[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1RIPxF-0007Jt-02@titan.mandriva.com>
Date: Mon, 24 Oct 2011 21:13:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:161 ] postgresql
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:161
http://www.mandriva.com/security/
_______________________________________________________________________
Package : postgresql
Date : October 24, 2011
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in postgresql:
contrib/pg_crypto's blowfish encryption code could give wrong results
on platforms where char is signed (which is most), leading to encrypted
passwords being weaker than they should be (CVE-2011-2483).
Additionally corrected ossp-uuid packages as well as corrected support
in postgresql 9.0.x are being provided for Mandriva Linux 2011.
This update provides a solution to this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
http://www.postgresql.org/docs/8.3/static/release-8-3-15.html
http://www.postgresql.org/docs/8.3/static/release-8-3-16.html
http://www.postgresql.org/docs/8.4/static/release-8-4-8.html
http://www.postgresql.org/docs/8.4/static/release-8-4-9.html
http://www.postgresql.org/docs/9.0/static/release-9-0-5.html
http://www.postgresql.org/support/security
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
6ad49497750e5b80e804aa82e9eab97c 2010.1/i586/libecpg8.4_6-8.4.9-0.1mdv2010.2.i586.rpm
08d09e6c12d81d1acadc0fc88d3ccf7c 2010.1/i586/libpq8.4_5-8.4.9-0.1mdv2010.2.i586.rpm
66fdbfea66319e06651637314614b4e0 2010.1/i586/postgresql8.4-8.4.9-0.1mdv2010.2.i586.rpm
3d985bb93b57ff99149269bd33396d50 2010.1/i586/postgresql8.4-contrib-8.4.9-0.1mdv2010.2.i586.rpm
a2dbf648844152e72c4ad669ce2b332d 2010.1/i586/postgresql8.4-devel-8.4.9-0.1mdv2010.2.i586.rpm
214a0de8e359ca33b726fab8105c56a4 2010.1/i586/postgresql8.4-docs-8.4.9-0.1mdv2010.2.i586.rpm
3ecb6019615f630e8ad0ca3eaaaf1d1f 2010.1/i586/postgresql8.4-pl-8.4.9-0.1mdv2010.2.i586.rpm
0fdbe008296608f94fdc9273f9c4b67e 2010.1/i586/postgresql8.4-plperl-8.4.9-0.1mdv2010.2.i586.rpm
631b7a5e3279a999f263d131a11ac8c5 2010.1/i586/postgresql8.4-plpgsql-8.4.9-0.1mdv2010.2.i586.rpm
35d0163259485dd28d8ec7daba41a55d 2010.1/i586/postgresql8.4-plpython-8.4.9-0.1mdv2010.2.i586.rpm
5e1f0f2c87e32ca249fdbf04addb2730 2010.1/i586/postgresql8.4-pltcl-8.4.9-0.1mdv2010.2.i586.rpm
b4671c7e9513b36b218054f02bca32e1 2010.1/i586/postgresql8.4-server-8.4.9-0.1mdv2010.2.i586.rpm
e36b9aea370f4ea290931fbd869cf6ba 2010.1/SRPMS/postgresql8.4-8.4.9-0.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
bd613061738f1e4b148a1d624873b4cd 2010.1/x86_64/lib64ecpg8.4_6-8.4.9-0.1mdv2010.2.x86_64.rpm
2aca59f2cf01cdabf415597e2208b77f 2010.1/x86_64/lib64pq8.4_5-8.4.9-0.1mdv2010.2.x86_64.rpm
0a3c853b35cb2f78ce213d58d3465bad 2010.1/x86_64/postgresql8.4-8.4.9-0.1mdv2010.2.x86_64.rpm
54aec7056b8d65ca7c8cb75b6c9897b6 2010.1/x86_64/postgresql8.4-contrib-8.4.9-0.1mdv2010.2.x86_64.rpm
b23e350067f4f61e3ae7dc3d7607d7be 2010.1/x86_64/postgresql8.4-devel-8.4.9-0.1mdv2010.2.x86_64.rpm
6de72c3350ab4e0e81da997ca9b71fff 2010.1/x86_64/postgresql8.4-docs-8.4.9-0.1mdv2010.2.x86_64.rpm
56710e2f33740317dac0d94539025e8c 2010.1/x86_64/postgresql8.4-pl-8.4.9-0.1mdv2010.2.x86_64.rpm
d989b63b53a72f1ad8f767ce95ad1361 2010.1/x86_64/postgresql8.4-plperl-8.4.9-0.1mdv2010.2.x86_64.rpm
f646795ef43957063cd9013c5c203082 2010.1/x86_64/postgresql8.4-plpgsql-8.4.9-0.1mdv2010.2.x86_64.rpm
440c81835562deff1f19e8f654a3ccb4 2010.1/x86_64/postgresql8.4-plpython-8.4.9-0.1mdv2010.2.x86_64.rpm
c92a47b8b176224ad73ec684872c0496 2010.1/x86_64/postgresql8.4-pltcl-8.4.9-0.1mdv2010.2.x86_64.rpm
c9f6b92267657709ea389da9794714d7 2010.1/x86_64/postgresql8.4-server-8.4.9-0.1mdv2010.2.x86_64.rpm
e36b9aea370f4ea290931fbd869cf6ba 2010.1/SRPMS/postgresql8.4-8.4.9-0.1mdv2010.2.src.rpm
Mandriva Linux 2011:
8c9e4fdccd986663a222b38d078e9438 2011/i586/libecpg9.0_6-9.0.5-0.1-mdv2011.0.i586.rpm
4732b43b1d220ebdbcb9235e3c7ef164 2011/i586/libossp-uuid++16-1.6.2-8.1-mdv2011.0.i586.rpm
6eb0f7a6505e5f80eccc6259c12e6ccc 2011/i586/libossp-uuid16-1.6.2-8.1-mdv2011.0.i586.rpm
b73f283d5dbcf211def9c182b90491d7 2011/i586/libossp-uuid_dce16-1.6.2-8.1-mdv2011.0.i586.rpm
7d425f754975b8d99ae0262296d95955 2011/i586/libossp-uuid-devel-1.6.2-8.1-mdv2011.0.i586.rpm
d11a60a5e372ba1cd4b2e89e1bf1b530 2011/i586/libpq9.0_5-9.0.5-0.1-mdv2011.0.i586.rpm
4034835679a544e4e1bbc3638ba68c8e 2011/i586/ossp-uuid-1.6.2-8.1-mdv2011.0.i586.rpm
09d4b532351c71a6fab9ed626b88b1e9 2011/i586/perl-OSSP-uuid-1.6.2-8.1-mdv2011.0.i586.rpm
f562fe764feb4b8fa4669ab5fe5badeb 2011/i586/php-OSSP-uuid-1.6.2-8.1-mdv2011.0.i586.rpm
affb7a08e31f88652c8736b327b2e896 2011/i586/postgresql9.0-9.0.5-0.1-mdv2011.0.i586.rpm
7c9179398937b9b736f2a8bc1eaa9d45 2011/i586/postgresql9.0-contrib-9.0.5-0.1-mdv2011.0.i586.rpm
1022893536c9c9f4bf3017f6ac774388 2011/i586/postgresql9.0-devel-9.0.5-0.1-mdv2011.0.i586.rpm
40bd6639ec2ef40f323de7142f524e6e 2011/i586/postgresql9.0-docs-9.0.5-0.1-mdv2011.0.i586.rpm
e93d2c029729b01fea75812cdd6f1617 2011/i586/postgresql9.0-pl-9.0.5-0.1-mdv2011.0.i586.rpm
d8aa2b49c9e4526a35582e1494735a48 2011/i586/postgresql9.0-plperl-9.0.5-0.1-mdv2011.0.i586.rpm
6ee50d0e461985e200767a7cc6f3b90a 2011/i586/postgresql9.0-plpgsql-9.0.5-0.1-mdv2011.0.i586.rpm
88818f42ae3bd567af12a64b41cfda2c 2011/i586/postgresql9.0-plpython-9.0.5-0.1-mdv2011.0.i586.rpm
a045777446dd3beb495748ee7b50f85a 2011/i586/postgresql9.0-pltcl-9.0.5-0.1-mdv2011.0.i586.rpm
05144c91f8c7f4a6af12c6c8845c6216 2011/i586/postgresql9.0-server-9.0.5-0.1-mdv2011.0.i586.rpm
db7f0521eb6e4a674def8654c39ed544 2011/i586/postgresql-OSSP-uuid-1.6.2-5.1-mdv2011.0.i586.rpm
56b573310edc54120394bf151b8bf654 2011/i586/postgresql-OSSP-uuid-1.6.2-8.1-mdv2011.0.i586.rpm
332948be973bfa26d5e1a54082394ae8 2011/SRPMS/ossp-uuid-1.6.2-8.1.src.rpm
269bb81b0c82c2193c802e57b2e32066 2011/SRPMS/postgresql9.0-9.0.5-0.1.src.rpm
Mandriva Linux 2011/X86_64:
e3351db3cc03bfbc5b86402452a1c5c6 2011/x86_64/lib64ecpg9.0_6-9.0.5-0.1-mdv2011.0.x86_64.rpm
28faf6bddecb1401ca6f0ae3ca390c4e 2011/x86_64/lib64ossp-uuid++16-1.6.2-8.1-mdv2011.0.x86_64.rpm
9d98dbd5efba1c23d7d1dc0683076a1d 2011/x86_64/lib64ossp-uuid16-1.6.2-8.1-mdv2011.0.x86_64.rpm
b8d204efd9f37a1bdef8bb49a7d730b7 2011/x86_64/lib64ossp-uuid_dce16-1.6.2-8.1-mdv2011.0.x86_64.rpm
27af2ea7faa2f3632c0454009a51f783 2011/x86_64/lib64ossp-uuid-devel-1.6.2-8.1-mdv2011.0.x86_64.rpm
1b5af2a30aac53f2d2cae9a9901daaf9 2011/x86_64/lib64pq9.0_5-9.0.5-0.1-mdv2011.0.x86_64.rpm
b7d48734ed5176eb4b9d9496e161ee41 2011/x86_64/ossp-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm
1ac5de522646c67703bdaa712b0ec8b9 2011/x86_64/perl-OSSP-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm
0d81de7becc15a6baca9f62607b196f3 2011/x86_64/php-OSSP-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm
af3d5a5a7b42bf9f805a407563bcd57d 2011/x86_64/postgresql9.0-9.0.5-0.1-mdv2011.0.x86_64.rpm
e00be67b93a181dad3f7648498e08f52 2011/x86_64/postgresql9.0-contrib-9.0.5-0.1-mdv2011.0.x86_64.rpm
0f91b1e53750bcbe2b28b5a45f0949b7 2011/x86_64/postgresql9.0-devel-9.0.5-0.1-mdv2011.0.x86_64.rpm
5e7b7b58c09d004d3f62ac3c63ee3519 2011/x86_64/postgresql9.0-docs-9.0.5-0.1-mdv2011.0.x86_64.rpm
840077d3b88258aa07de31a7fe5117f7 2011/x86_64/postgresql9.0-pl-9.0.5-0.1-mdv2011.0.x86_64.rpm
c6c16faff77878077e99a7690dd9bd9a 2011/x86_64/postgresql9.0-plperl-9.0.5-0.1-mdv2011.0.x86_64.rpm
d74eebcd883d4a82a251dca65a76339f 2011/x86_64/postgresql9.0-plpgsql-9.0.5-0.1-mdv2011.0.x86_64.rpm
04a2ba1fc72676ef03248fa6aaf5e965 2011/x86_64/postgresql9.0-plpython-9.0.5-0.1-mdv2011.0.x86_64.rpm
17a1bb0f6961e312eb7ca66c18584c3f 2011/x86_64/postgresql9.0-pltcl-9.0.5-0.1-mdv2011.0.x86_64.rpm
7ab85a1a8ee66442cd5b213be477f7a1 2011/x86_64/postgresql9.0-server-9.0.5-0.1-mdv2011.0.x86_64.rpm
aaa307bda249a09d4da02d7b3b98dd24 2011/x86_64/postgresql-OSSP-uuid-1.6.2-5.1-mdv2011.0.x86_64.rpm
11b6f9dc3595d152b37c1f49fa618634 2011/x86_64/postgresql-OSSP-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm
332948be973bfa26d5e1a54082394ae8 2011/SRPMS/ossp-uuid-1.6.2-8.1.src.rpm
269bb81b0c82c2193c802e57b2e32066 2011/SRPMS/postgresql9.0-9.0.5-0.1.src.rpm
Mandriva Enterprise Server 5:
ce8f0d1d9ab515cb4a64a32a793f110c mes5/i586/libecpg8.3_6-8.3.16-0.1mdvmes5.2.i586.rpm
a898795abc544fd0676eba3e2729a4cb mes5/i586/libpq8.3_5-8.3.16-0.1mdvmes5.2.i586.rpm
e366d05130dc24feda61ddd84105dadb mes5/i586/postgresql8.3-8.3.16-0.1mdvmes5.2.i586.rpm
1759b159fb4b17ce51af94e5e214a5bb mes5/i586/postgresql8.3-contrib-8.3.16-0.1mdvmes5.2.i586.rpm
4052f4f111c5eec7a712170b0c1be169 mes5/i586/postgresql8.3-devel-8.3.16-0.1mdvmes5.2.i586.rpm
d977cf1098bf9c970e0179e30c4e487c mes5/i586/postgresql8.3-docs-8.3.16-0.1mdvmes5.2.i586.rpm
245b66b478d044c08d066afb9f04388a mes5/i586/postgresql8.3-pl-8.3.16-0.1mdvmes5.2.i586.rpm
385b2128cea82fd736aff3b450f087d5 mes5/i586/postgresql8.3-plperl-8.3.16-0.1mdvmes5.2.i586.rpm
8d8d4797c66c4849bcba33db497c8e7a mes5/i586/postgresql8.3-plpgsql-8.3.16-0.1mdvmes5.2.i586.rpm
2903c6b08c9e82f1447a94ad724955e2 mes5/i586/postgresql8.3-plpython-8.3.16-0.1mdvmes5.2.i586.rpm
3c55656825609c1337fff2843d19907c mes5/i586/postgresql8.3-pltcl-8.3.16-0.1mdvmes5.2.i586.rpm
9537477a620c7f81342c7bb123939320 mes5/i586/postgresql8.3-server-8.3.16-0.1mdvmes5.2.i586.rpm
4d59b736bb0a8876ea27fb550ba5fa72 mes5/SRPMS/postgresql8.3-8.3.16-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
778733aee5b4c91fbd2f31b162aaab00 mes5/x86_64/lib64ecpg8.3_6-8.3.16-0.1mdvmes5.2.x86_64.rpm
414fd0859d6637c99ecbe85d168f4c3d mes5/x86_64/lib64pq8.3_5-8.3.16-0.1mdvmes5.2.x86_64.rpm
d8b54b7ff437422a0823ec1cf1bdcbb7 mes5/x86_64/postgresql8.3-8.3.16-0.1mdvmes5.2.x86_64.rpm
30d57cc0444d933b8de3f1a77d015a19 mes5/x86_64/postgresql8.3-contrib-8.3.16-0.1mdvmes5.2.x86_64.rpm
d957bfd1364abf7b87b1d12a77213274 mes5/x86_64/postgresql8.3-devel-8.3.16-0.1mdvmes5.2.x86_64.rpm
e04d80db207e6b7cd31d69cf06f5a117 mes5/x86_64/postgresql8.3-docs-8.3.16-0.1mdvmes5.2.x86_64.rpm
1a5c7bbc1c236402469ceb2325ff8006 mes5/x86_64/postgresql8.3-pl-8.3.16-0.1mdvmes5.2.x86_64.rpm
a4b4249760177eed26dbdf185ec5c75d mes5/x86_64/postgresql8.3-plperl-8.3.16-0.1mdvmes5.2.x86_64.rpm
e55e7aadcd9b498710979918f5f0aeb8 mes5/x86_64/postgresql8.3-plpgsql-8.3.16-0.1mdvmes5.2.x86_64.rpm
d51d51412134eb2dfe4ec67d7da05176 mes5/x86_64/postgresql8.3-plpython-8.3.16-0.1mdvmes5.2.x86_64.rpm
89df472fb88dc6c54f5f8108697191e4 mes5/x86_64/postgresql8.3-pltcl-8.3.16-0.1mdvmes5.2.x86_64.rpm
b76c2785108d14496b50153c93be57bf mes5/x86_64/postgresql8.3-server-8.3.16-0.1mdvmes5.2.x86_64.rpm
4d59b736bb0a8876ea27fb550ba5fa72 mes5/SRPMS/postgresql8.3-8.3.16-0.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFOpYvXmqjQ0CJFipgRAq8+AKCwGOYsCwr705ZgSF60ZUCKkUOzLACbBCWq
Q5etHSuqmAVNBbDE4v0cAQU=
=ZCT4
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists