Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in postgresql8.2
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in postgresql8.2
ID: MDVSA-2009:251-1
Distribution: Mandriva
Plattformen: Mandriva 2008.0
Datum: Di, 8. Dezember 2009, 16:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3231
Applikationen: PostgreSQL

Originalnachricht

This is a multi-part message in MIME format...

------------=_1260284431-24326-1825


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:251-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : postgresql8.2
Date : December 8, 2009
Affected: 2008.0
_______________________________________________________________________

Problem Description:

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before
8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to
cause a denial of service (backend shutdown) by re-LOAD-ing libraries
from a certain plugins directory (CVE-2009-3229).

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before
8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22,
and 7.4 before 7.4.26 does not use the appropriate privileges for
the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations,
which allows remote authenticated users to gain privileges. NOTE:
this is due to an incomplete fix for CVE-2007-6600 (CVE-2009-3230).

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2
before 8.2.14, when using LDAP authentication with anonymous binds,
allows remote attackers to bypass authentication via an empty password
(CVE-2009-3231).

This update provides a fix for this vulnerability.

Update:

Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3231
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
d292fa6350134d4a694766f78e9b4325
2008.0/i586/libecpg5-8.2.14-0.1mdv2008.0.i586.rpm
0daf74246739a4ddde59c86d929b2372
2008.0/i586/libecpg-devel-8.2.14-0.1mdv2008.0.i586.rpm
784dff4bcff24e719808e862dd5be24e
2008.0/i586/libpq5-8.2.14-0.1mdv2008.0.i586.rpm
6ebbd221cb3f81c2501d60cda66b1ea6
2008.0/i586/libpq-devel-8.2.14-0.1mdv2008.0.i586.rpm
1f41610e32d2aae4f1456e7263c4fb80
2008.0/i586/postgresql-8.2.14-0.1mdv2008.0.i586.rpm
ac8ae125c1db24b5748c5ddef09167a4
2008.0/i586/postgresql8.2-8.2.14-0.1mdv2008.0.i586.rpm
822cbba00ba28bc79d82a9431fe77c48
2008.0/i586/postgresql8.2-contrib-8.2.14-0.1mdv2008.0.i586.rpm
40d417845c085bf33862ff9584d34c9c
2008.0/i586/postgresql8.2-devel-8.2.14-0.1mdv2008.0.i586.rpm
77a9c18eb2439dbe49d61013275fe63e
2008.0/i586/postgresql8.2-docs-8.2.14-0.1mdv2008.0.i586.rpm
db8898ab10b6bad951c8513489856866
2008.0/i586/postgresql8.2-pl-8.2.14-0.1mdv2008.0.i586.rpm
94a96e92ea757b4f694601a53fe59a00
2008.0/i586/postgresql8.2-plperl-8.2.14-0.1mdv2008.0.i586.rpm
92e0adc727b6ac0af5b11fd6444ccd51
2008.0/i586/postgresql8.2-plpgsql-8.2.14-0.1mdv2008.0.i586.rpm
aa8c2ac2de6f42d975596c93a92b54c7
2008.0/i586/postgresql8.2-plpython-8.2.14-0.1mdv2008.0.i586.rpm
1b7ea7658c8326573a61bd8aafce82e6
2008.0/i586/postgresql8.2-pltcl-8.2.14-0.1mdv2008.0.i586.rpm
d6d5489c5c953b08e55ece1f11068276
2008.0/i586/postgresql8.2-server-8.2.14-0.1mdv2008.0.i586.rpm
c6dbc8d2bd9e89daf50df8c53306c552
2008.0/i586/postgresql8.2-test-8.2.14-0.1mdv2008.0.i586.rpm
9e2d3a8100029961f2d48631b69e389b
2008.0/i586/postgresql-devel-8.2.14-0.1mdv2008.0.i586.rpm
169fe8a23affe4f6c32e503655e628ec
2008.0/SRPMS/postgresql8.2-8.2.14-0.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
3617079ee527bd87a16d2bfdf1a525f4
2008.0/x86_64/lib64ecpg5-8.2.14-0.1mdv2008.0.x86_64.rpm
8f3868b40025a5d2ccaf6adfaba893c5
2008.0/x86_64/lib64ecpg-devel-8.2.14-0.1mdv2008.0.x86_64.rpm
85acc8c26019a0d0c64e5ce9a3eda592
2008.0/x86_64/lib64pq5-8.2.14-0.1mdv2008.0.x86_64.rpm
377613037ed6ded2ce9ca0007c923021
2008.0/x86_64/lib64pq-devel-8.2.14-0.1mdv2008.0.x86_64.rpm
c027b9b132e0a656fa4a71b0bc9fde09
2008.0/x86_64/postgresql-8.2.14-0.1mdv2008.0.x86_64.rpm
bc47a41f53cd99caad122d273984b867
2008.0/x86_64/postgresql8.2-8.2.14-0.1mdv2008.0.x86_64.rpm
3121292bc31043d7dcb3741569287e3a
2008.0/x86_64/postgresql8.2-contrib-8.2.14-0.1mdv2008.0.x86_64.rpm
0a90bd386286aab79ee109cb1a939ed9
2008.0/x86_64/postgresql8.2-devel-8.2.14-0.1mdv2008.0.x86_64.rpm
c6a926f25f2829b5600269f4389db041
2008.0/x86_64/postgresql8.2-docs-8.2.14-0.1mdv2008.0.x86_64.rpm
7793e59a09073e79e694019dd8c52d94
2008.0/x86_64/postgresql8.2-pl-8.2.14-0.1mdv2008.0.x86_64.rpm
a4b52cfd8044f8539af51ed9b437c224
2008.0/x86_64/postgresql8.2-plperl-8.2.14-0.1mdv2008.0.x86_64.rpm
b93075904d8a93824b9d9399764e5cd6
2008.0/x86_64/postgresql8.2-plpgsql-8.2.14-0.1mdv2008.0.x86_64.rpm
ed1710b7151eaabdf5b3a50821a36a69
2008.0/x86_64/postgresql8.2-plpython-8.2.14-0.1mdv2008.0.x86_64.rpm
177f45106d6d4c37589adfb530a58952
2008.0/x86_64/postgresql8.2-pltcl-8.2.14-0.1mdv2008.0.x86_64.rpm
643e2a7589151441ba1ed6e77b503654
2008.0/x86_64/postgresql8.2-server-8.2.14-0.1mdv2008.0.x86_64.rpm
cae199802e9634b3a4df94a8f7222376
2008.0/x86_64/postgresql8.2-test-8.2.14-0.1mdv2008.0.x86_64.rpm
436e154d88a7ba97575b9614506f9fee
2008.0/x86_64/postgresql-devel-8.2.14-0.1mdv2008.0.x86_64.rpm
169fe8a23affe4f6c32e503655e628ec
2008.0/SRPMS/postgresql8.2-8.2.14-0.1mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLHj5GmqjQ0CJFipgRAuYZAKDWgA8C/TBq4QdnflpEz1wOhfdb8QCg3GpO
aNp5EUBLnzsVel0r71Hxfsw=
=LQGp
-----END PGP SIGNATURE-----


------------=_1260284431-24326-1825
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1260284431-24326-1825--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung