drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in PostgreSQL
Name: |
Zwei Probleme in PostgreSQL |
|
ID: |
USN-1461-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS |
|
Datum: |
Di, 5. Juni 2012, 18:29 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2655 |
|
Applikationen: |
PostgreSQL |
|
Originalnachricht |
--===============6892577879860382251== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-IOavOyh2X/7NTbfFyVof"
--=-IOavOyh2X/7NTbfFyVof Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1461-1 June 05, 2012
postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS
Summary:
PostgreSQL could be made to crash or incorrectly handle authentication.
Software Description: - postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database
Details:
It was discovered that PostgreSQL incorrectly handled certain bytes passed to the crypt() function when using DES encryption. An attacker could use this flaw to incorrectly handle authentication. (CVE-2012-2143)
It was discovered that PostgreSQL incorrectly handled SECURITY DEFINER and SET attributes on procedural call handlers. An attacker could use this flaw to cause PostgreSQL to crash, leading to a denial of service. (CVE-2012-2655)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: postgresql-9.1 9.1.4-0ubuntu12.04
Ubuntu 11.10: postgresql-9.1 9.1.4-0ubuntu11.10
Ubuntu 11.04: postgresql-8.4 8.4.12-0ubuntu11.04
Ubuntu 10.04 LTS: postgresql-8.4 8.4.12-0ubuntu10.04
Ubuntu 8.04 LTS: postgresql-8.3 8.3.19-0ubuntu8.04
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1461-1 CVE-2012-2143, CVE-2012-2655
Package Information: https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.4-0ubuntu12.04 https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.4-0ubuntu11.10 https://launchpad.net/ubuntu/+source/postgresql-8.4/8.4.12-0ubuntu11.04 https://launchpad.net/ubuntu/+source/postgresql-8.4/8.4.12-0ubuntu10.04 https://launchpad.net/ubuntu/+source/postgresql-8.3/8.3.19-0ubuntu8.04
--ÒOavOyh2X/7NTbfFyVof Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJPzipIAAoJEGVp2FWnRL6TY1AP/2J72NmkZpB33JfpABv5eBkd H89t2+wY+fwt9Eif2S73pOo4P3DM/ifzpfYdViqJNjlVJmQpLdf8tM5s8M4TtXm1 62LFdRSYKCGNAKN9OmN0FvSSRTmsboPA69wKVuQp9pnFnjQN91SE6sgn2T15IoMC yRCTPjoXseTKFS89tYbqaCrvIBHY1pMdEQGVx2GhmUd/mlbNGVhDyF8Bzbw66uPO ONd4Qtf9VjnP1DV5nA8mI6DY3jW0UlVgdLcBGW5XMjtNG4OzqxZ4kwMHTU/QUvJs Bf4O1fgfV3SNC8EGY+63cpjJ/unztqsfx1BSvpX7Bgeh4wd6s0t7ClZ7EFP7pnYM 29tQSKV55GaoiLyfXqDpvFJ5D3yBpGyH21XuEs/yy1sWBnVzaNKg8l8tvD81pAyP l89+eBJZiEagyfHnRkHX76oxR/8cjCw/TTgvV2EvZqoDJW/n+17w+Bau3VjG0wwg JDDKmyelJOXwF+mYctQw346Bm3GIq/B/wDiXM/FNvcAKZ/MySm4ZrfWhzmMlK5nS Vx2qkEsmONhnCfujaxP+7pDPLmagPMBWxzrmoq1Y/yMcdo7V+pE2Uoow9OXY8lcF b2k2qlhbNQl7unx5Fw5dbHDBnJZQb0GDtqtlf6cTTc2QrP9xG5iSbu+4uD22Y6IR WxYkssNHsSgNGC4A4YMn =sM6f -----END PGP SIGNATURE-----
--=-IOavOyh2X/7NTbfFyVof--
--===============6892577879860382251== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6892577879860382251==--
|
|
|
|