Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in postgresql
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in postgresql
ID: TLSA-2008-6
Distribution: TurboLinux
Plattformen: Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition
Datum: Di, 29. Januar 2008, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601
Applikationen: PostgreSQL

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2008-6
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 28 Jan 2007
Last revised: 28 Jan 2007

Package: postgresql

Summary: Three vulnerabilities discovered in postgresql

More information:
PostgreSQL is an advanced Object-Relational database management system
(DBMS) that supports almost all SQL constructs.

PostgreSQL 8.1 and probably later versions, when local trust authentication
is enabled and the Database Link library (dblink) is installed, allows
remote
attackers to access arbitrary accounts and execute arbitrary SQL queries via
a dblink host parameter that proxies the connection from 127.0.0.1.
(CVE-2007-3278)

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4
before 7.4.19,
and 7.3 before 7.3.21 uses superuser privileges instead of table owner
privileges for
(1) VACUUM and (2) ANALYZE operations within index functions, and supports
(3)
SET ROLE and (4) SET SESSION AUTHORIZATION within index functions,
which allows remote authenticated users to gain privileges. (CVE-2007-6600)

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0
before 8.0.15,
7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident
authentication is used,
allows remote attackers to gain privileges via unspecified vectors.
NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
(CVE-2007-6601)

Affected Products:
- Turbolinux 11 Server x64 Edition
- Turbolinux 11 Server
- Turbolinux Appliance Server 2.0
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 Server
- Turbolinux Multimedia
- Turbolinux Personal


<Turbolinux 11 Server x64 Edition>

postgresql-8.2.6-2.src.rpm
18813210 99d5bb7665958902f39aae8ef0291839
postgresql-libs-32bit-8.2.6-2.src.rpm
418242 c773917089cb3a4cf3e034ac32b1b2f8

Binary Packages
Size: MD5

postgresql-8.2.6-2.x86_64.rpm
3800625 b607990bb5772127b9bf545b7059665c
postgresql-contrib-8.2.6-2.x86_64.rpm
1446831 a69f357b63712f1ce161afd4c22b0d3e
postgresql-devel-8.2.6-2.x86_64.rpm
1418624 a3573922707acec53dc100de98bafe90
postgresql-libs-32bit-8.2.6-2.x86_64.rpm
117899 0759c90407ff258885e1a9434522ed69
postgresql-libs-8.2.6-2.x86_64.rpm
448135 41052ba614276dac7f8cf8d1b5e90dcf
postgresql-plperl-8.2.6-2.x86_64.rpm
746537 744b50509073df12fc60aad7e16cfa54
postgresql-plpython-8.2.6-2.x86_64.rpm
82488 e1d57685475c7c76223b9569223cd419
postgresql-python-8.2.6-2.x86_64.rpm
105695 c07b6df9034ab4d3d5ed8519a897df50
postgresql-server-8.2.6-2.x86_64.rpm
7872829 b8549b3fc8e899dc047f90030d662351
postgresql-test-8.2.6-2.x86_64.rpm
1255561 fde1a1a5648a2f38346866a5725c64c4

<Turbolinux 11 Server>

postgresql-8.2.6-2.src.rpm
18813210 f94b54526f761aa3c1e12e73036c40b3

Binary Packages
Size: MD5

postgresql-8.2.6-2.i686.rpm
3724806 ed77b2f8bd41f0e33cd396323777f0ac
postgresql-contrib-8.2.6-2.i686.rpm
1368604 934917b655f804bb756ada8cf25f7863
postgresql-devel-8.2.6-2.i686.rpm
1356501 ba1963cfe4dc73a976adfbd03a7516f2
postgresql-libs-8.2.6-2.i686.rpm
437506 c5434df4f34573feff572688da7f0a0d
postgresql-plperl-8.2.6-2.i686.rpm
701344 500b9cf770463e3743f2dcf529d9049f
postgresql-plpython-8.2.6-2.i686.rpm
77474 f63c4a59ff1d0f0ee89f997740bb1b33
postgresql-python-8.2.6-2.i686.rpm
100491 b4f16a89a173876735ca2ce40d6c7d00
postgresql-server-8.2.6-2.i686.rpm
7553236 86af4608af030994612f9be2c2fc8e58
postgresql-test-8.2.6-2.i686.rpm
1247751 4414ba5753edb5b12b2d7ac6ecaa950c

<Turbolinux Appliance Server 2.0>

Source Packages
Size: MD5

postgresql-7.4.19-1.src.rpm
12310826 bb483f3d614a88b4f1be0aec43d3a1e2

Binary Packages
Size: MD5

postgresql-7.4.19-1.i586.rpm
1357834 f87e81745edba9a6395a8b587151bd7f
postgresql-contrib-7.4.19-1.i586.rpm
3759189 bee846fb039f7232830b3c26470f8c4e
postgresql-devel-7.4.19-1.i586.rpm
861546 0a98edcc53c50537497f034b26ee6a47
postgresql-jdbc-7.4.19-1.i586.rpm
696115 0ce40f2cfccc5de108115d6f533c5042
postgresql-libs-7.4.19-1.i586.rpm
123698 5b8f149a2740e5cc78f68a5faa69f790
postgresql-odbc-7.4.19-1.i586.rpm
138188 974b531910b633ea678cf99110332ecd
postgresql-perl-7.4.19-1.i586.rpm
610852 9e0053eef38f8ac5170be30808ee1ebd
postgresql-python-7.4.19-1.i586.rpm
414553 7d3ee7b388d0257a544df87de1708cb8
postgresql-server-7.4.19-1.i586.rpm
2449359 dbaf15f0027dc0ba19f582c090551cef
postgresql-tcl-7.4.19-1.i586.rpm
52977 f051b7237103075e269ba4c02f62a88b
postgresql-tk-7.4.19-1.i586.rpm
24280 cc93c6ffec24fc42f64e86d1b6328458

<Turbolinux FUJI>

Source Packages
Size: MD5

postgresql-8.0.15-2.src.rpm
13350601 e76cf674ca4d8e868511985e00c459b5

Binary Packages
Size: MD5

postgresql-libs-8.0.15-2.i686.rpm
2600989 91c81b5ca38f694d5be5f9bae7f52ff6

<Turbolinux 10 Server x64 Edition>

Source Packages
Size: MD5

postgresql-8.0.15-2.src.rpm
13350601 e5399c87db609acfc98faecd9eb5c395
postgresql-libs-32bit-8.0.15-2.src.rpm
2508436 e6226dde4526487299a22a9ac4b3674c

Binary Packages
Size: MD5

postgresql-8.0.15-2.x86_64.rpm
625672 87e41dfb173a15f44cbf12bd0728dfd5
postgresql-contrib-8.0.15-2.x86_64.rpm
4502166 5ecb981d8ceae2416d839d4514528920
postgresql-devel-8.0.15-2.x86_64.rpm
676942 d4f94d194a8181b30f0f1795ddf1a1ba
postgresql-docs-8.0.15-2.x86_64.rpm
1269064 6e374ffcd24166ea02da43522aa0d0d9
postgresql-jdbc-8.0.15-2.x86_64.rpm
870098 c8dbc4e1352a981ea2fec4a1f0254a0c
postgresql-libs-32bit-8.0.15-2.x86_64.rpm
2668744 e1cfb63db7302799f62ac6f6b9e5db59
postgresql-libs-8.0.15-2.x86_64.rpm
2827068 7473f3625ec2ac70c6ebcd22e822c1ec
postgresql-odbc-8.0.15-2.x86_64.rpm
171066 cf499b0fea568b6b96d51ad954f3a316
postgresql-perl-8.0.15-2.x86_64.rpm
625403 4d7a3b92e622e285ed431ef837073907
postgresql-python-8.0.15-2.x86_64.rpm
469617 52c16a5f54e5ef24f20d0a5d45cd3d7c
postgresql-server-8.0.15-2.x86_64.rpm
2910551 f8f2db6b792c4a9de4cb8e16a5f4c374
postgresql-tcl-8.0.15-2.x86_64.rpm
39797 2179f0a6241f1163ff52e73e09f708ef
postgresql-test-8.0.15-2.x86_64.rpm
1001693 0762dcacba38bdddf2e7f4ffba1111e1
postgresql-tk-8.0.15-2.x86_64.rpm
20798 fa194d206669a0b13f50b149befec42b

<Turbolinux Appliance Server 1.0 Hosting Edition>

Source Packages
Size: MD5

postgresql-7.2.2-13.src.rpm
9640676 d6ab46deb96d5b0ff4e93bc86f837e4b

Binary Packages
Size: MD5

postgresql-7.2.2-13.i586.rpm
1073277 e97c43eac89c316af04ea1b11af8b851
postgresql-contrib-7.2.2-13.i586.rpm
986093 36106da0387e8ad500f92275b98ad334
postgresql-devel-7.2.2-13.i586.rpm
581991 37b505728e1b67502ec440d324f2d5f4
postgresql-docs-7.2.2-13.i586.rpm
948103 2ee372bda6e32d27f4128a5f87d788bc
postgresql-jdbc-7.2.2-13.i586.rpm
379027 700f6be80bd0d733b59a46b1ca5345bc
postgresql-libs-7.2.2-13.i586.rpm
88651 563b6bb2c40bf5dc7a47342c994b57bd
postgresql-odbc-7.2.2-13.i586.rpm
110231 8228d0b8d8395dbb9c914cf46f0cfe5c
postgresql-perl-7.2.2-13.i586.rpm
59998 49f387623cd20cd52a4910dfb661f803
postgresql-python-7.2.2-13.i586.rpm
67720 516953eaa3d1ac292fe5d66cf5ce8f53
postgresql-server-7.2.2-13.i586.rpm
1393647 1d073c35daa6b8042cfbd9ef6a3c1672
postgresql-test-7.2.2-13.i586.rpm
864130 c40e891a10da7c155c673b9c8d59ba50

<Turbolinux Appliance Server 1.0 Workgroup Edition>

Source Packages
Size: MD5

postgresql-7.2.2-13.src.rpm
9640676 25f1b55352485bb96318cd745a775c6e

Binary Packages
Size: MD5

postgresql-7.2.2-13.i586.rpm
1073014 f173310f9f6bcf1c41b1ce3ba5422f93
postgresql-contrib-7.2.2-13.i586.rpm
986257 9596bbfa60c0c82d39ab7086a8603eab
postgresql-devel-7.2.2-13.i586.rpm
582208 d69b42749542ed5796aba4582075abf7
postgresql-docs-7.2.2-13.i586.rpm
948123 895590dd5121f6cfe53d4cd34f6cf710
postgresql-jdbc-7.2.2-13.i586.rpm
379232 92e8c065e6d22f4b8f11043173200063
postgresql-libs-7.2.2-13.i586.rpm
88838 e951bfe11d3e6c036733465c8ccdc7ab
postgresql-odbc-7.2.2-13.i586.rpm
110424 3fe88fa36b873d3e0cdd5de861cb6071
postgresql-perl-7.2.2-13.i586.rpm
60245 461ea40f12c476e51896143c7b4dec17
postgresql-python-7.2.2-13.i586.rpm
67887 3a8d8a58fc7cc22edbba4facc25bef98
postgresql-server-7.2.2-13.i586.rpm
1394074 867aa44e33ac16586c35fa1dd92e6400
postgresql-test-7.2.2-13.i586.rpm
864418 4b0c1a8814d535d2279d572b68786aa8

<Turbolinux 10 Server>

Source Packages
Size: MD5

postgresql-7.4.19-1.src.rpm
12310826 bb483f3d614a88b4f1be0aec43d3a1e2

Binary Packages
Size: MD5

postgresql-7.4.19-1.i586.rpm
1357834 f87e81745edba9a6395a8b587151bd7f
postgresql-contrib-7.4.19-1.i586.rpm
3759189 bee846fb039f7232830b3c26470f8c4e
postgresql-docs-7.4.19-1.i586.rpm
1120637 27c14c55cdc3865e6ccd42a120dae986
postgresql-devel-7.4.19-1.i586.rpm
861546 0a98edcc53c50537497f034b26ee6a47
postgresql-jdbc-7.4.19-1.i586.rpm
696115 0ce40f2cfccc5de108115d6f533c5042
postgresql-libs-7.4.19-1.i586.rpm
123698 5b8f149a2740e5cc78f68a5faa69f790
postgresql-odbc-7.4.19-1.i586.rpm
138188 974b531910b633ea678cf99110332ecd
postgresql-perl-7.4.19-1.i586.rpm
610852 9e0053eef38f8ac5170be30808ee1ebd
postgresql-python-7.4.19-1.i586.rpm
414553 7d3ee7b388d0257a544df87de1708cb8
postgresql-server-7.4.19-1.i586.rpm
2449359 dbaf15f0027dc0ba19f582c090551cef
postgresql-tcl-7.4.19-1.i586.rpm
52977 f051b7237103075e269ba4c02f62a88b
postgresql-test-7.4.19-1.i586.rpm
927695 626261cd6989cc8a3f2dae666d56d62e
postgresql-tk-7.4.19-1.i586.rpm
24280 cc93c6ffec24fc42f64e86d1b6328458

<Turbolinux Multimedia, Turbolinux Personal>

Source Packages
Size: MD5

postgresql-7.3-19.src.rpm
11312988 67a591b52483c1c4d27e5c1e471f6098

Binary Packages
Size: MD5

postgresql-7.3-19.i586.rpm
1228301 ad43829ddb3da266a421f7304de45e2a
postgresql-contrib-7.3-19.i586.rpm
688165 05197b6ec39cf85bf4d88d7128133dac
postgresql-devel-7.3-19.i586.rpm
576858 e06fc61fb73fb9181abfc28f948d0cf4
postgresql-docs-7.3-19.i586.rpm
1075767 0b09a0d42db1da167b83754db3573240
postgresql-libs-7.3-19.i586.rpm
117829 8b77dc8ad0dce2a66fd96a783091104a
postgresql-odbc-7.3-19.i586.rpm
132139 9046b96842ac7b4565184fbb663721d1
postgresql-perl-7.3-19.i586.rpm
3019846 e507633a4aa428f31a5f4333040848a4
postgresql-python-7.3-19.i586.rpm
59138 19129b01db5a6f40f329b6adbde6798f
postgresql-server-7.3-19.i586.rpm
2271573 dd930805d5a5f5440f08d1c2e5d78df5
postgresql-tcl-7.3-19.i586.rpm
50386 3f672792ab3ffdc26082ea65fc9daa8b
postgresql-test-7.3-19.i586.rpm
909135 7696b5e286535982434f49ff986f3482
postgresql-tk-7.3-19.i586.rpm
22720 546112e5d91002d068c02d33f8324d84


References:

CVE
[CVE-2007-3278]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278
[CVE-2007-6600]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600
[CVE-2007-6601]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601

--------------------------------------------------------------------------
Revision History
28 Jan 2008 Initial release
--------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iEYEARECAAYFAkedbisACgkQK0LzjOqIJMxGhwCglkiLg6WX17OToQlEwDD/g8Gp
u5gAnjaTwADCM77hgSPd22a8Tg3ay7Th
=zDkO
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung