Login

Noch kein Login?
Daten vergessen?

 
Newsletter
Werbung
Sicherheit: Mehrere Probleme in postgresql
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in postgresql
ID: TLSA-2008-6
Distribution: TurboLinux
Plattformen: Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition
Datum: Di, 29. Januar 2008, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2008-6
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 28 Jan 2007
 Last revised: 28 Jan 2007

 Package: postgresql

 Summary: Three vulnerabilities discovered in postgresql

 More information:
    PostgreSQL is an advanced Object-Relational database management system
    (DBMS) that supports almost all SQL constructs.

   PostgreSQL 8.1 and probably later versions, when local trust authentication
   is enabled and the Database Link library (dblink) is installed, allows
 remote
   attackers to access arbitrary accounts and execute arbitrary SQL queries via
   a dblink host parameter that proxies the connection from 127.0.0.1.
 (CVE-2007-3278)

   PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4
 before 7.4.19,
   and 7.3 before 7.3.21 uses superuser privileges instead of table owner
 privileges for
   (1) VACUUM and (2) ANALYZE operations within index functions, and supports
 (3)
   SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, 
   which allows remote authenticated users to gain privileges. (CVE-2007-6600)

   The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0
 before 8.0.15,
   7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident
 authentication is used,
   allows remote attackers to gain privileges via unspecified vectors.
   NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
 (CVE-2007-6601)

 Affected Products:
    - Turbolinux 11 Server x64 Edition
    - Turbolinux 11 Server
    - Turbolinux Appliance Server 2.0
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Multimedia
    - Turbolinux Personal


 <Turbolinux 11 Server x64 Edition>
 
   postgresql-8.2.6-2.src.rpm
     18813210 99d5bb7665958902f39aae8ef0291839
   postgresql-libs-32bit-8.2.6-2.src.rpm
       418242 c773917089cb3a4cf3e034ac32b1b2f8

   Binary Packages
   Size: MD5

   postgresql-8.2.6-2.x86_64.rpm
      3800625 b607990bb5772127b9bf545b7059665c
   postgresql-contrib-8.2.6-2.x86_64.rpm
      1446831 a69f357b63712f1ce161afd4c22b0d3e
   postgresql-devel-8.2.6-2.x86_64.rpm
      1418624 a3573922707acec53dc100de98bafe90
   postgresql-libs-32bit-8.2.6-2.x86_64.rpm
       117899 0759c90407ff258885e1a9434522ed69
   postgresql-libs-8.2.6-2.x86_64.rpm
       448135 41052ba614276dac7f8cf8d1b5e90dcf
   postgresql-plperl-8.2.6-2.x86_64.rpm
       746537 744b50509073df12fc60aad7e16cfa54
   postgresql-plpython-8.2.6-2.x86_64.rpm
        82488 e1d57685475c7c76223b9569223cd419
   postgresql-python-8.2.6-2.x86_64.rpm
       105695 c07b6df9034ab4d3d5ed8519a897df50
   postgresql-server-8.2.6-2.x86_64.rpm
      7872829 b8549b3fc8e899dc047f90030d662351
   postgresql-test-8.2.6-2.x86_64.rpm
      1255561 fde1a1a5648a2f38346866a5725c64c4

 <Turbolinux 11 Server>
 
   postgresql-8.2.6-2.src.rpm
     18813210 f94b54526f761aa3c1e12e73036c40b3

   Binary Packages
   Size: MD5

   postgresql-8.2.6-2.i686.rpm
      3724806 ed77b2f8bd41f0e33cd396323777f0ac
   postgresql-contrib-8.2.6-2.i686.rpm
      1368604 934917b655f804bb756ada8cf25f7863
   postgresql-devel-8.2.6-2.i686.rpm
      1356501 ba1963cfe4dc73a976adfbd03a7516f2
   postgresql-libs-8.2.6-2.i686.rpm
       437506 c5434df4f34573feff572688da7f0a0d
   postgresql-plperl-8.2.6-2.i686.rpm
       701344 500b9cf770463e3743f2dcf529d9049f
   postgresql-plpython-8.2.6-2.i686.rpm
        77474 f63c4a59ff1d0f0ee89f997740bb1b33
   postgresql-python-8.2.6-2.i686.rpm
       100491 b4f16a89a173876735ca2ce40d6c7d00
   postgresql-server-8.2.6-2.i686.rpm
      7553236 86af4608af030994612f9be2c2fc8e58
   postgresql-test-8.2.6-2.i686.rpm
      1247751 4414ba5753edb5b12b2d7ac6ecaa950c

 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   postgresql-7.4.19-1.src.rpm
     12310826 bb483f3d614a88b4f1be0aec43d3a1e2

   Binary Packages
   Size: MD5

   postgresql-7.4.19-1.i586.rpm
      1357834 f87e81745edba9a6395a8b587151bd7f
   postgresql-contrib-7.4.19-1.i586.rpm
      3759189 bee846fb039f7232830b3c26470f8c4e
   postgresql-devel-7.4.19-1.i586.rpm
       861546 0a98edcc53c50537497f034b26ee6a47
   postgresql-jdbc-7.4.19-1.i586.rpm
       696115 0ce40f2cfccc5de108115d6f533c5042
   postgresql-libs-7.4.19-1.i586.rpm
       123698 5b8f149a2740e5cc78f68a5faa69f790
   postgresql-odbc-7.4.19-1.i586.rpm
       138188 974b531910b633ea678cf99110332ecd
   postgresql-perl-7.4.19-1.i586.rpm
       610852 9e0053eef38f8ac5170be30808ee1ebd
   postgresql-python-7.4.19-1.i586.rpm
       414553 7d3ee7b388d0257a544df87de1708cb8
   postgresql-server-7.4.19-1.i586.rpm
      2449359 dbaf15f0027dc0ba19f582c090551cef
   postgresql-tcl-7.4.19-1.i586.rpm
        52977 f051b7237103075e269ba4c02f62a88b
   postgresql-tk-7.4.19-1.i586.rpm
        24280 cc93c6ffec24fc42f64e86d1b6328458

 <Turbolinux FUJI>

   Source Packages
   Size: MD5

   postgresql-8.0.15-2.src.rpm
     13350601 e76cf674ca4d8e868511985e00c459b5

   Binary Packages
   Size: MD5

   postgresql-libs-8.0.15-2.i686.rpm
      2600989 91c81b5ca38f694d5be5f9bae7f52ff6

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   postgresql-8.0.15-2.src.rpm
     13350601 e5399c87db609acfc98faecd9eb5c395
   postgresql-libs-32bit-8.0.15-2.src.rpm
      2508436 e6226dde4526487299a22a9ac4b3674c

   Binary Packages
   Size: MD5

   postgresql-8.0.15-2.x86_64.rpm
       625672 87e41dfb173a15f44cbf12bd0728dfd5
   postgresql-contrib-8.0.15-2.x86_64.rpm
      4502166 5ecb981d8ceae2416d839d4514528920
   postgresql-devel-8.0.15-2.x86_64.rpm
       676942 d4f94d194a8181b30f0f1795ddf1a1ba
   postgresql-docs-8.0.15-2.x86_64.rpm
      1269064 6e374ffcd24166ea02da43522aa0d0d9
   postgresql-jdbc-8.0.15-2.x86_64.rpm
       870098 c8dbc4e1352a981ea2fec4a1f0254a0c
   postgresql-libs-32bit-8.0.15-2.x86_64.rpm
      2668744 e1cfb63db7302799f62ac6f6b9e5db59
   postgresql-libs-8.0.15-2.x86_64.rpm
      2827068 7473f3625ec2ac70c6ebcd22e822c1ec
   postgresql-odbc-8.0.15-2.x86_64.rpm
       171066 cf499b0fea568b6b96d51ad954f3a316
   postgresql-perl-8.0.15-2.x86_64.rpm
       625403 4d7a3b92e622e285ed431ef837073907
   postgresql-python-8.0.15-2.x86_64.rpm
       469617 52c16a5f54e5ef24f20d0a5d45cd3d7c
   postgresql-server-8.0.15-2.x86_64.rpm
      2910551 f8f2db6b792c4a9de4cb8e16a5f4c374
   postgresql-tcl-8.0.15-2.x86_64.rpm
        39797 2179f0a6241f1163ff52e73e09f708ef
   postgresql-test-8.0.15-2.x86_64.rpm
      1001693 0762dcacba38bdddf2e7f4ffba1111e1
   postgresql-tk-8.0.15-2.x86_64.rpm
        20798 fa194d206669a0b13f50b149befec42b

 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   postgresql-7.2.2-13.src.rpm
      9640676 d6ab46deb96d5b0ff4e93bc86f837e4b

   Binary Packages
   Size: MD5

   postgresql-7.2.2-13.i586.rpm
      1073277 e97c43eac89c316af04ea1b11af8b851
   postgresql-contrib-7.2.2-13.i586.rpm
       986093 36106da0387e8ad500f92275b98ad334
   postgresql-devel-7.2.2-13.i586.rpm
       581991 37b505728e1b67502ec440d324f2d5f4
   postgresql-docs-7.2.2-13.i586.rpm
       948103 2ee372bda6e32d27f4128a5f87d788bc
   postgresql-jdbc-7.2.2-13.i586.rpm
       379027 700f6be80bd0d733b59a46b1ca5345bc
   postgresql-libs-7.2.2-13.i586.rpm
        88651 563b6bb2c40bf5dc7a47342c994b57bd
   postgresql-odbc-7.2.2-13.i586.rpm
       110231 8228d0b8d8395dbb9c914cf46f0cfe5c
   postgresql-perl-7.2.2-13.i586.rpm
        59998 49f387623cd20cd52a4910dfb661f803
   postgresql-python-7.2.2-13.i586.rpm
        67720 516953eaa3d1ac292fe5d66cf5ce8f53
   postgresql-server-7.2.2-13.i586.rpm
      1393647 1d073c35daa6b8042cfbd9ef6a3c1672
   postgresql-test-7.2.2-13.i586.rpm
       864130 c40e891a10da7c155c673b9c8d59ba50

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   postgresql-7.2.2-13.src.rpm
      9640676 25f1b55352485bb96318cd745a775c6e

   Binary Packages
   Size: MD5

   postgresql-7.2.2-13.i586.rpm
      1073014 f173310f9f6bcf1c41b1ce3ba5422f93
   postgresql-contrib-7.2.2-13.i586.rpm
       986257 9596bbfa60c0c82d39ab7086a8603eab
   postgresql-devel-7.2.2-13.i586.rpm
       582208 d69b42749542ed5796aba4582075abf7
   postgresql-docs-7.2.2-13.i586.rpm
       948123 895590dd5121f6cfe53d4cd34f6cf710
   postgresql-jdbc-7.2.2-13.i586.rpm
       379232 92e8c065e6d22f4b8f11043173200063
   postgresql-libs-7.2.2-13.i586.rpm
        88838 e951bfe11d3e6c036733465c8ccdc7ab
   postgresql-odbc-7.2.2-13.i586.rpm
       110424 3fe88fa36b873d3e0cdd5de861cb6071
   postgresql-perl-7.2.2-13.i586.rpm
        60245 461ea40f12c476e51896143c7b4dec17
   postgresql-python-7.2.2-13.i586.rpm
        67887 3a8d8a58fc7cc22edbba4facc25bef98
   postgresql-server-7.2.2-13.i586.rpm
      1394074 867aa44e33ac16586c35fa1dd92e6400
   postgresql-test-7.2.2-13.i586.rpm
       864418 4b0c1a8814d535d2279d572b68786aa8

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   postgresql-7.4.19-1.src.rpm
     12310826 bb483f3d614a88b4f1be0aec43d3a1e2

   Binary Packages
   Size: MD5

   postgresql-7.4.19-1.i586.rpm
      1357834 f87e81745edba9a6395a8b587151bd7f
   postgresql-contrib-7.4.19-1.i586.rpm
      3759189 bee846fb039f7232830b3c26470f8c4e
   postgresql-docs-7.4.19-1.i586.rpm
      1120637 27c14c55cdc3865e6ccd42a120dae986
   postgresql-devel-7.4.19-1.i586.rpm
       861546 0a98edcc53c50537497f034b26ee6a47
   postgresql-jdbc-7.4.19-1.i586.rpm
       696115 0ce40f2cfccc5de108115d6f533c5042
   postgresql-libs-7.4.19-1.i586.rpm
       123698 5b8f149a2740e5cc78f68a5faa69f790
   postgresql-odbc-7.4.19-1.i586.rpm
       138188 974b531910b633ea678cf99110332ecd
   postgresql-perl-7.4.19-1.i586.rpm
       610852 9e0053eef38f8ac5170be30808ee1ebd
   postgresql-python-7.4.19-1.i586.rpm
       414553 7d3ee7b388d0257a544df87de1708cb8
   postgresql-server-7.4.19-1.i586.rpm
      2449359 dbaf15f0027dc0ba19f582c090551cef
   postgresql-tcl-7.4.19-1.i586.rpm
        52977 f051b7237103075e269ba4c02f62a88b
   postgresql-test-7.4.19-1.i586.rpm
       927695 626261cd6989cc8a3f2dae666d56d62e
   postgresql-tk-7.4.19-1.i586.rpm
        24280 cc93c6ffec24fc42f64e86d1b6328458

 <Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   postgresql-7.3-19.src.rpm
     11312988 67a591b52483c1c4d27e5c1e471f6098

   Binary Packages
   Size: MD5

   postgresql-7.3-19.i586.rpm
      1228301 ad43829ddb3da266a421f7304de45e2a
   postgresql-contrib-7.3-19.i586.rpm
       688165 05197b6ec39cf85bf4d88d7128133dac
   postgresql-devel-7.3-19.i586.rpm
       576858 e06fc61fb73fb9181abfc28f948d0cf4
   postgresql-docs-7.3-19.i586.rpm
      1075767 0b09a0d42db1da167b83754db3573240
   postgresql-libs-7.3-19.i586.rpm
       117829 8b77dc8ad0dce2a66fd96a783091104a
   postgresql-odbc-7.3-19.i586.rpm
       132139 9046b96842ac7b4565184fbb663721d1
   postgresql-perl-7.3-19.i586.rpm
      3019846 e507633a4aa428f31a5f4333040848a4
   postgresql-python-7.3-19.i586.rpm
        59138 19129b01db5a6f40f329b6adbde6798f
   postgresql-server-7.3-19.i586.rpm
      2271573 dd930805d5a5f5440f08d1c2e5d78df5
   postgresql-tcl-7.3-19.i586.rpm
        50386 3f672792ab3ffdc26082ea65fc9daa8b
   postgresql-test-7.3-19.i586.rpm
       909135 7696b5e286535982434f49ff986f3482
   postgresql-tk-7.3-19.i586.rpm
        22720 546112e5d91002d068c02d33f8324d84


 References:

 CVE
   [CVE-2007-3278]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278
   [CVE-2007-6600]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600
   [CVE-2007-6601]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601

 --------------------------------------------------------------------------
 Revision History
    28 Jan 2008 Initial release
 --------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iEYEARECAAYFAkedbisACgkQK0LzjOqIJMxGhwCglkiLg6WX17OToQlEwDD/g8Gp
u5gAnjaTwADCM77hgSPd22a8Tg3ay7Th
=zDkO
-----END PGP SIGNATURE-----
Pro-Linux
Gewinnspiel
Neue Nachrichten

4
Kanotix »Dra­gon­fire« LinuxTag 2013 ver­öf­fent­licht

6
Chrome 28 Beta mit neuer Ren­de­rin­g-En­gi­ne Blink

3
m23 13.1 frei­ge­ge­ben

0
Docpatch: Open-Da­ta­-Platt­form für das deutsche Grund­ge­setz

20
KDE Frame­works 5 und Plasma Works­paces 2 nähern sich

3
Pidora – Fedora für den Pi

1
NetBSD 6.1 frei­ge­ge­ben

16
Keine Downloads mehr auf Google Code

34
Debian GNU/Hurd 2013: Debian mit Mach-Mi­cro­ker­nel

0
Call for Papers für erste OpenNe­bu­la-Kon­fe­renz
 
Werbung