Login
Newsletter
Werbung
Sicherheit: Mangelnde Rechteprüfung in postgresql
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in postgresql
ID: MDVSA-2009:176
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Corporate 4.0
Datum: Mi, 30. September 2009, 20:33
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230
Applikationen: PostgreSQL

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1254335609-13155-2206


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:176
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : postgresql
 Date    : September 30, 2009
 Affected: Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before
 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22,
 and 7.4 before 7.4.26 does not use the appropriate privileges for
 the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations,
 which allows remote authenticated users to gain privileges.  NOTE:
 this is due to an incomplete fix for CVE-2007-6600 (CVE-2009-3230).
 
 This update provides a fix for this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230
 _______________________________________________________________________

 Updated Packages:

 Corporate 3.0:
 1929c054467e461c3345c16dee6c97f3 
 corporate/3.0/i586/libecpg3-7.4.26-0.1.C30mdk.i586.rpm
 8dd98dafb3dd31cd96e3d99506cac462 
 corporate/3.0/i586/libecpg3-devel-7.4.26-0.1.C30mdk.i586.rpm
 6bb0e11db96faa5a2080413fbc576282 
 corporate/3.0/i586/libpgtcl2-7.4.26-0.1.C30mdk.i586.rpm
 9d64c23e87f979fe15afddd32f8f442c 
 corporate/3.0/i586/libpgtcl2-devel-7.4.26-0.1.C30mdk.i586.rpm
 eec7e7ff106f78604f16775d8f9f48ae 
 corporate/3.0/i586/libpq3-7.4.26-0.1.C30mdk.i586.rpm
 65879d23793826965699df7304307127 
 corporate/3.0/i586/libpq3-devel-7.4.26-0.1.C30mdk.i586.rpm
 3dcd3e0dddbfe6c6f8af7008e415c3a8 
 corporate/3.0/i586/postgresql-7.4.26-0.1.C30mdk.i586.rpm
 fdcb8ab4f043a93651d3d9e08c5430d8 
 corporate/3.0/i586/postgresql-contrib-7.4.26-0.1.C30mdk.i586.rpm
 52aba19ff8c021210ed6b69e862958bc 
 corporate/3.0/i586/postgresql-devel-7.4.26-0.1.C30mdk.i586.rpm
 5ee5a574c6603b2bcf6d93ddb45a7eeb 
 corporate/3.0/i586/postgresql-docs-7.4.26-0.1.C30mdk.i586.rpm
 6ef9fa81860e576cbd02a0cec5f16ca7 
 corporate/3.0/i586/postgresql-jdbc-7.4.26-0.1.C30mdk.i586.rpm
 3d05ea5969170700c8cd2da172a23904 
 corporate/3.0/i586/postgresql-pl-7.4.26-0.1.C30mdk.i586.rpm
 fe5e1dc8ca21d99a0d9efea4e9ca70fe 
 corporate/3.0/i586/postgresql-server-7.4.26-0.1.C30mdk.i586.rpm
 48a983024a138fd28842584c42718b12 
 corporate/3.0/i586/postgresql-tcl-7.4.26-0.1.C30mdk.i586.rpm
 bff860c01b98053958c4481732e9280d 
 corporate/3.0/i586/postgresql-test-7.4.26-0.1.C30mdk.i586.rpm 
 04b3c70744a007bb24fe4895cef60d6c 
 corporate/3.0/SRPMS/postgresql-7.4.26-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 cabfabde318f3b426e1507cad427994c 
 corporate/3.0/x86_64/lib64ecpg3-7.4.26-0.1.C30mdk.x86_64.rpm
 4f6caf785709077e29ee430834771494 
 corporate/3.0/x86_64/lib64ecpg3-devel-7.4.26-0.1.C30mdk.x86_64.rpm
 c0422ce2cb71f6daadafece0343ea29e 
 corporate/3.0/x86_64/lib64pgtcl2-7.4.26-0.1.C30mdk.x86_64.rpm
 0dfb23cd2cb21ff9804f9c74c91611c7 
 corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.26-0.1.C30mdk.x86_64.rpm
 5fb30f95e34da096f111feb443a9bde0 
 corporate/3.0/x86_64/lib64pq3-7.4.26-0.1.C30mdk.x86_64.rpm
 58edfbaf8f3406e09181cd0b3559c019 
 corporate/3.0/x86_64/lib64pq3-devel-7.4.26-0.1.C30mdk.x86_64.rpm
 db5b5e2932907e7a2be177df6b320c16 
 corporate/3.0/x86_64/postgresql-7.4.26-0.1.C30mdk.x86_64.rpm
 8722f0fbdbcfcdec7f53ed0465b8f7a6 
 corporate/3.0/x86_64/postgresql-contrib-7.4.26-0.1.C30mdk.x86_64.rpm
 39a5d0d05521291dae3f4964e3ec1d91 
 corporate/3.0/x86_64/postgresql-devel-7.4.26-0.1.C30mdk.x86_64.rpm
 dea59ffea0dcc6d3e5718ce826d92490 
 corporate/3.0/x86_64/postgresql-docs-7.4.26-0.1.C30mdk.x86_64.rpm
 f053a335de9d2f950f0be7b5638e4e4b 
 corporate/3.0/x86_64/postgresql-jdbc-7.4.26-0.1.C30mdk.x86_64.rpm
 e49e8061402605afc8155e7738765c92 
 corporate/3.0/x86_64/postgresql-pl-7.4.26-0.1.C30mdk.x86_64.rpm
 46ade6bc397485c5191f8987c621a4b5 
 corporate/3.0/x86_64/postgresql-server-7.4.26-0.1.C30mdk.x86_64.rpm
 c9306c7dc29c35cd351abd44ed338ec8 
 corporate/3.0/x86_64/postgresql-tcl-7.4.26-0.1.C30mdk.x86_64.rpm
 14a59e129085aecd862e85b0d1d2afdc 
 corporate/3.0/x86_64/postgresql-test-7.4.26-0.1.C30mdk.x86_64.rpm 
 04b3c70744a007bb24fe4895cef60d6c 
 corporate/3.0/SRPMS/postgresql-7.4.26-0.1.C30mdk.src.rpm

 Corporate 4.0:
 dd5fd7f5d0d77bd4231ee1edddf2f488 
 corporate/4.0/i586/libecpg5-8.1.18-0.1.20060mlcs4.i586.rpm
 022fcfd3f26d3e33928591d0bf65ce75 
 corporate/4.0/i586/libecpg5-devel-8.1.18-0.1.20060mlcs4.i586.rpm
 ebd8e1c4d8e412889117ee9ee0555cf6 
 corporate/4.0/i586/libpq4-8.1.18-0.1.20060mlcs4.i586.rpm
 47335465d898f9082b05ba6795eb5c49 
 corporate/4.0/i586/libpq4-devel-8.1.18-0.1.20060mlcs4.i586.rpm
 f9509df0d178c0e317034a8aa331c4a2 
 corporate/4.0/i586/postgresql-8.1.18-0.1.20060mlcs4.i586.rpm
 163a0f1702a406a056a849802d07820a 
 corporate/4.0/i586/postgresql-contrib-8.1.18-0.1.20060mlcs4.i586.rpm
 067adf7c039e58d3ff0da9698f8b14b4 
 corporate/4.0/i586/postgresql-devel-8.1.18-0.1.20060mlcs4.i586.rpm
 64b9b78c9b579a7cbf077fc715001477 
 corporate/4.0/i586/postgresql-docs-8.1.18-0.1.20060mlcs4.i586.rpm
 00a0077db9bf3276b6e244578d1cef6e 
 corporate/4.0/i586/postgresql-pl-8.1.18-0.1.20060mlcs4.i586.rpm
 bce9456fa8f0270ae63655b73083c9b5 
 corporate/4.0/i586/postgresql-plperl-8.1.18-0.1.20060mlcs4.i586.rpm
 f00cd9bc86dacdd122e9f0427c4b53e5 
 corporate/4.0/i586/postgresql-plpgsql-8.1.18-0.1.20060mlcs4.i586.rpm
 a386ef451546d4fc862b8ae1f4dc300d 
 corporate/4.0/i586/postgresql-plpython-8.1.18-0.1.20060mlcs4.i586.rpm
 da74a334338d03adafc22bd94a14e495 
 corporate/4.0/i586/postgresql-pltcl-8.1.18-0.1.20060mlcs4.i586.rpm
 6b8e85641a0ac84ec352e72604889810 
 corporate/4.0/i586/postgresql-server-8.1.18-0.1.20060mlcs4.i586.rpm
 c49787bfe34528529342a0396b24d7de 
 corporate/4.0/i586/postgresql-test-8.1.18-0.1.20060mlcs4.i586.rpm 
 298101b846540072a6af791340de08dc 
 corporate/4.0/SRPMS/postgresql-8.1.18-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 6b3df04b45fd1b0d79a60cfbc89d1ee4 
 corporate/4.0/x86_64/lib64ecpg5-8.1.18-0.1.20060mlcs4.x86_64.rpm
 0d13a0d12391801c23d3bb45f54ed3a8 
 corporate/4.0/x86_64/lib64ecpg5-devel-8.1.18-0.1.20060mlcs4.x86_64.rpm
 508a98605e92ca64224162bab14fac25 
 corporate/4.0/x86_64/lib64pq4-8.1.18-0.1.20060mlcs4.x86_64.rpm
 c2ebdfbd5276cd1f0571f8779af0b2c3 
 corporate/4.0/x86_64/lib64pq4-devel-8.1.18-0.1.20060mlcs4.x86_64.rpm
 910360f74ac1cd62586c67731ec14c87 
 corporate/4.0/x86_64/postgresql-8.1.18-0.1.20060mlcs4.x86_64.rpm
 257fe2756d78719bec8fb22bc4edece5 
 corporate/4.0/x86_64/postgresql-contrib-8.1.18-0.1.20060mlcs4.x86_64.rpm
 5dd5dec707ec5860cd2a59d5f852ede0 
 corporate/4.0/x86_64/postgresql-devel-8.1.18-0.1.20060mlcs4.x86_64.rpm
 67661aaa75522f1aa6e43d92db9ec9d8 
 corporate/4.0/x86_64/postgresql-docs-8.1.18-0.1.20060mlcs4.x86_64.rpm
 58e3c1ef1a2616b246c285a484d49bd7 
 corporate/4.0/x86_64/postgresql-pl-8.1.18-0.1.20060mlcs4.x86_64.rpm
 e302ba48835b6a572e76e379bb00afbf 
 corporate/4.0/x86_64/postgresql-plperl-8.1.18-0.1.20060mlcs4.x86_64.rpm
 22ea68b363dfa14521426e28d35dbd19 
 corporate/4.0/x86_64/postgresql-plpgsql-8.1.18-0.1.20060mlcs4.x86_64.rpm
 1864462b86204d25f3eef191229c04f4 
 corporate/4.0/x86_64/postgresql-plpython-8.1.18-0.1.20060mlcs4.x86_64.rpm
 a6a4323bfc7bde8677e42ee70708d841 
 corporate/4.0/x86_64/postgresql-pltcl-8.1.18-0.1.20060mlcs4.x86_64.rpm
 9197be9651978469f54af90f27b71a5a 
 corporate/4.0/x86_64/postgresql-server-8.1.18-0.1.20060mlcs4.x86_64.rpm
 9a9613d72460a9faed47b9a4c5cf00ca 
 corporate/4.0/x86_64/postgresql-test-8.1.18-0.1.20060mlcs4.x86_64.rpm 
 298101b846540072a6af791340de08dc 
 corporate/4.0/SRPMS/postgresql-8.1.18-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKw3jtmqjQ0CJFipgRAh4hAKC1gY7JNurllieceTOo6FsKun2UOgCfSBEf
4zDvL897MXHFHtOy3s90+mI=
=PBCz
-----END PGP SIGNATURE-----


------------=_1254335609-13155-2206
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1254335609-13155-2206--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung