drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in PostgreSQL
Name: |
Mehrere Probleme in PostgreSQL |
|
ID: |
USN-1789-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 11.10, Ubuntu 12.04 LTS, Ubuntu 12.10 |
|
Datum: |
Do, 4. April 2013, 20:19 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901 |
|
Applikationen: |
PostgreSQL |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============4556762696242873418== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigD941B10477362648EFCE3437"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD941B10477362648EFCE3437 Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1789-1 April 04, 2013
postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS
Summary:
Several security issues were fixed in PostgreSQL.
Software Description: - postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database
Details:
Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL incorrectly handled certain connection requests containing database names starting with a dash. A remote attacker could use this flaw to damage or destroy files within a server's data directory. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2013-1899)
Marko Kreen discovered that PostgreSQL incorrectly generated random numbers. An authenticated attacker could use this flaw to possibly guess another database user's random numbers. (CVE-2013-1900)
Noah Misch discovered that PostgreSQL incorrectly handled certain privilege checks. An unprivileged attacker could use this flaw to possibly interfere with in-progress backups. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2013-1901)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10: postgresql-9.1 9.1.9-0ubuntu12.10
Ubuntu 12.04 LTS: postgresql-9.1 9.1.9-0ubuntu12.04
Ubuntu 11.10: postgresql-9.1 9.1.9-0ubuntu11.10
Ubuntu 10.04 LTS: postgresql-8.4 8.4.17-0ubuntu10.04
Ubuntu 8.04 LTS: postgresql-8.3 8.3.23-0ubuntu8.04.1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1789-1 CVE-2013-1899, CVE-2013-1900, CVE-2013-1901
Package Information: https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.9-0ubuntu12.10 https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.9-0ubuntu12.04 https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.9-0ubuntu11.10 https://launchpad.net/ubuntu/+source/postgresql-8.4/8.4.17-0ubuntu10.04 https://launchpad.net/ubuntu/+source/postgresql-8.3/8.3.23-0ubuntu8.04.1
--------------enigD941B10477362648EFCE3437 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRXYgPAAoJEGVp2FWnRL6TbToP/2ooCrcO4IJcOS8q6Sqi9q7n 1VU4e4YDcaLZYjnvOIuIltj/eP9PzVfpvIFCOZKhHm762V9JqM6n/Ld4fjn2X+Bz xmt8A8rPFrH5qNDUxUKUHwxdVRLihn1lm8R4DT4hLaXIrFf9VkQX5E2WJHv2LDIY rIwLCgeuA1fF1x7YtNvARILKxZoJ42QxeuUYkZFEzJwmdCRZg1OvSfEjCaKr2147 Z3zT4hQA5ebH9Z4/GCeLjDm/i0ur0U8SpgQghSyL1Bvg1O+2bKm20YWsOc6CtNIR v3FnjAJkcQYRBZLR3inluQJtGVvO8qDVk0aHNh8jMVmatFVA7za7Rp4bWqbiA8cU BgoFXr1/lndYEoN1mPb9DXizw/MhzS7WrbYBxxeM1StscbTfIXXEJaxS+Uydyv3t r/LI81aP2WB++je8G5PyuJgHRC3x6hRNz4buTzjHm7b1rvLzVcD6wwWEYsBEYc4K x43BugHG7eEZpjitA/6/GVe8TWdxmdePUNdHWerBgiEWKD7NZkm+rExTNMNFVPV5 1Sgfd/6bZNv5TFfEtB2z6c7TUITzGhlf+iTp+K2M65UAPEAllCfLxUm4G2wntTaG kRsxKVzKmAM+10gnwV3CjuJkV9KZmL13OWuXREkGouKK5NZHL5OsyjURytPnQEkH TwpEL7nRXKwveiq5IoDG =ZP7H -----END PGP SIGNATURE-----
--------------enigD941B10477362648EFCE3437--
--===============4556762696242873418== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4556762696242873418==--
|
|
|
|