fixed vulnerabilities in PostgreSQL. This update provides the
corresponding update for Ubuntu 10.10.
Original advisory details:
It was discovered that PostgreSQL did not properly enforce permissions
within sessions when PL/Perl and PL/Tcl functions or operators were
redefined. A remote authenticated attacker could exploit this to execute
arbitrary code with permissions of a different user, possibly leading to
privilege escalation.
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10.diff.gz
Size/MD5: 39535 23f8b3a352178737bb56ead8312c86ce
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10.dsc
Size/MD5: 2618 ed2b36e5dae9278e12d57c3d5c12d41c
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5.orig.tar.gz
Size/MD5: 17590296 8ddea33493bf5cf6f5ea62212bb079df
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-client_8.4.5-0ubuntu10.10_all.deb
Size/MD5: 18046 1c384292787a8d1a5dd42f17e2a7efc8
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-contrib_8.4.5-0ubuntu10.10_all.deb
Size/MD5: 17944 bd565d773cf1f570cfe8f90bbebac5dc
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-doc-8.4_8.4.5-0ubuntu10.10_all.deb
Size/MD5: 2118952 1c0163b0b9458c91cee4f8f0f9a4cfe4
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-doc_8.4.5-0ubuntu10.10_all.deb
Size/MD5: 3450 26111ec43a687d13ce3fa44f9664fe6a
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql_8.4.5-0ubuntu10.10_all.deb
Size/MD5: 18084 848a9af8970f015693af8ae73fe0a2cb
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 11340 130564cc4628ceafc3921713ab2e4dcc
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-dev_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 240990 e3f6824a873520f17e230a62ad05ac80
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg6_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 33164 308b7aaa612e6c680f5583590e62986e
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpgtypes3_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 49340 f24763b931ba512742dd6d03f86d62c5
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq-dev_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 201420 36249bf7794d77cfb7c05ff4901c0317
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq5_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 88556 20c083d536a138cc44bfa460b93d1eb3
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 4030288 6384be605d8d3597b9d34be34fafaa03
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 822908 055d780c681d443e7d31a0b36d7d5ed8
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 406728 3230bf51c73075032ac03f65770ad976
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 630842 fb7866cb18076664c304d81e0b8cb021
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 46686 f8834eb50b0298b2e09f44ce3dde5946
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 39898 53066a883e73930773d282bf302e9fdb
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 37482 73ed6ddaf822a4fb9a5d4ad990e9adbb
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 10310 7c4f24a65407a0b9ff04e7d8b47b994a
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-dev_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 226046 419eb5e75f5d6c7864fd0c0bef7d1afd
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg6_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 32056 1319f823acea5395a7d85887486def9d
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpgtypes3_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 48064 2e7044fcb4a110609eb22abaed4e72c8
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq-dev_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 193026 80f3d8d52adb51ac873755fa28dd5bca
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq5_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 83006 2fe4cf19bf4fab85621b09f397bf99a1
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 3883064 f1e96cb6c5338ef0c0d3ed565d02fba4
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 776358 f2b56866bd98a688fa76504e4b36647b
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 363476 21f6d13a2d2b7f7b8a2d9a1e53130684
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 633542 351ba2390d1ba28b8ff623cdf3839fd9
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 45058 192433c49f49f994149c7b6e5624348b
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 37484 e0af027de047269a78024c65d45396ef
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 36514 ed256af80099b8bd118dab3299ce0549
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 10728 2038e12c84261eb4d5b4334e9b341163
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg-dev_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 241180 b55e26e2973cf5d7b359c382f3399dd7
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg6_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 34290 0572b2444e501ec930a167a86722450b
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpgtypes3_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 51950 5ac477b5e3b958cbcd7402e6a5bcd9a6
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpq-dev_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 199520 413218cd3db4eac23f69b3aa1ffb2dc3
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpq5_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 86118 99303c47040f76c0a759877668c3e41d
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 4332980 ff598d1c98e57ae87d0a825869ea84af
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 823870 c4dd1c0be504e1204d0bea21cd85d01b
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 390012 b678b43d6814d4aa625f6d9b6c232d30
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 632088 d518262b6c78c1de5be3a21629b28456
http://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 45952 583c39e67e37c14a937e2a08655a96ae
http://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 39004 b70e2b185875c7cdcb14e3a361589c0e
http://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 37188 66e750905a43b134ed13e79106412e52
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists