Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in postgresql
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in postgresql
ID: MDVSA-2009:177
Distribution: Mandriva
Plattformen: Mandriva 2008.1, Mandriva 2009.0, Mandriva 2009.1, Mandriva Enterprise Server 5.0
Datum: Mi, 30. September 2009, 21:21
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3231
Applikationen: PostgreSQL

Originalnachricht

This is a multi-part message in MIME format...

------------=_1254338492-13155-2208


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:177
http://www.mandriva.com/security/
_______________________________________________________________________

Package : postgresql
Date : September 30, 2009
Affected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before
8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to
cause a denial of service (backend shutdown) by re-LOAD-ing libraries
from a certain plugins directory (CVE-2009-3229).

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before
8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22,
and 7.4 before 7.4.26 does not use the appropriate privileges for
the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations,
which allows remote authenticated users to gain privileges. NOTE:
this is due to an incomplete fix for CVE-2007-6600 (CVE-2009-3230).

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2
before 8.2.14, when using LDAP authentication with anonymous binds,
allows remote attackers to bypass authentication via an empty password
(CVE-2009-3231).

This update provides a fix for this vulnerability.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3231
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.1:
b5017d0c83a9a1b66c9a056229fcdb37
2008.1/i586/libecpg8.3_6-8.3.8-0.1mdv2008.1.i586.rpm
5908c494fb2cb789c4b63a816df0dcc5
2008.1/i586/libpq8.3_5-8.3.8-0.1mdv2008.1.i586.rpm
5f22a2ced45873160c8d254c5e01c820
2008.1/i586/postgresql8.3-8.3.8-0.1mdv2008.1.i586.rpm
81238ffe7862521797586a163a5fbd96
2008.1/i586/postgresql8.3-contrib-8.3.8-0.1mdv2008.1.i586.rpm
af8025b240aa501d403be90f15072360
2008.1/i586/postgresql8.3-devel-8.3.8-0.1mdv2008.1.i586.rpm
0dba594a1c66baa7713e0ec515a7c13e
2008.1/i586/postgresql8.3-docs-8.3.8-0.1mdv2008.1.i586.rpm
87a2573159c9007789c43c485c0cd47d
2008.1/i586/postgresql8.3-pl-8.3.8-0.1mdv2008.1.i586.rpm
1a3b9e0321e5dbd5dc02a229c0b7e398
2008.1/i586/postgresql8.3-plperl-8.3.8-0.1mdv2008.1.i586.rpm
94cd176198e69822bb579ec67bb91a32
2008.1/i586/postgresql8.3-plpgsql-8.3.8-0.1mdv2008.1.i586.rpm
b7ccbfdcd746a2322c475755de09080d
2008.1/i586/postgresql8.3-plpython-8.3.8-0.1mdv2008.1.i586.rpm
d33709fca3bd26df1219fc08ddde91ab
2008.1/i586/postgresql8.3-pltcl-8.3.8-0.1mdv2008.1.i586.rpm
51e362a6e40c6b747fdaa51326ddc612
2008.1/i586/postgresql8.3-server-8.3.8-0.1mdv2008.1.i586.rpm
e83def99ca0f4f24fb850e3d194b9a70
2008.1/SRPMS/postgresql8.3-8.3.8-0.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
926b69537a47a1336aacd4a1451c4bb4
2008.1/x86_64/lib64ecpg8.3_6-8.3.8-0.1mdv2008.1.x86_64.rpm
d20c7efda05a7e3a4b23d8536b3a4b8e
2008.1/x86_64/lib64pq8.3_5-8.3.8-0.1mdv2008.1.x86_64.rpm
db1b38994b24a444aa700414526b3886
2008.1/x86_64/postgresql8.3-8.3.8-0.1mdv2008.1.x86_64.rpm
044cd79ddc2991c705563b413f4b6dcf
2008.1/x86_64/postgresql8.3-contrib-8.3.8-0.1mdv2008.1.x86_64.rpm
da8eaa6eb5135f7c9a03194ab34b7106
2008.1/x86_64/postgresql8.3-devel-8.3.8-0.1mdv2008.1.x86_64.rpm
5ce7870b488a557897e874cb09810f6b
2008.1/x86_64/postgresql8.3-docs-8.3.8-0.1mdv2008.1.x86_64.rpm
48f1812a1abcbb9abdc2b7bdf082a7e8
2008.1/x86_64/postgresql8.3-pl-8.3.8-0.1mdv2008.1.x86_64.rpm
3a855f4170eb3706f4d7d967712ddd74
2008.1/x86_64/postgresql8.3-plperl-8.3.8-0.1mdv2008.1.x86_64.rpm
8f65506827c25689f7478abf10ce7966
2008.1/x86_64/postgresql8.3-plpgsql-8.3.8-0.1mdv2008.1.x86_64.rpm
eafcbb13012357f019eaaf0540286aed
2008.1/x86_64/postgresql8.3-plpython-8.3.8-0.1mdv2008.1.x86_64.rpm
333cc07831ca4df64daba83be97ef4a8
2008.1/x86_64/postgresql8.3-pltcl-8.3.8-0.1mdv2008.1.x86_64.rpm
63ebd9f30146fab175cbb84b2039dcec
2008.1/x86_64/postgresql8.3-server-8.3.8-0.1mdv2008.1.x86_64.rpm
e83def99ca0f4f24fb850e3d194b9a70
2008.1/SRPMS/postgresql8.3-8.3.8-0.1mdv2008.1.src.rpm

Mandriva Linux 2009.0:
616355e60c6a0ae1c1b13d9bb977d06c
2009.0/i586/libecpg8.3_6-8.3.8-0.1mdv2009.0.i586.rpm
5aa23c918264c2ac26f20199fbf6bb2b
2009.0/i586/libpq8.3_5-8.3.8-0.1mdv2009.0.i586.rpm
39a0b73741c5ad11ef570b11605a4fa0
2009.0/i586/postgresql8.3-8.3.8-0.1mdv2009.0.i586.rpm
ed07d63649518a3a8053b5091862c9a7
2009.0/i586/postgresql8.3-contrib-8.3.8-0.1mdv2009.0.i586.rpm
bf84bae38eb5768cb4051d553e80982d
2009.0/i586/postgresql8.3-devel-8.3.8-0.1mdv2009.0.i586.rpm
047cb21a5674ea58a3924c20fcad117b
2009.0/i586/postgresql8.3-docs-8.3.8-0.1mdv2009.0.i586.rpm
539798b51f3ee86cefeab006bfcc70fa
2009.0/i586/postgresql8.3-pl-8.3.8-0.1mdv2009.0.i586.rpm
4bc62c256c07c960f5423815ba8e2ae7
2009.0/i586/postgresql8.3-plperl-8.3.8-0.1mdv2009.0.i586.rpm
0a0c6ace539294844c6f2b410142977d
2009.0/i586/postgresql8.3-plpgsql-8.3.8-0.1mdv2009.0.i586.rpm
03c254dd91a7ca533085334c0cf2dd4c
2009.0/i586/postgresql8.3-plpython-8.3.8-0.1mdv2009.0.i586.rpm
b694a5488571acbdd27f26ec34b297fc
2009.0/i586/postgresql8.3-pltcl-8.3.8-0.1mdv2009.0.i586.rpm
370e4bcdbf09dd96013afab70bcb4e71
2009.0/i586/postgresql8.3-server-8.3.8-0.1mdv2009.0.i586.rpm
b1066edfe108bba402c8741b7d16b06a
2009.0/SRPMS/postgresql8.3-8.3.8-0.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
87b6a10fd9d63ff807b97f611897b06e
2009.0/x86_64/lib64ecpg8.3_6-8.3.8-0.1mdv2009.0.x86_64.rpm
3b4729a637267ce25faa9b5ba37ec370
2009.0/x86_64/lib64pq8.3_5-8.3.8-0.1mdv2009.0.x86_64.rpm
1e7d011128c66de5dd63303d6b29cfaf
2009.0/x86_64/postgresql8.3-8.3.8-0.1mdv2009.0.x86_64.rpm
1a56b216a951641668605950e9ff3b9c
2009.0/x86_64/postgresql8.3-contrib-8.3.8-0.1mdv2009.0.x86_64.rpm
3aa414098b52ca1f6f667d134f3cc5c8
2009.0/x86_64/postgresql8.3-devel-8.3.8-0.1mdv2009.0.x86_64.rpm
5049296f31db70095cf7db1a9bb13b26
2009.0/x86_64/postgresql8.3-docs-8.3.8-0.1mdv2009.0.x86_64.rpm
3f8b282706090a4c072a38678946b424
2009.0/x86_64/postgresql8.3-pl-8.3.8-0.1mdv2009.0.x86_64.rpm
822d1396a5a74f7ef2706fe8e5ec8058
2009.0/x86_64/postgresql8.3-plperl-8.3.8-0.1mdv2009.0.x86_64.rpm
12ee585ccd1d82c7c486ab47bbc044f9
2009.0/x86_64/postgresql8.3-plpgsql-8.3.8-0.1mdv2009.0.x86_64.rpm
9f5510cd512ce7af37312caf57c7969c
2009.0/x86_64/postgresql8.3-plpython-8.3.8-0.1mdv2009.0.x86_64.rpm
4daec64b7781d4fedae75ef88bf27aeb
2009.0/x86_64/postgresql8.3-pltcl-8.3.8-0.1mdv2009.0.x86_64.rpm
31ebe7ccc64dc1d42a9f7b318ccdfca0
2009.0/x86_64/postgresql8.3-server-8.3.8-0.1mdv2009.0.x86_64.rpm
b1066edfe108bba402c8741b7d16b06a
2009.0/SRPMS/postgresql8.3-8.3.8-0.1mdv2009.0.src.rpm

Mandriva Linux 2009.1:
526e5750ba002cd6a654707abf600f9f
2009.1/i586/libecpg8.3_6-8.3.8-0.1mdv2009.1.i586.rpm
953b5751953b6114f2f41c2122cd5ce2
2009.1/i586/libpq8.3_5-8.3.8-0.1mdv2009.1.i586.rpm
4df5ac17343eb23656ea157f0b6f805e
2009.1/i586/postgresql8.3-8.3.8-0.1mdv2009.1.i586.rpm
88cf9065caf99aed0766721c23c41d59
2009.1/i586/postgresql8.3-contrib-8.3.8-0.1mdv2009.1.i586.rpm
c70779d73373308234d8f734311df3b1
2009.1/i586/postgresql8.3-devel-8.3.8-0.1mdv2009.1.i586.rpm
9c1a64eb454eafd102f0a919de7ee9eb
2009.1/i586/postgresql8.3-docs-8.3.8-0.1mdv2009.1.i586.rpm
b93a5b54b9263227502b82f1522bfaf5
2009.1/i586/postgresql8.3-pl-8.3.8-0.1mdv2009.1.i586.rpm
cfa81a96292e99a21d02396568be1a78
2009.1/i586/postgresql8.3-plperl-8.3.8-0.1mdv2009.1.i586.rpm
2633ba0029dc0afaa15c411d62ce2cd9
2009.1/i586/postgresql8.3-plpgsql-8.3.8-0.1mdv2009.1.i586.rpm
8b260a447f41d28f556a3ba970df5e38
2009.1/i586/postgresql8.3-plpython-8.3.8-0.1mdv2009.1.i586.rpm
d34986de3063374cb2c7f4b3f4f5dafe
2009.1/i586/postgresql8.3-pltcl-8.3.8-0.1mdv2009.1.i586.rpm
54ba81e3dd14b3ab3d2017b2a24c8139
2009.1/i586/postgresql8.3-server-8.3.8-0.1mdv2009.1.i586.rpm
ffa3a216d78c9779da5c02e1af4c0497
2009.1/SRPMS/postgresql8.3-8.3.8-0.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
a371f35fd687c4f32b9c02c7d440953f
2009.1/x86_64/lib64ecpg8.3_6-8.3.8-0.1mdv2009.1.x86_64.rpm
18f8fc97219eeb8c6cc6f9a73c2e9b9c
2009.1/x86_64/lib64pq8.3_5-8.3.8-0.1mdv2009.1.x86_64.rpm
a79b95834508c4b19e90675ee0b27844
2009.1/x86_64/postgresql8.3-8.3.8-0.1mdv2009.1.x86_64.rpm
0c079ae4302522705b086ac1627b6cb7
2009.1/x86_64/postgresql8.3-contrib-8.3.8-0.1mdv2009.1.x86_64.rpm
c4b7cfb05330e682b58a2358e89b594a
2009.1/x86_64/postgresql8.3-devel-8.3.8-0.1mdv2009.1.x86_64.rpm
85aefe725e17ac3a873d8b8efcfeb62f
2009.1/x86_64/postgresql8.3-docs-8.3.8-0.1mdv2009.1.x86_64.rpm
6e40e887d384de839e8989f69bac0670
2009.1/x86_64/postgresql8.3-pl-8.3.8-0.1mdv2009.1.x86_64.rpm
00f92e1ad356483bcc4b1fcb3b3b4f06
2009.1/x86_64/postgresql8.3-plperl-8.3.8-0.1mdv2009.1.x86_64.rpm
832e81e2cfe60a6fd0e3a3d118ce705b
2009.1/x86_64/postgresql8.3-plpgsql-8.3.8-0.1mdv2009.1.x86_64.rpm
ebb08f90a8882e61fb1285d709080991
2009.1/x86_64/postgresql8.3-plpython-8.3.8-0.1mdv2009.1.x86_64.rpm
752752f2386edfba9a52a1787f5b27d1
2009.1/x86_64/postgresql8.3-pltcl-8.3.8-0.1mdv2009.1.x86_64.rpm
c71bc74a9a805954c1da5b38943f34ca
2009.1/x86_64/postgresql8.3-server-8.3.8-0.1mdv2009.1.x86_64.rpm
ffa3a216d78c9779da5c02e1af4c0497
2009.1/SRPMS/postgresql8.3-8.3.8-0.1mdv2009.1.src.rpm

Mandriva Enterprise Server 5:
29970ac806e4b259b333938efeeacb82
mes5/i586/libecpg8.3_6-8.3.8-0.1mdvmes5.i586.rpm
e02dd867b4a8c86c84a274550642ab35
mes5/i586/libpq8.3_5-8.3.8-0.1mdvmes5.i586.rpm
b831fd0e4efd38ffb967a6313111269a
mes5/i586/postgresql8.3-8.3.8-0.1mdvmes5.i586.rpm
c2b04fe9655295fb7bcc28f9edf656a6
mes5/i586/postgresql8.3-contrib-8.3.8-0.1mdvmes5.i586.rpm
60ef3dde80a4fc33ba4df9ee5ef980ec
mes5/i586/postgresql8.3-devel-8.3.8-0.1mdvmes5.i586.rpm
d9237a2d2625074ee058d56b066e092b
mes5/i586/postgresql8.3-docs-8.3.8-0.1mdvmes5.i586.rpm
c7bc19a3237a8b392360317bb99088e8
mes5/i586/postgresql8.3-pl-8.3.8-0.1mdvmes5.i586.rpm
e944b6e22ec7f5bae6eed7d91cd36ae2
mes5/i586/postgresql8.3-plperl-8.3.8-0.1mdvmes5.i586.rpm
bb3d4a0311cd1b09f9767aad1fc0dc8e
mes5/i586/postgresql8.3-plpgsql-8.3.8-0.1mdvmes5.i586.rpm
1771904f2124739d8f2df7b89a015959
mes5/i586/postgresql8.3-plpython-8.3.8-0.1mdvmes5.i586.rpm
179379e611ed160faf8af70b68e8483b
mes5/i586/postgresql8.3-pltcl-8.3.8-0.1mdvmes5.i586.rpm
50bea687abe218f8dfacacdd81613c7f
mes5/i586/postgresql8.3-server-8.3.8-0.1mdvmes5.i586.rpm
8cb595899b3dc096d50767d7cc21ebeb
mes5/SRPMS/postgresql8.3-8.3.8-0.1mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
b5e75dde605214fffa43185165921f67
mes5/x86_64/lib64ecpg8.3_6-8.3.8-0.1mdvmes5.x86_64.rpm
655eeba7985cd2b3ad76141ad3d6f976
mes5/x86_64/lib64pq8.3_5-8.3.8-0.1mdvmes5.x86_64.rpm
1212ad73c6b771851d7d37d080b3e658
mes5/x86_64/postgresql8.3-8.3.8-0.1mdvmes5.x86_64.rpm
4ac7def1caa8e48ff8f7b6b5f744688b
mes5/x86_64/postgresql8.3-contrib-8.3.8-0.1mdvmes5.x86_64.rpm
44470cf19d02668348a0a492fdc9af37
mes5/x86_64/postgresql8.3-devel-8.3.8-0.1mdvmes5.x86_64.rpm
ad77504a7e5d08913e7de8f351b380ff
mes5/x86_64/postgresql8.3-docs-8.3.8-0.1mdvmes5.x86_64.rpm
75b06e5c7a2a0c321ab771ce7dd99bd9
mes5/x86_64/postgresql8.3-pl-8.3.8-0.1mdvmes5.x86_64.rpm
a618a9f6b4686a9b1e3fdef7edf438a7
mes5/x86_64/postgresql8.3-plperl-8.3.8-0.1mdvmes5.x86_64.rpm
d501f94d06dad161c8dba9f1794698d0
mes5/x86_64/postgresql8.3-plpgsql-8.3.8-0.1mdvmes5.x86_64.rpm
ce36a6e7624bb12c0144a1268d492ba9
mes5/x86_64/postgresql8.3-plpython-8.3.8-0.1mdvmes5.x86_64.rpm
6888902d0315b01a22fa72a351eb7e4f
mes5/x86_64/postgresql8.3-pltcl-8.3.8-0.1mdvmes5.x86_64.rpm
227bc3f0d58acea037f68caef1bca403
mes5/x86_64/postgresql8.3-server-8.3.8-0.1mdvmes5.x86_64.rpm
8cb595899b3dc096d50767d7cc21ebeb
mes5/SRPMS/postgresql8.3-8.3.8-0.1mdvmes5.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKw4E6mqjQ0CJFipgRApKzAKCOxuZ4KKkRhfbiHxUZtWwF876BgACg2nlk
7OK5CwX9f5YzWv6QZl+zh10=
=00ge
-----END PGP SIGNATURE-----


------------=_1254338492-13155-2208
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1254338492-13155-2208--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung