Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in PostgreSQL
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in PostgreSQL
ID: USN-1789-1
Distribution: Ubuntu
Plattformen: Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 11.10, Ubuntu 12.04 LTS, Ubuntu 12.10
Datum: Do, 4. April 2013, 20:19
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901
Applikationen: PostgreSQL

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============4556762696242873418==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="------------enigD941B10477362648EFCE3437"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigD941B10477362648EFCE3437
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1789-1
April 04, 2013

postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

Several security issues were fixed in PostgreSQL.

Software Description:
- postgresql-9.1: Object-relational SQL database
- postgresql-8.4: Object-relational SQL database
- postgresql-8.3: Object-relational SQL database

Details:

Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL
incorrectly handled certain connection requests containing database names
starting with a dash. A remote attacker could use this flaw to damage or
destroy files within a server's data directory. This issue only applied to
Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2013-1899)

Marko Kreen discovered that PostgreSQL incorrectly generated random
numbers. An authenticated attacker could use this flaw to possibly guess
another database user's random numbers. (CVE-2013-1900)

Noah Misch discovered that PostgreSQL incorrectly handled certain privilege
checks. An unprivileged attacker could use this flaw to possibly interfere
with in-progress backups. This issue only applied to Ubuntu 11.10,
Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2013-1901)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
  postgresql-9.1                  9.1.9-0ubuntu12.10

Ubuntu 12.04 LTS:
  postgresql-9.1                  9.1.9-0ubuntu12.04

Ubuntu 11.10:
  postgresql-9.1                  9.1.9-0ubuntu11.10

Ubuntu 10.04 LTS:
  postgresql-8.4                  8.4.17-0ubuntu10.04

Ubuntu 8.04 LTS:
  postgresql-8.3                  8.3.23-0ubuntu8.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
  http://www.ubuntu.com/usn/usn-1789-1
  CVE-2013-1899, CVE-2013-1900, CVE-2013-1901

Package Information:
  https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.9-0ubuntu12.10
  https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.9-0ubuntu12.04
  https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.9-0ubuntu11.10
  https://launchpad.net/ubuntu/+source/postgresql-8.4/8.4.17-0ubuntu10.04
  https://launchpad.net/ubuntu/+source/postgresql-8.3/8.3.23-0ubuntu8.04.1



--------------enigD941B10477362648EFCE3437
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRXYgPAAoJEGVp2FWnRL6TbToP/2ooCrcO4IJcOS8q6Sqi9q7n
1VU4e4YDcaLZYjnvOIuIltj/eP9PzVfpvIFCOZKhHm762V9JqM6n/Ld4fjn2X+Bz
xmt8A8rPFrH5qNDUxUKUHwxdVRLihn1lm8R4DT4hLaXIrFf9VkQX5E2WJHv2LDIY
rIwLCgeuA1fF1x7YtNvARILKxZoJ42QxeuUYkZFEzJwmdCRZg1OvSfEjCaKr2147
Z3zT4hQA5ebH9Z4/GCeLjDm/i0ur0U8SpgQghSyL1Bvg1O+2bKm20YWsOc6CtNIR
v3FnjAJkcQYRBZLR3inluQJtGVvO8qDVk0aHNh8jMVmatFVA7za7Rp4bWqbiA8cU
BgoFXr1/lndYEoN1mPb9DXizw/MhzS7WrbYBxxeM1StscbTfIXXEJaxS+Uydyv3t
r/LI81aP2WB++je8G5PyuJgHRC3x6hRNz4buTzjHm7b1rvLzVcD6wwWEYsBEYc4K
x43BugHG7eEZpjitA/6/GVe8TWdxmdePUNdHWerBgiEWKD7NZkm+rExTNMNFVPV5
1Sgfd/6bZNv5TFfEtB2z6c7TUITzGhlf+iTp+K2M65UAPEAllCfLxUm4G2wntTaG
kRsxKVzKmAM+10gnwV3CjuJkV9KZmL13OWuXREkGouKK5NZHL5OsyjURytPnQEkH
TwpEL7nRXKwveiq5IoDG
=ZP7H
-----END PGP SIGNATURE-----

--------------enigD941B10477362648EFCE3437--


--===============4556762696242873418==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============4556762696242873418==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung