drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in PostgreSQL
Name: |
Pufferüberlauf in PostgreSQL |
|
ID: |
FEDORA-2011-0963 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 13 |
|
Datum: |
Mi, 9. Februar 2011, 23:49 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4015 |
|
Applikationen: |
PostgreSQL |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2011-0963 2011-02-01 20:15:13 ------------------------------------------------------------------------------- -
Name : postgresql Product : Fedora 13 Version : 8.4.7 Release : 1.fc13 URL : http://www.postgresql.org/ Summary : PostgreSQL client programs Description : PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the docs in HTML for the whole package, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server.
If you want to manipulate a PostgreSQL database on a local or remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package.
------------------------------------------------------------------------------- - Update Information:
Update to PostgreSQL 8.4.7, for various fixes described at release-8-4-7.html including the fix for CVE-2010-4015 ------------------------------------------------------------------------------- - ChangeLog:
* Tue Feb 1 2011 Tom Lane <tgl@redhat.com> 8.4.7-1 - Update to PostgreSQL 8.4.7, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-7.html including the fix for CVE-2010-4015 Resolves: #674296 * Thu Dec 16 2010 Tom Lane <tgl@redhat.com> 8.4.6-1 - Update to PostgreSQL 8.4.6, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-6.html - Ensure we don't package any .gitignore files from the source tarball Related: #642210 * Tue Oct 5 2010 Tom Lane <tgl@redhat.com> 8.4.5-1 - Update to PostgreSQL 8.4.5, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-5.html including the fix for CVE-2010-3433 Related: #639371 - Add -p "$pidfile" to initscript's status call to improve corner cases. Related: #561010 - Duplicate COPYRIGHT in -libs subpackage, per revised packaging guidelines * Mon May 17 2010 Tom Lane <tgl@redhat.com> 8.4.4-1 - Update to PostgreSQL 8.4.4, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-4.html including fixes for CVE-2010-1169 and CVE-2010-1170 Resolves: #593032 ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #664402 - CVE-2010-4015 PostgreSQL: Stack-based buffer overflow by processing certain tokens from SQL query string when intarray module enabled https://bugzilla.redhat.com/show_bug.cgi?id=664402 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update postgresql' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|