lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1RIPxF-0007Jt-02@titan.mandriva.com>
Date: Mon, 24 Oct 2011 21:13:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:161 ] postgresql

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:161
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : postgresql
 Date    : October 24, 2011
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in postgresql:
 
 contrib/pg_crypto&#039;s blowfish encryption code could give wrong results
 on platforms where char is signed (which is most), leading to encrypted
 passwords being weaker than they should be (CVE-2011-2483).
 
 Additionally corrected ossp-uuid packages as well as corrected support
 in postgresql 9.0.x are being provided for Mandriva Linux 2011.
 
 This update provides a solution to this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
 http://www.postgresql.org/docs/8.3/static/release-8-3-15.html
 http://www.postgresql.org/docs/8.3/static/release-8-3-16.html
 http://www.postgresql.org/docs/8.4/static/release-8-4-8.html
 http://www.postgresql.org/docs/8.4/static/release-8-4-9.html
 http://www.postgresql.org/docs/9.0/static/release-9-0-5.html
 http://www.postgresql.org/support/security
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 6ad49497750e5b80e804aa82e9eab97c  2010.1/i586/libecpg8.4_6-8.4.9-0.1mdv2010.2.i586.rpm
 08d09e6c12d81d1acadc0fc88d3ccf7c  2010.1/i586/libpq8.4_5-8.4.9-0.1mdv2010.2.i586.rpm
 66fdbfea66319e06651637314614b4e0  2010.1/i586/postgresql8.4-8.4.9-0.1mdv2010.2.i586.rpm
 3d985bb93b57ff99149269bd33396d50  2010.1/i586/postgresql8.4-contrib-8.4.9-0.1mdv2010.2.i586.rpm
 a2dbf648844152e72c4ad669ce2b332d  2010.1/i586/postgresql8.4-devel-8.4.9-0.1mdv2010.2.i586.rpm
 214a0de8e359ca33b726fab8105c56a4  2010.1/i586/postgresql8.4-docs-8.4.9-0.1mdv2010.2.i586.rpm
 3ecb6019615f630e8ad0ca3eaaaf1d1f  2010.1/i586/postgresql8.4-pl-8.4.9-0.1mdv2010.2.i586.rpm
 0fdbe008296608f94fdc9273f9c4b67e  2010.1/i586/postgresql8.4-plperl-8.4.9-0.1mdv2010.2.i586.rpm
 631b7a5e3279a999f263d131a11ac8c5  2010.1/i586/postgresql8.4-plpgsql-8.4.9-0.1mdv2010.2.i586.rpm
 35d0163259485dd28d8ec7daba41a55d  2010.1/i586/postgresql8.4-plpython-8.4.9-0.1mdv2010.2.i586.rpm
 5e1f0f2c87e32ca249fdbf04addb2730  2010.1/i586/postgresql8.4-pltcl-8.4.9-0.1mdv2010.2.i586.rpm
 b4671c7e9513b36b218054f02bca32e1  2010.1/i586/postgresql8.4-server-8.4.9-0.1mdv2010.2.i586.rpm 
 e36b9aea370f4ea290931fbd869cf6ba  2010.1/SRPMS/postgresql8.4-8.4.9-0.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 bd613061738f1e4b148a1d624873b4cd  2010.1/x86_64/lib64ecpg8.4_6-8.4.9-0.1mdv2010.2.x86_64.rpm
 2aca59f2cf01cdabf415597e2208b77f  2010.1/x86_64/lib64pq8.4_5-8.4.9-0.1mdv2010.2.x86_64.rpm
 0a3c853b35cb2f78ce213d58d3465bad  2010.1/x86_64/postgresql8.4-8.4.9-0.1mdv2010.2.x86_64.rpm
 54aec7056b8d65ca7c8cb75b6c9897b6  2010.1/x86_64/postgresql8.4-contrib-8.4.9-0.1mdv2010.2.x86_64.rpm
 b23e350067f4f61e3ae7dc3d7607d7be  2010.1/x86_64/postgresql8.4-devel-8.4.9-0.1mdv2010.2.x86_64.rpm
 6de72c3350ab4e0e81da997ca9b71fff  2010.1/x86_64/postgresql8.4-docs-8.4.9-0.1mdv2010.2.x86_64.rpm
 56710e2f33740317dac0d94539025e8c  2010.1/x86_64/postgresql8.4-pl-8.4.9-0.1mdv2010.2.x86_64.rpm
 d989b63b53a72f1ad8f767ce95ad1361  2010.1/x86_64/postgresql8.4-plperl-8.4.9-0.1mdv2010.2.x86_64.rpm
 f646795ef43957063cd9013c5c203082  2010.1/x86_64/postgresql8.4-plpgsql-8.4.9-0.1mdv2010.2.x86_64.rpm
 440c81835562deff1f19e8f654a3ccb4  2010.1/x86_64/postgresql8.4-plpython-8.4.9-0.1mdv2010.2.x86_64.rpm
 c92a47b8b176224ad73ec684872c0496  2010.1/x86_64/postgresql8.4-pltcl-8.4.9-0.1mdv2010.2.x86_64.rpm
 c9f6b92267657709ea389da9794714d7  2010.1/x86_64/postgresql8.4-server-8.4.9-0.1mdv2010.2.x86_64.rpm 
 e36b9aea370f4ea290931fbd869cf6ba  2010.1/SRPMS/postgresql8.4-8.4.9-0.1mdv2010.2.src.rpm

 Mandriva Linux 2011:
 8c9e4fdccd986663a222b38d078e9438  2011/i586/libecpg9.0_6-9.0.5-0.1-mdv2011.0.i586.rpm
 4732b43b1d220ebdbcb9235e3c7ef164  2011/i586/libossp-uuid++16-1.6.2-8.1-mdv2011.0.i586.rpm
 6eb0f7a6505e5f80eccc6259c12e6ccc  2011/i586/libossp-uuid16-1.6.2-8.1-mdv2011.0.i586.rpm
 b73f283d5dbcf211def9c182b90491d7  2011/i586/libossp-uuid_dce16-1.6.2-8.1-mdv2011.0.i586.rpm
 7d425f754975b8d99ae0262296d95955  2011/i586/libossp-uuid-devel-1.6.2-8.1-mdv2011.0.i586.rpm
 d11a60a5e372ba1cd4b2e89e1bf1b530  2011/i586/libpq9.0_5-9.0.5-0.1-mdv2011.0.i586.rpm
 4034835679a544e4e1bbc3638ba68c8e  2011/i586/ossp-uuid-1.6.2-8.1-mdv2011.0.i586.rpm
 09d4b532351c71a6fab9ed626b88b1e9  2011/i586/perl-OSSP-uuid-1.6.2-8.1-mdv2011.0.i586.rpm
 f562fe764feb4b8fa4669ab5fe5badeb  2011/i586/php-OSSP-uuid-1.6.2-8.1-mdv2011.0.i586.rpm
 affb7a08e31f88652c8736b327b2e896  2011/i586/postgresql9.0-9.0.5-0.1-mdv2011.0.i586.rpm
 7c9179398937b9b736f2a8bc1eaa9d45  2011/i586/postgresql9.0-contrib-9.0.5-0.1-mdv2011.0.i586.rpm
 1022893536c9c9f4bf3017f6ac774388  2011/i586/postgresql9.0-devel-9.0.5-0.1-mdv2011.0.i586.rpm
 40bd6639ec2ef40f323de7142f524e6e  2011/i586/postgresql9.0-docs-9.0.5-0.1-mdv2011.0.i586.rpm
 e93d2c029729b01fea75812cdd6f1617  2011/i586/postgresql9.0-pl-9.0.5-0.1-mdv2011.0.i586.rpm
 d8aa2b49c9e4526a35582e1494735a48  2011/i586/postgresql9.0-plperl-9.0.5-0.1-mdv2011.0.i586.rpm
 6ee50d0e461985e200767a7cc6f3b90a  2011/i586/postgresql9.0-plpgsql-9.0.5-0.1-mdv2011.0.i586.rpm
 88818f42ae3bd567af12a64b41cfda2c  2011/i586/postgresql9.0-plpython-9.0.5-0.1-mdv2011.0.i586.rpm
 a045777446dd3beb495748ee7b50f85a  2011/i586/postgresql9.0-pltcl-9.0.5-0.1-mdv2011.0.i586.rpm
 05144c91f8c7f4a6af12c6c8845c6216  2011/i586/postgresql9.0-server-9.0.5-0.1-mdv2011.0.i586.rpm
 db7f0521eb6e4a674def8654c39ed544  2011/i586/postgresql-OSSP-uuid-1.6.2-5.1-mdv2011.0.i586.rpm
 56b573310edc54120394bf151b8bf654  2011/i586/postgresql-OSSP-uuid-1.6.2-8.1-mdv2011.0.i586.rpm 
 332948be973bfa26d5e1a54082394ae8  2011/SRPMS/ossp-uuid-1.6.2-8.1.src.rpm
 269bb81b0c82c2193c802e57b2e32066  2011/SRPMS/postgresql9.0-9.0.5-0.1.src.rpm

 Mandriva Linux 2011/X86_64:
 e3351db3cc03bfbc5b86402452a1c5c6  2011/x86_64/lib64ecpg9.0_6-9.0.5-0.1-mdv2011.0.x86_64.rpm
 28faf6bddecb1401ca6f0ae3ca390c4e  2011/x86_64/lib64ossp-uuid++16-1.6.2-8.1-mdv2011.0.x86_64.rpm
 9d98dbd5efba1c23d7d1dc0683076a1d  2011/x86_64/lib64ossp-uuid16-1.6.2-8.1-mdv2011.0.x86_64.rpm
 b8d204efd9f37a1bdef8bb49a7d730b7  2011/x86_64/lib64ossp-uuid_dce16-1.6.2-8.1-mdv2011.0.x86_64.rpm
 27af2ea7faa2f3632c0454009a51f783  2011/x86_64/lib64ossp-uuid-devel-1.6.2-8.1-mdv2011.0.x86_64.rpm
 1b5af2a30aac53f2d2cae9a9901daaf9  2011/x86_64/lib64pq9.0_5-9.0.5-0.1-mdv2011.0.x86_64.rpm
 b7d48734ed5176eb4b9d9496e161ee41  2011/x86_64/ossp-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm
 1ac5de522646c67703bdaa712b0ec8b9  2011/x86_64/perl-OSSP-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm
 0d81de7becc15a6baca9f62607b196f3  2011/x86_64/php-OSSP-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm
 af3d5a5a7b42bf9f805a407563bcd57d  2011/x86_64/postgresql9.0-9.0.5-0.1-mdv2011.0.x86_64.rpm
 e00be67b93a181dad3f7648498e08f52  2011/x86_64/postgresql9.0-contrib-9.0.5-0.1-mdv2011.0.x86_64.rpm
 0f91b1e53750bcbe2b28b5a45f0949b7  2011/x86_64/postgresql9.0-devel-9.0.5-0.1-mdv2011.0.x86_64.rpm
 5e7b7b58c09d004d3f62ac3c63ee3519  2011/x86_64/postgresql9.0-docs-9.0.5-0.1-mdv2011.0.x86_64.rpm
 840077d3b88258aa07de31a7fe5117f7  2011/x86_64/postgresql9.0-pl-9.0.5-0.1-mdv2011.0.x86_64.rpm
 c6c16faff77878077e99a7690dd9bd9a  2011/x86_64/postgresql9.0-plperl-9.0.5-0.1-mdv2011.0.x86_64.rpm
 d74eebcd883d4a82a251dca65a76339f  2011/x86_64/postgresql9.0-plpgsql-9.0.5-0.1-mdv2011.0.x86_64.rpm
 04a2ba1fc72676ef03248fa6aaf5e965  2011/x86_64/postgresql9.0-plpython-9.0.5-0.1-mdv2011.0.x86_64.rpm
 17a1bb0f6961e312eb7ca66c18584c3f  2011/x86_64/postgresql9.0-pltcl-9.0.5-0.1-mdv2011.0.x86_64.rpm
 7ab85a1a8ee66442cd5b213be477f7a1  2011/x86_64/postgresql9.0-server-9.0.5-0.1-mdv2011.0.x86_64.rpm
 aaa307bda249a09d4da02d7b3b98dd24  2011/x86_64/postgresql-OSSP-uuid-1.6.2-5.1-mdv2011.0.x86_64.rpm
 11b6f9dc3595d152b37c1f49fa618634  2011/x86_64/postgresql-OSSP-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm 
 332948be973bfa26d5e1a54082394ae8  2011/SRPMS/ossp-uuid-1.6.2-8.1.src.rpm
 269bb81b0c82c2193c802e57b2e32066  2011/SRPMS/postgresql9.0-9.0.5-0.1.src.rpm

 Mandriva Enterprise Server 5:
 ce8f0d1d9ab515cb4a64a32a793f110c  mes5/i586/libecpg8.3_6-8.3.16-0.1mdvmes5.2.i586.rpm
 a898795abc544fd0676eba3e2729a4cb  mes5/i586/libpq8.3_5-8.3.16-0.1mdvmes5.2.i586.rpm
 e366d05130dc24feda61ddd84105dadb  mes5/i586/postgresql8.3-8.3.16-0.1mdvmes5.2.i586.rpm
 1759b159fb4b17ce51af94e5e214a5bb  mes5/i586/postgresql8.3-contrib-8.3.16-0.1mdvmes5.2.i586.rpm
 4052f4f111c5eec7a712170b0c1be169  mes5/i586/postgresql8.3-devel-8.3.16-0.1mdvmes5.2.i586.rpm
 d977cf1098bf9c970e0179e30c4e487c  mes5/i586/postgresql8.3-docs-8.3.16-0.1mdvmes5.2.i586.rpm
 245b66b478d044c08d066afb9f04388a  mes5/i586/postgresql8.3-pl-8.3.16-0.1mdvmes5.2.i586.rpm
 385b2128cea82fd736aff3b450f087d5  mes5/i586/postgresql8.3-plperl-8.3.16-0.1mdvmes5.2.i586.rpm
 8d8d4797c66c4849bcba33db497c8e7a  mes5/i586/postgresql8.3-plpgsql-8.3.16-0.1mdvmes5.2.i586.rpm
 2903c6b08c9e82f1447a94ad724955e2  mes5/i586/postgresql8.3-plpython-8.3.16-0.1mdvmes5.2.i586.rpm
 3c55656825609c1337fff2843d19907c  mes5/i586/postgresql8.3-pltcl-8.3.16-0.1mdvmes5.2.i586.rpm
 9537477a620c7f81342c7bb123939320  mes5/i586/postgresql8.3-server-8.3.16-0.1mdvmes5.2.i586.rpm 
 4d59b736bb0a8876ea27fb550ba5fa72  mes5/SRPMS/postgresql8.3-8.3.16-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 778733aee5b4c91fbd2f31b162aaab00  mes5/x86_64/lib64ecpg8.3_6-8.3.16-0.1mdvmes5.2.x86_64.rpm
 414fd0859d6637c99ecbe85d168f4c3d  mes5/x86_64/lib64pq8.3_5-8.3.16-0.1mdvmes5.2.x86_64.rpm
 d8b54b7ff437422a0823ec1cf1bdcbb7  mes5/x86_64/postgresql8.3-8.3.16-0.1mdvmes5.2.x86_64.rpm
 30d57cc0444d933b8de3f1a77d015a19  mes5/x86_64/postgresql8.3-contrib-8.3.16-0.1mdvmes5.2.x86_64.rpm
 d957bfd1364abf7b87b1d12a77213274  mes5/x86_64/postgresql8.3-devel-8.3.16-0.1mdvmes5.2.x86_64.rpm
 e04d80db207e6b7cd31d69cf06f5a117  mes5/x86_64/postgresql8.3-docs-8.3.16-0.1mdvmes5.2.x86_64.rpm
 1a5c7bbc1c236402469ceb2325ff8006  mes5/x86_64/postgresql8.3-pl-8.3.16-0.1mdvmes5.2.x86_64.rpm
 a4b4249760177eed26dbdf185ec5c75d  mes5/x86_64/postgresql8.3-plperl-8.3.16-0.1mdvmes5.2.x86_64.rpm
 e55e7aadcd9b498710979918f5f0aeb8  mes5/x86_64/postgresql8.3-plpgsql-8.3.16-0.1mdvmes5.2.x86_64.rpm
 d51d51412134eb2dfe4ec67d7da05176  mes5/x86_64/postgresql8.3-plpython-8.3.16-0.1mdvmes5.2.x86_64.rpm
 89df472fb88dc6c54f5f8108697191e4  mes5/x86_64/postgresql8.3-pltcl-8.3.16-0.1mdvmes5.2.x86_64.rpm
 b76c2785108d14496b50153c93be57bf  mes5/x86_64/postgresql8.3-server-8.3.16-0.1mdvmes5.2.x86_64.rpm 
 4d59b736bb0a8876ea27fb550ba5fa72  mes5/SRPMS/postgresql8.3-8.3.16-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOpYvXmqjQ0CJFipgRAq8+AKCwGOYsCwr705ZgSF60ZUCKkUOzLACbBCWq
Q5etHSuqmAVNBbDE4v0cAQU=
=ZCT4
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ