drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in postgresql
| Name: |
Ausführen beliebiger Kommandos in postgresql |
|
| ID: |
MDKSA-2007:094 |
|
| Distribution: |
Mandriva |
|
| Plattformen: |
Mandriva Corporate 3.0, Mandriva Corporate 4.0, Mandriva 2007.0, Mandriva 2007.1 |
|
| Datum: |
Do, 26. April 2007, 06:43 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138 |
|
| Applikationen: |
PostgreSQL |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1177562606-8862-4806
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:094
http://www.mandriva.com/security/
_______________________________________________________________________
Package : postgresql
Date : April 25, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A weakness in previous versions of PostgreSQL was found in the security
definer functions in which an authenticated but otherwise unprivileged
SQL user could use temporary objects to execute arbitrary code with
the privileges of the security-definer function.
IMPORTANT NOTICE FOR CORPORATE SERVER/DESKTOP 3.0 USERS:
In addition, packages for Corporate Server/Desktop 3.0 have been
updated to the latest PostgreSQL 7.4.17 which requires some attention
when upgrading. To take advantage of the new version, and to ensure
data coherency, we strongly recommend dumping the old databases,
re-initializing the database, and then reloading the dumped data.
This can be accomplished as root using:
# service postgresql start
# su - postgres
$ pg_dumpall >/tmp/database.dump
$ exit
# service postgresql stop
# mv /var/lib/pgsql /var/lib/pgsql.bk
# urpmi.update -a && urpmi --auto-select
# service postgresql start
# service postgresql restart
# su - postgres
$ /usr/bin/psql -d template1 -f /tmp/database.dump
$ exit
Only Corporate Server/Desktop 3.0 requires the dump/reload steps; the
other Mandriva Linux platforms do not require this step. Notice that
the double-restart of the postgresql service is in fact required.
Updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
517c0f9071eef1db7312a241b73e070a
2007.0/i586/libecpg5-8.1.9-0.1mdv2007.0.i586.rpm
cb5a3512bac8ba30fc6bd25126e7d973
2007.0/i586/libecpg5-devel-8.1.9-0.1mdv2007.0.i586.rpm
a2bfd8394996ba5d3f126845bd1d39a6
2007.0/i586/libpq4-8.1.9-0.1mdv2007.0.i586.rpm
153cb0fda3a93eaf94047159db3ad02f
2007.0/i586/libpq4-devel-8.1.9-0.1mdv2007.0.i586.rpm
cb23fbf89a08fa99c7af9295727c0f2a
2007.0/i586/postgresql-8.1.9-0.1mdv2007.0.i586.rpm
1c03e49038d17a7940b0f82164bd51c0
2007.0/i586/postgresql-contrib-8.1.9-0.1mdv2007.0.i586.rpm
fef94b3d46b3147a09cb4f411bce3afd
2007.0/i586/postgresql-devel-8.1.9-0.1mdv2007.0.i586.rpm
6fa0ab68b6c4543bbafda41ffc1155a8
2007.0/i586/postgresql-docs-8.1.9-0.1mdv2007.0.i586.rpm
f20c091179c00891eda767b44b0b2967
2007.0/i586/postgresql-pl-8.1.9-0.1mdv2007.0.i586.rpm
1f5030079690ba65b394aa47abdb1859
2007.0/i586/postgresql-plperl-8.1.9-0.1mdv2007.0.i586.rpm
72a62a6232a3717f14400294dcc47a80
2007.0/i586/postgresql-plpgsql-8.1.9-0.1mdv2007.0.i586.rpm
51c8d98ece4ef4458cea22c62507f6f7
2007.0/i586/postgresql-plpython-8.1.9-0.1mdv2007.0.i586.rpm
d60056d27325176ebc461e904f4684a6
2007.0/i586/postgresql-pltcl-8.1.9-0.1mdv2007.0.i586.rpm
eb8977e8b9faa6cf36396b3f33612bcb
2007.0/i586/postgresql-server-8.1.9-0.1mdv2007.0.i586.rpm
28efd3e89e067cd5b68d3f61cd4b31e8
2007.0/i586/postgresql-test-8.1.9-0.1mdv2007.0.i586.rpm
604ab4c1eff9169d56d43b0568753d0c
2007.0/SRPMS/postgresql-8.1.9-0.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
956402065653e2a9785ae104e0dc06ab
2007.0/x86_64/lib64ecpg5-8.1.9-0.1mdv2007.0.x86_64.rpm
91bdb9081eaed193022182145efc62a5
2007.0/x86_64/lib64ecpg5-devel-8.1.9-0.1mdv2007.0.x86_64.rpm
600f760d422ff727cbc69057e15aa9a3
2007.0/x86_64/lib64pq4-8.1.9-0.1mdv2007.0.x86_64.rpm
8cd8c17a22440ee52aabcca214d24c93
2007.0/x86_64/lib64pq4-devel-8.1.9-0.1mdv2007.0.x86_64.rpm
46a5faf0211731467ed7dbf1c890f946
2007.0/x86_64/postgresql-8.1.9-0.1mdv2007.0.x86_64.rpm
38369d3fb261f3bc18c4ace02ef9e6a2
2007.0/x86_64/postgresql-contrib-8.1.9-0.1mdv2007.0.x86_64.rpm
60719dbcdb0554cdb0086d4fb9c62339
2007.0/x86_64/postgresql-devel-8.1.9-0.1mdv2007.0.x86_64.rpm
87b08466fd00a86aae809df4fb7924b2
2007.0/x86_64/postgresql-docs-8.1.9-0.1mdv2007.0.x86_64.rpm
269cb2eb609009b984fbea3617f336d5
2007.0/x86_64/postgresql-pl-8.1.9-0.1mdv2007.0.x86_64.rpm
b40470ee91762d039592acf38575a00e
2007.0/x86_64/postgresql-plperl-8.1.9-0.1mdv2007.0.x86_64.rpm
4457df5483f614c76705635ef5c0ac4b
2007.0/x86_64/postgresql-plpgsql-8.1.9-0.1mdv2007.0.x86_64.rpm
dcfec6ba4550a20ac2e0802aaa1c8494
2007.0/x86_64/postgresql-plpython-8.1.9-0.1mdv2007.0.x86_64.rpm
a94b7517375b9133202504f22b8bf33e
2007.0/x86_64/postgresql-pltcl-8.1.9-0.1mdv2007.0.x86_64.rpm
3d1ae4efa79c8d6853eb65e565aa390e
2007.0/x86_64/postgresql-server-8.1.9-0.1mdv2007.0.x86_64.rpm
b39077e2c2c8869de50be2ca624df823
2007.0/x86_64/postgresql-test-8.1.9-0.1mdv2007.0.x86_64.rpm
604ab4c1eff9169d56d43b0568753d0c
2007.0/SRPMS/postgresql-8.1.9-0.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
3df8944a00c7c726387c7324f9815e90
2007.1/i586/libecpg5-8.2.4-0.1mdv2007.1.i586.rpm
9123e4fcbc39c0abd1b5e0135a156ab0
2007.1/i586/libecpg5-devel-8.2.4-0.1mdv2007.1.i586.rpm
60350e3f9a207d9439c6d8e232ed6bbd
2007.1/i586/libpq5-8.2.4-0.1mdv2007.1.i586.rpm
478927128426902f1367dfbea504fc88
2007.1/i586/libpq5-devel-8.2.4-0.1mdv2007.1.i586.rpm
a17e76d43c869bba5c4dc9e1629ff91d
2007.1/i586/postgresql-8.2.4-0.1mdv2007.1.i586.rpm
179eb9d1dfcb125ccd1e569b3a92b30d
2007.1/i586/postgresql-contrib-8.2.4-0.1mdv2007.1.i586.rpm
0a188af2e9d35040f0c8e9db571206c1
2007.1/i586/postgresql-devel-8.2.4-0.1mdv2007.1.i586.rpm
39f48d42719454c67b9cfa85fa6e8023
2007.1/i586/postgresql-docs-8.2.4-0.1mdv2007.1.i586.rpm
f25da3d2fd0db47de0bba8d6c1116684
2007.1/i586/postgresql-pl-8.2.4-0.1mdv2007.1.i586.rpm
3873417cec41b3bb4a0ec8719940e3d8
2007.1/i586/postgresql-plperl-8.2.4-0.1mdv2007.1.i586.rpm
35c93ec505a67aa46c21a206ac1eb841
2007.1/i586/postgresql-plpgsql-8.2.4-0.1mdv2007.1.i586.rpm
0d0319c172da8873c9ad64ad0fcfc6a8
2007.1/i586/postgresql-plpython-8.2.4-0.1mdv2007.1.i586.rpm
7ac251f460862145dd82c997b67ae669
2007.1/i586/postgresql-pltcl-8.2.4-0.1mdv2007.1.i586.rpm
135c8bd0237ee75ff9e29d425ccbf172
2007.1/i586/postgresql-server-8.2.4-0.1mdv2007.1.i586.rpm
0ef7f082b9ebc07608e486af4b9dd56b
2007.1/i586/postgresql-test-8.2.4-0.1mdv2007.1.i586.rpm
638359cb35d5a9622070499a9514eced
2007.1/SRPMS/postgresql-8.2.4-0.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
5b5d13fbf6a32b4b3e911e1b5134d465
2007.1/x86_64/lib64ecpg5-8.2.4-0.1mdv2007.1.x86_64.rpm
93d08d1eba51cff345ff9d6acb5fa796
2007.1/x86_64/lib64ecpg5-devel-8.2.4-0.1mdv2007.1.x86_64.rpm
4380464897593e9374f7bf774c905ba6
2007.1/x86_64/lib64pq5-8.2.4-0.1mdv2007.1.x86_64.rpm
0b3a2954c1fee9048f6ace8a626d62e8
2007.1/x86_64/lib64pq5-devel-8.2.4-0.1mdv2007.1.x86_64.rpm
f6ae0606cd7134f068aaaf8c2fff0292
2007.1/x86_64/postgresql-8.2.4-0.1mdv2007.1.x86_64.rpm
ee14e3acca88b4cd0d734e5397769831
2007.1/x86_64/postgresql-contrib-8.2.4-0.1mdv2007.1.x86_64.rpm
ddeacc659f35ec9afad0dd8c21400b9f
2007.1/x86_64/postgresql-devel-8.2.4-0.1mdv2007.1.x86_64.rpm
cbc808e7738a35e3ebd1b6991a59cb79
2007.1/x86_64/postgresql-docs-8.2.4-0.1mdv2007.1.x86_64.rpm
c79feee4c88e60db37685365a27921a3
2007.1/x86_64/postgresql-pl-8.2.4-0.1mdv2007.1.x86_64.rpm
61a4559ed41a5eef3bf243b5ebbd88cb
2007.1/x86_64/postgresql-plperl-8.2.4-0.1mdv2007.1.x86_64.rpm
8d25dff12db7440d87db77b80f07c9a1
2007.1/x86_64/postgresql-plpgsql-8.2.4-0.1mdv2007.1.x86_64.rpm
b7c817ff49998108979134c824280361
2007.1/x86_64/postgresql-plpython-8.2.4-0.1mdv2007.1.x86_64.rpm
e032ba1974c54e5d501e4d795b6ea019
2007.1/x86_64/postgresql-pltcl-8.2.4-0.1mdv2007.1.x86_64.rpm
12eb8f8af0436827d60f7a2e20e54ffc
2007.1/x86_64/postgresql-server-8.2.4-0.1mdv2007.1.x86_64.rpm
38da203b39fee5d033aa8d4d271aad31
2007.1/x86_64/postgresql-test-8.2.4-0.1mdv2007.1.x86_64.rpm
638359cb35d5a9622070499a9514eced
2007.1/SRPMS/postgresql-8.2.4-0.1mdv2007.1.src.rpm
Corporate 3.0:
646d1967c7817bd3e947625e917e419a
corporate/3.0/i586/libecpg3-7.4.17-0.1.C30mdk.i586.rpm
e6c0665d1c1f6d01fb593cea793fd21c
corporate/3.0/i586/libecpg3-devel-7.4.17-0.1.C30mdk.i586.rpm
367a1a5e41296de44fc00c8d503b6249
corporate/3.0/i586/libpgtcl2-7.4.17-0.1.C30mdk.i586.rpm
5bd97bab3949788023eb19c7ba2e7741
corporate/3.0/i586/libpgtcl2-devel-7.4.17-0.1.C30mdk.i586.rpm
b6cdfd8367295ac9fa7b2f2cf6f905f9
corporate/3.0/i586/libpq3-7.4.17-0.1.C30mdk.i586.rpm
19555e20d9aa178b51143528e77e6475
corporate/3.0/i586/libpq3-devel-7.4.17-0.1.C30mdk.i586.rpm
f5c5a879c52f82c4b16bc938b62ee91c
corporate/3.0/i586/postgresql-7.4.17-0.1.C30mdk.i586.rpm
03ac74dbeef39af84eec102c56976107
corporate/3.0/i586/postgresql-contrib-7.4.17-0.1.C30mdk.i586.rpm
72556b095557727b9b0736853fae9119
corporate/3.0/i586/postgresql-devel-7.4.17-0.1.C30mdk.i586.rpm
8e0b157624f8ebb0f3670ee72569afd8
corporate/3.0/i586/postgresql-docs-7.4.17-0.1.C30mdk.i586.rpm
4e3edb25340151d205a424f01dcf3075
corporate/3.0/i586/postgresql-jdbc-7.4.17-0.1.C30mdk.i586.rpm
c2eb436905577516055dd7acad6a2557
corporate/3.0/i586/postgresql-pl-7.4.17-0.1.C30mdk.i586.rpm
d1896f68eb93440a07b873b07b86d61f
corporate/3.0/i586/postgresql-server-7.4.17-0.1.C30mdk.i586.rpm
8e8b4827ad3e766e59e186af3413e020
corporate/3.0/i586/postgresql-tcl-7.4.17-0.1.C30mdk.i586.rpm
109de6e1ebda4fd83a74110ca41414a9
corporate/3.0/i586/postgresql-test-7.4.17-0.1.C30mdk.i586.rpm
bbdbb4097ed1b4dfd5080c9f0816fbec
corporate/3.0/SRPMS/postgresql-7.4.17-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
2b143feeb5d1460f147cab172706f156
corporate/3.0/x86_64/lib64ecpg3-7.4.17-0.1.C30mdk.x86_64.rpm
32a80a738198e678841c80e4738de4c4
corporate/3.0/x86_64/lib64ecpg3-devel-7.4.17-0.1.C30mdk.x86_64.rpm
21385b87ec19b57fcdba5377e24201d9
corporate/3.0/x86_64/lib64pgtcl2-7.4.17-0.1.C30mdk.x86_64.rpm
5f0510dcf64dac9e17a5b441c925b6fc
corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.17-0.1.C30mdk.x86_64.rpm
e3232ef519e99c09d9dedd1f10de45de
corporate/3.0/x86_64/lib64pq3-7.4.17-0.1.C30mdk.x86_64.rpm
9dc4969b13607f1a33ecff25e43b1935
corporate/3.0/x86_64/lib64pq3-devel-7.4.17-0.1.C30mdk.x86_64.rpm
567b7aea6434a684998f34d9186fc6fd
corporate/3.0/x86_64/postgresql-7.4.17-0.1.C30mdk.x86_64.rpm
1e45d7fceecfb8bf86d2744068872f19
corporate/3.0/x86_64/postgresql-contrib-7.4.17-0.1.C30mdk.x86_64.rpm
9d490e14abd370b034bafe7a486549de
corporate/3.0/x86_64/postgresql-devel-7.4.17-0.1.C30mdk.x86_64.rpm
e5a672ec89a58203b911de64c045f8f3
corporate/3.0/x86_64/postgresql-docs-7.4.17-0.1.C30mdk.x86_64.rpm
21ead848412a1061b39ac086685d77b6
corporate/3.0/x86_64/postgresql-jdbc-7.4.17-0.1.C30mdk.x86_64.rpm
530ad70509220bca3411120d0020173f
corporate/3.0/x86_64/postgresql-pl-7.4.17-0.1.C30mdk.x86_64.rpm
de958377b2104311b8916ef16847346f
corporate/3.0/x86_64/postgresql-server-7.4.17-0.1.C30mdk.x86_64.rpm
111f10b26fe26f15727071db0d868de0
corporate/3.0/x86_64/postgresql-tcl-7.4.17-0.1.C30mdk.x86_64.rpm
08780f0b4793e9c40c4c666b8d13aa21
corporate/3.0/x86_64/postgresql-test-7.4.17-0.1.C30mdk.x86_64.rpm
bbdbb4097ed1b4dfd5080c9f0816fbec
corporate/3.0/SRPMS/postgresql-7.4.17-0.1.C30mdk.src.rpm
Corporate 4.0:
9d185ded15856e8aa9d29d13c393005a
corporate/4.0/i586/libecpg5-8.1.9-0.1.20060mlcs4.i586.rpm
bf335907250df8f84abd05e7a4019efa
corporate/4.0/i586/libecpg5-devel-8.1.9-0.1.20060mlcs4.i586.rpm
d6fc5b70aadaaa5014bb80a7a581c7d5
corporate/4.0/i586/libpq4-8.1.9-0.1.20060mlcs4.i586.rpm
ed243f7b358a4073f88b0656c4ad2a10
corporate/4.0/i586/libpq4-devel-8.1.9-0.1.20060mlcs4.i586.rpm
418f422c981814dbfdcfbb2333ff830a
corporate/4.0/i586/postgresql-8.1.9-0.1.20060mlcs4.i586.rpm
74995dd790cccd97fa3a4d901d85a747
corporate/4.0/i586/postgresql-contrib-8.1.9-0.1.20060mlcs4.i586.rpm
0f18a025f73ef5a134cae5ae079a82c6
corporate/4.0/i586/postgresql-devel-8.1.9-0.1.20060mlcs4.i586.rpm
fb19e6d64b4c2442e09afb24029b455a
corporate/4.0/i586/postgresql-docs-8.1.9-0.1.20060mlcs4.i586.rpm
3c901904f77b3acbc07162484a93fe95
corporate/4.0/i586/postgresql-pl-8.1.9-0.1.20060mlcs4.i586.rpm
a8076e3bb600f7269c6c3c8dd75570ad
corporate/4.0/i586/postgresql-plperl-8.1.9-0.1.20060mlcs4.i586.rpm
e2bb6062954a04fb8301071c276f4ce9
corporate/4.0/i586/postgresql-plpgsql-8.1.9-0.1.20060mlcs4.i586.rpm
bee2865980ab79245f1ffcec5859afee
corporate/4.0/i586/postgresql-plpython-8.1.9-0.1.20060mlcs4.i586.rpm
8611728b252c1850a425d1df7e959e28
corporate/4.0/i586/postgresql-pltcl-8.1.9-0.1.20060mlcs4.i586.rpm
da191a0cc07b06c88907622e418f8edf
corporate/4.0/i586/postgresql-server-8.1.9-0.1.20060mlcs4.i586.rpm
2f2f4910e1b1eddbc20143370d37d492
corporate/4.0/i586/postgresql-test-8.1.9-0.1.20060mlcs4.i586.rpm
ca8d689948255f7272231c30ac7b77e8
corporate/4.0/SRPMS/postgresql-8.1.9-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
3a9d2c4576c880d88e745dbe483ab745
corporate/4.0/x86_64/lib64ecpg5-8.1.9-0.1.20060mlcs4.x86_64.rpm
0fc514faf948500ec0137b44cc1a5389
corporate/4.0/x86_64/lib64ecpg5-devel-8.1.9-0.1.20060mlcs4.x86_64.rpm
bacb4bd2566d780a8932f529440ca2ff
corporate/4.0/x86_64/lib64pq4-8.1.9-0.1.20060mlcs4.x86_64.rpm
0cc781b80d02284b7ed02e9992eb6703
corporate/4.0/x86_64/lib64pq4-devel-8.1.9-0.1.20060mlcs4.x86_64.rpm
d78cc609f0946a02f14afa7b966611c3
corporate/4.0/x86_64/postgresql-8.1.9-0.1.20060mlcs4.x86_64.rpm
b1d44b41d5c530e2ed8511ff675fb4c2
corporate/4.0/x86_64/postgresql-contrib-8.1.9-0.1.20060mlcs4.x86_64.rpm
8692be6eafa3456df3fa0a3d87de72cb
corporate/4.0/x86_64/postgresql-devel-8.1.9-0.1.20060mlcs4.x86_64.rpm
53f92d03039e36039e3a1f72f334870f
corporate/4.0/x86_64/postgresql-docs-8.1.9-0.1.20060mlcs4.x86_64.rpm
444849a87da50f7f0997d7bbca98eb52
corporate/4.0/x86_64/postgresql-pl-8.1.9-0.1.20060mlcs4.x86_64.rpm
3fc7ab8ac28d455c11bd383c325f7e34
corporate/4.0/x86_64/postgresql-plperl-8.1.9-0.1.20060mlcs4.x86_64.rpm
8d76936ae1bea76ca560f69de7f3ddbb
corporate/4.0/x86_64/postgresql-plpgsql-8.1.9-0.1.20060mlcs4.x86_64.rpm
80d5cafaebc857bebda5c506d94d87c1
corporate/4.0/x86_64/postgresql-plpython-8.1.9-0.1.20060mlcs4.x86_64.rpm
b9b4c5a0146c879ce50bea68441d3984
corporate/4.0/x86_64/postgresql-pltcl-8.1.9-0.1.20060mlcs4.x86_64.rpm
ea9ca783a6c15724f19ac67b9481e7bd
corporate/4.0/x86_64/postgresql-server-8.1.9-0.1.20060mlcs4.x86_64.rpm
b840ea84713a8e04d5344099c5f90e6b
corporate/4.0/x86_64/postgresql-test-8.1.9-0.1.20060mlcs4.x86_64.rpm
ca8d689948255f7272231c30ac7b77e8
corporate/4.0/SRPMS/postgresql-8.1.9-0.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGL835mqjQ0CJFipgRAjiiAJ9uQ9EEMkDisMrGdi8BQCQpTJBEYACfcTpg
2BPKp+5JbNeOLrOsLTLoITY=
=XFMD
-----END PGP SIGNATURE-----
------------=_1177562606-8862-4806
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________
------------=_1177562606-8862-4806--
|
|
|
|
