Sicherheit: Fehlerhafte Behandlung symbolischer Links in postgresql

Lesezeichen hinzufügen

===========================================================
Ubuntu Security Notice USN-6-1 October 27, 2004
postgresql contributed script vulnerability
CAN-2004-0977
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

postgresql-contrib

The problem can be corrected by upgrading the affected package to
version 7.4.5-3ubuntu0.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Recently, Trustix Secure Linux discovered a vulnerability in the
postgresql-contrib package. The script "make_oidjoins_check" created
temporary files in an insecure way, which allowed a symlink attack to
create or overwrite arbitrary files with the privileges of the user
invoking the script.

Source archives:

postgresql_7.4.5-3ubuntu0.1.diff.gz
Size/MD5: 143783 c495929ea0fc6a9ac76a4a318fae9b38
postgresql_7.4.5-3ubuntu0.1.dsc
Size/MD5: 991 57b900c5dd1cb46018a1d1b8a1703843
postgresql_7.4.5.orig.tar.gz
Size/MD5: 9895913 a295885a36ed8e7ec7a7e887218ceabc

Architecture independent packages:

postgresql-doc_7.4.5-3ubuntu0.1_all.deb
Size/MD5: 2256072 bc27bf88bbeb8e48a244ff07889690fb

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

libecpg-dev_7.4.5-3ubuntu0.1_amd64.deb
Size/MD5: 206430 0bf48a64b875a7f62d199fcbcfd15868
libecpg4_7.4.5-3ubuntu0.1_amd64.deb
Size/MD5: 90780 bb0bf3a95db87d24bc09b70b166c1686
libpgtcl-dev_7.4.5-3ubuntu0.1_amd64.deb
Size/MD5: 48450 a2bbc09533df18d88a4a8984b02b844b
libpgtcl_7.4.5-3ubuntu0.1_amd64.deb
Size/MD5: 73368 e995a24d0d7fb38151ef77ed06630ea5
libpq3_7.4.5-3ubuntu0.1_amd64.deb
Size/MD5: 115188 7106129242b6c1eea15cef9b3e149965
postgresql-client_7.4.5-3ubuntu0.1_amd64.deb
Size/MD5: 517770 eb0014fccd13a6668056f5620f7c1db3
postgresql-contrib_7.4.5-3ubuntu0.1_amd64.deb
Size/MD5: 623944 ca57aab9997fa1f619d8b257be29634d
postgresql-dev_7.4.5-3ubuntu0.1_amd64.deb
Size/MD5: 508962 a61e04bfb35a42ca7faf48b602517645
postgresql_7.4.5-3ubuntu0.1_amd64.deb
Size/MD5: 3878578 20d8925f55cf68d04e87cf6f05625a74

i386 architecture (x86 compatible Intel/AMD)

libecpg-dev_7.4.5-3ubuntu0.1_i386.deb
Size/MD5: 194420 dc645be2413d04699dd0dc37bacdca19
libecpg4_7.4.5-3ubuntu0.1_i386.deb
Size/MD5: 85264 bebcf0c0ab005c6dd3ff9ca46282244d
libpgtcl-dev_7.4.5-3ubuntu0.1_i386.deb
Size/MD5: 47448 2e334a19e706b343f0186b0afee4c954
libpgtcl_7.4.5-3ubuntu0.1_i386.deb
Size/MD5: 70206 d38801e50bfc8bdf4402c64ee241e762
libpq3_7.4.5-3ubuntu0.1_i386.deb
Size/MD5: 108438 ce23e38441996361d7573c8e7a652b2f
postgresql-client_7.4.5-3ubuntu0.1_i386.deb
Size/MD5: 491670 0a54412df188ed54f5f4331ab235b71e
postgresql-contrib_7.4.5-3ubuntu0.1_i386.deb
Size/MD5: 577362 96f5bc3c30a3efddf741c83aa2b56643
postgresql-dev_7.4.5-3ubuntu0.1_i386.deb
Size/MD5: 502156 6cc53cd4c38641cde7c017e218761553
postgresql_7.4.5-3ubuntu0.1_i386.deb
Size/MD5: 3702896 d632bf282f90496751e68c6348325e54

powerpc architecture (Apple Macintosh G3/G4/G5)

libecpg-dev_7.4.5-3ubuntu0.1_powerpc.deb
Size/MD5: 202658 c8a016eb2704ea7b1538701dbd52c0ce
libecpg4_7.4.5-3ubuntu0.1_powerpc.deb
Size/MD5: 92310 dd784727ab126f7141de8f0678c055d3
libpgtcl-dev_7.4.5-3ubuntu0.1_powerpc.deb
Size/MD5: 48196 35fed4247f755990b7fd196b13ade911
libpgtcl_7.4.5-3ubuntu0.1_powerpc.deb
Size/MD5: 76860 095cd9b8116a8506e50239e49ae3c3ea
libpq3_7.4.5-3ubuntu0.1_powerpc.deb
Size/MD5: 109532 c03e2eb196b0d164aac2b33a8ae2338a
postgresql-client_7.4.5-3ubuntu0.1_powerpc.deb
Size/MD5: 510522 6f2f1f862b0b20d41ea826cacdb0ba02
postgresql-contrib_7.4.5-3ubuntu0.1_powerpc.deb
Size/MD5: 636080 9ddc79b08843dd4187492d57ff47485a
postgresql-dev_7.4.5-3ubuntu0.1_powerpc.deb
Size/MD5: 505654 b1f0f3b894104bfd6f467c046fa7c64e
postgresql_7.4.5-3ubuntu0.1_powerpc.deb
Size/MD5: 4102462 b1530136e964f8c547419d4bb80a5399