drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in PostgreSQL
Name: |
Preisgabe von Informationen in PostgreSQL |
|
ID: |
FEDORA-2013-2152 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 17 |
|
Datum: |
So, 17. Februar 2013, 08:58 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255 |
|
Applikationen: |
PostgreSQL |
|
Originalnachricht |
Name : postgresql Product : Fedora 17 Version : 9.1.8 Release : 1.fc17 URL : http://www.postgresql.org/ Summary : PostgreSQL client programs Description : PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package.
------------------------------------------------------------------------------- - Update Information:
- Update to new upstream releases, to fix CVE-2013-0255 and other issues described at
http://www.postgresql.org/docs/9.2/static/release-9-2-3.html
http://www.postgresql.org/docs/9.1/static/release-9-1-8.html
- Make the package build with selinux option disabled
- Include old version of pg_controldata in postgresql-upgrade subpackage
------------------------------------------------------------------------------- - ChangeLog:
* Thu Feb 7 2013 Tom Lane <tgl@redhat.com> 9.1.8-1 - Update to PostgreSQL 9.1.8, for various fixes described at http://www.postgresql.org/docs/9.1/static/release-9-1-8.html including the fix for CVE-2013-0255 Resolves: #908722 - Make the package build with selinux option disabled Resolves: #894367 - Include old version of pg_controldata in postgresql-upgrade subpackage Related: #896161 * Thu Dec 6 2012 Tom Lane <tgl@redhat.com> 9.1.7-1 - Update to PostgreSQL 9.1.7, for various fixes described at http://www.postgresql.org/docs/9.1/static/release-9-1-7.html * Mon Sep 24 2012 Tom Lane <tgl@redhat.com> 9.1.6-1 - Update to PostgreSQL 9.1.6, for various fixes described at http://www.postgresql.org/docs/9.1/static/release-9-1-6.html including a nasty data-loss bug * Tue Aug 28 2012 Tom Lane <tgl@redhat.com> 9.1.5-2 - Remove unnecessary ldconfig calls in pre/post triggers Resolves: #849344 * Fri Aug 17 2012 Tom Lane <tgl@redhat.com> 9.1.5-1 - Update to PostgreSQL 9.1.5, for various fixes described at http://www.postgresql.org/docs/9.1/static/release-9-1-5.html including the fixes for CVE-2012-3488, CVE-2012-3489 * Mon Aug 13 2012 Tom Lane <tgl@redhat.com> 9.1.4-5 - Back-port upstream support for postmaster listening on multiple Unix sockets - Configure postmaster to create sockets in both /var/run/postgresql and /tmp; the former is now the default place for libpq to contact the postmaster. Resolves: #825448 - Annotate postgresql.conf about not setting port number there - Minor specfile cleanup per suggestions from Tom Callaway Related: #845110 * Sat Jul 14 2012 Tom Lane <tgl@redhat.com> 9.1.4-3 - Update code to use oom_score_adj not oom_adj, thereby suppressing whining in the kernel log - Add "legacy action" scripts to support "service postgresql initdb" and "service postgresql upgrade" in a now-approved fashion (requires a recent version of initscripts to work) Resolves: #800416 * Mon Jun 4 2012 Tom Lane <tgl@redhat.com> 9.1.4-1 - Update to PostgreSQL 9.1.4, for various fixes described at http://www.postgresql.org/docs/9.1/static/release-9-1-4.html including the fixes for CVE-2012-2143, CVE-2012-2655 Resolves: #826606 - Update previous version (embedded in postgresql-upgrade) to 9.0.8 because fix in whole-row variable dumping could be needed for upgrades - Revert fix for bug #800416, per fedora-packaging discussion at http://lists.fedoraproject.org/pipermail/packaging/2012-April/008314.html "service postgresql initdb" is dead and will stay that way ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #907892 - CVE-2013-0255 postgresql: (Heap-based) Array index error when retrieving textual error message representation for certain enum types https://bugzilla.redhat.com/show_bug.cgi?id=907892 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update postgresql' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|