drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in PostgreSQL
Name: |
Mehrere Probleme in PostgreSQL |
|
ID: |
USN-2120-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.10 |
|
Datum: |
Mo, 24. Februar 2014, 16:59 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0066 |
|
Applikationen: |
PostgreSQL |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============7824227956549948766== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Ak3lSkEs1fxMsEfW1w862Rwd14U1oKpNv"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Ak3lSkEs1fxMsEfW1w862Rwd14U1oKpNv Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2120-1 February 24, 2014
postgresql-8.4, postgresql-9.1 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in PostgreSQL.
Software Description: - postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database
Details:
Noah Misch and Jonas Sundman discovered that PostgreSQL did not correctly enforce ADMIN OPTION restrictions. An authenticated attacker could use this issue to possibly revoke access from others, contrary to expected permissions. (CVE-2014-0060)
Andres Freund discovered that PostgreSQL incorrectly handled validator functions. An authenticated attacker could possibly use this issue to escalate their privileges. (CVE-2014-0061)
Andres Freund discovered that PostgreSQL incorrectly handled concurrent CREATE INDEX statements. An authenticated attacker could possibly use this issue to obtain access to restricted data, bypassing intended privileges. (CVE-2014-0062)
Daniel SchÃŒssler discovered that PostgreSQL incorrectly handled datetime input. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-0063)
It was discovered that PostgreSQL incorrectly handled certain size calculations. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-0064)
Peter Eisentraut and Jozef Mlich discovered that PostgreSQL incorrectly handled certain buffer sizes. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-0065)
Honza Horak discovered that PostgreSQL incorrectly used the crypt() library function. This issue could possibly cause PostgreSQL to crash, resulting in a denial of service (CVE-2014-0066)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.10: postgresql-9.1 9.1.12-0ubuntu0.13.10
Ubuntu 12.10: postgresql-9.1 9.1.12-0ubuntu0.12.10
Ubuntu 12.04 LTS: postgresql-9.1 9.1.12-0ubuntu0.12.04
Ubuntu 10.04 LTS: postgresql-8.4 8.4.20-0ubuntu010.04
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2120-1 CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066
Package Information: https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.12-0ubuntu0.13.10 https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.12-0ubuntu0.12.10 https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.12-0ubuntu0.12.04 https://launchpad.net/ubuntu/+source/postgresql-8.4/8.4.20-0ubuntu010.04
--Ak3lSkEs1fxMsEfW1w862Rwd14U1oKpNv Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJTC1lpAAoJEGVp2FWnRL6TclwQAIC1xO2sxp+wIfW1T8uYYqHR UEonZIBvUXqnDFodO26acw+9grAkduWk1Y3gZB+LmnIpH/TivHdv/llIRvBkKvj1 +rKvSFsuZOrets8uo9o6Ct/oMByJg4ak6SURpnPCCFMFvCUtcyu2zDxeefWSl2DY +H7oXm3y/Afc9Q+L7WUJqhdsVhsGjMB1f8M8BcclRqLkCwVH4LKN+D/acFHjhQKn ZxlpM5URQNobLnxc4voXlF7LPGw4iyXOo02D5u6BxYU3u2DHyb4zFPvUtpUHDvNS BdASXf/zzOtpzUYfCP+LzuHsVAVtjakgKFuMiYtD36vq/k2a09fEIGkiscgRy7zL Ft8EAX9ybifbzsNseYLnNIdwDNeDMAKx7aiG7LOicIMRBqbAH8f/CzL+fRbqOvDe 5ZLbtnJlDEQfeY3mHoSzNQbcaI2MYbbdFHeo6ypyDYu3QMIKrPZkRUk4ie50gI4w wDBurqWfVkZYleMS7gHH6UIUCQy8CwlDdajbMC+W4m3YcHJm1OZrCsx0Vj0Jse8l 9WOoRUA+BRAxF2AJIX6PRa3m2jMVlATLC6PWxDICDszJapzcOLPpqjqEf4g46Qzu Y3HjE44Av2dkx7RPKQGTuTeuO+i0zRCXSVBzYcBhS96q7h6iOyZBxl6lcHCIjo22 Jx2j+28um9mho/MQSLZY =GPgb -----END PGP SIGNATURE-----
--Ak3lSkEs1fxMsEfW1w862Rwd14U1oKpNv--
--===============7824227956549948766== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7824227956549948766==--
|
|
|
|