drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in PostgreSQL
Name: |
Mehrere Probleme in PostgreSQL |
|
ID: |
FEDORA-2013-4951 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 18 |
|
Datum: |
Sa, 6. April 2013, 11:21 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901 |
|
Applikationen: |
PostgreSQL |
|
Originalnachricht |
Name : postgresql Product : Fedora 18 Version : 9.2.4 Release : 1.fc18 URL : http://www.postgresql.org/ Summary : PostgreSQL client programs Description : PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package.
------------------------------------------------------------------------------- - Update Information:
- Update to PostgreSQL 9.2.4, for various fixes described at
http://www.postgresql.org/docs/9.2/static/release-9-2-4.html
including the fixes for CVE-2013-1899, CVE-2013-1900, CVE-2013-1901
- fix build for aarch64 and ppc64p7
------------------------------------------------------------------------------- - ChangeLog:
* Thu Apr 4 2013 Tom Lane <tgl@redhat.com> 9.2.4-1 - Update to PostgreSQL 9.2.4, for various fixes described at http://www.postgresql.org/docs/9.2/static/release-9-2-4.html including the fixes for CVE-2013-1899, CVE-2013-1900, CVE-2013-1901 Resolves: #929223, #929255, #929328 - fix build for aarch64 * Tue Mar 19 2013 Karsten Hopp <karsten@redhat.com> 9.2.3-2 - add ppc64p7 optimized arch support * Thu Feb 7 2013 Tom Lane <tgl@redhat.com> 9.2.3-1 - Update to PostgreSQL 9.2.3, for various fixes described at http://www.postgresql.org/docs/9.2/static/release-9-2-3.html including the fix for CVE-2013-0255 Resolves: #908722 - Make the package build with selinux option disabled Resolves: #894367 - Include old version of pg_controldata in postgresql-upgrade subpackage Related: #896161 * Thu Jan 3 2013 Tom Lane <tgl@redhat.com> 9.2.2-3 - Prevent creation of TCP socket during pg_upgrade regression test, so that concurrent RPM builds on the same machine won't fail Resolves: #891531 - Make sure $PGDATA/pg_log/ gets the right SELinux label in postgresql-setup Resolves: #891547 * Wed Dec 19 2012 Tom Lane <tgl@redhat.com> 9.2.2-2 - Make building of plpython3 dependent on Fedora version, per guidelines Resolves: #888419 * Thu Dec 6 2012 Tom Lane <tgl@redhat.com> 9.2.2-1 - Update to PostgreSQL 9.2.2, for various fixes described at http://www.postgresql.org/docs/9.2/static/release-9-2-2.html - Use new systemd install/uninstall trigger macros conditionally, so that package can still be installed on pre-F18 branches ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #929223 - CVE-2013-1899 postgresql: Insecure switch parsing https://bugzilla.redhat.com/show_bug.cgi?id=929223 [ 2 ] Bug #929255 - CVE-2013-1900 postgresql: Improper randomization of pgcrypto functions (requiring random seed) https://bugzilla.redhat.com/show_bug.cgi?id=929255 [ 3 ] Bug #929328 - CVE-2013-1901 postgresql: Improper user privilege check for on-line backups https://bugzilla.redhat.com/show_bug.cgi?id=929328 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update postgresql' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|