[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: [ MDKSA-2006:194 ] - Updated PostgreSQL packages fix vulnerabilities
From: security () mandriva ! com
Date: 2006-10-31 1:53:00
Message-ID: E1GeioG-0005mu-RP () mercury ! mandriva ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:194
http://www.mandriva.com/security/
_______________________________________________________________________
Package : postgresql
Date : October 30, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability in PostgreSQL 8.1.x allowed remote authenticated users
to cause a Denial of Service (daemon crash) via certain aggregate
functions in an UPDATE statement which were not handled correctly
(CVE-2006-5540).
Another DoS issue in PostgreSQL 7.4.x, 8.0.x, and 8.1.x allowed remote
authenticated users to crash the daemon via a coercion of an unknown
element to ANYARRAY (CVE-2006-5541).
Finally, another vulnerability in 8.1.x could allow a remote
authenticated user to cause a DoS related to duration logging of
V3-protocol Execute message for COMMIT and ROLLBACK statements
(CVE-2006-5542).
This updated provides the latest 8.0.x and 8.1.x PostgreSQL versions
and patches the version of PostgreSQL shipped with Corporate 3.0.
After installing this upgrade, you will need to execute "service
postgresql restart" for it to take effect.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5542
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
1fb571748d2c90bd15e3cd8fd8f2ce44 2006.0/i586/libecpg5-8.0.9-0.1.20060mdk.i586.rpm
ed4f5712c8981cad55401043600820cf \
2006.0/i586/libecpg5-devel-8.0.9-0.1.20060mdk.i586.rpm \
0466a77d44a3b0dadd9c4f3e50339eb5 2006.0/i586/libpq4-8.0.9-0.1.20060mdk.i586.rpm \
1149c289545be7a75d702665672d5191 \
2006.0/i586/libpq4-devel-8.0.9-0.1.20060mdk.i586.rpm \
01bf40cba5982c032fe7c30890ea4ba3 2006.0/i586/postgresql-8.0.9-0.1.20060mdk.i586.rpm \
43b86ce619e0e838dabe50a4db0de4b5 \
2006.0/i586/postgresql-contrib-8.0.9-0.1.20060mdk.i586.rpm \
d04bbd08d8a46211738e8ce6f1bf4e32 \
2006.0/i586/postgresql-devel-8.0.9-0.1.20060mdk.i586.rpm \
0ca91af936b21233550407b77a062d17 \
2006.0/i586/postgresql-docs-8.0.9-0.1.20060mdk.i586.rpm \
9d7db675ef8020751378eddff8472940 \
2006.0/i586/postgresql-jdbc-8.0.9-0.1.20060mdk.i586.rpm \
8b02452736d9b74b563f859f14427f26 \
2006.0/i586/postgresql-pl-8.0.9-0.1.20060mdk.i586.rpm \
d6044790a99203e54f036bd81b236bb6 \
2006.0/i586/postgresql-plperl-8.0.9-0.1.20060mdk.i586.rpm \
2fda8e8a6fa08089aac4b0862b68553b \
2006.0/i586/postgresql-plpgsql-8.0.9-0.1.20060mdk.i586.rpm \
eff79cf24be0c26d58ee2995b12bb130 \
2006.0/i586/postgresql-plpython-8.0.9-0.1.20060mdk.i586.rpm \
fd72f96206ef85c1b55488bb68462408 \
2006.0/i586/postgresql-pltcl-8.0.9-0.1.20060mdk.i586.rpm \
f5904aecf7f0eaf88d5ec7cf80a910da \
2006.0/i586/postgresql-server-8.0.9-0.1.20060mdk.i586.rpm \
1477b09a635ca665aef8ba43d6ee5c2e \
2006.0/i586/postgresql-test-8.0.9-0.1.20060mdk.i586.rpm \
ff24736bd204ad38a014215bd32a006a 2006.0/SRPMS/postgresql-8.0.9-0.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
5fc89eca9286a691155eb5e53519af42 \
2006.0/x86_64/lib64ecpg5-8.0.9-0.1.20060mdk.x86_64.rpm \
00de88aa7317e47520524e433df4983d \
2006.0/x86_64/lib64ecpg5-devel-8.0.9-0.1.20060mdk.x86_64.rpm \
cf2533c6dd26873da1df50f310669acd \
2006.0/x86_64/lib64pq4-8.0.9-0.1.20060mdk.x86_64.rpm \
8ea480eb47f34581a647820f3a9b2a6c \
2006.0/x86_64/lib64pq4-devel-8.0.9-0.1.20060mdk.x86_64.rpm \
f021ef750b2705421014f90ade870d43 \
2006.0/x86_64/postgresql-8.0.9-0.1.20060mdk.x86_64.rpm \
adbdd69d8ae11e1b068c58f25d8f64eb \
2006.0/x86_64/postgresql-contrib-8.0.9-0.1.20060mdk.x86_64.rpm \
e35b8a7ee77fd1a5a6a031016514b195 \
2006.0/x86_64/postgresql-devel-8.0.9-0.1.20060mdk.x86_64.rpm \
314b05df0f065843135a4d4920fc2599 \
2006.0/x86_64/postgresql-docs-8.0.9-0.1.20060mdk.x86_64.rpm \
5a6d3aaa058ea31eb1e05e54104d5350 \
2006.0/x86_64/postgresql-jdbc-8.0.9-0.1.20060mdk.x86_64.rpm \
32fb058d2d478c505a1f3957dcb7c994 \
2006.0/x86_64/postgresql-pl-8.0.9-0.1.20060mdk.x86_64.rpm \
f1a1d5a54e4ac529744eeca2de780066 \
2006.0/x86_64/postgresql-plperl-8.0.9-0.1.20060mdk.x86_64.rpm \
76665f281a7696f710fc2dc9a8138374 \
2006.0/x86_64/postgresql-plpgsql-8.0.9-0.1.20060mdk.x86_64.rpm \
ff50a1b54276a6d5d80689ef1d8069ff \
2006.0/x86_64/postgresql-plpython-8.0.9-0.1.20060mdk.x86_64.rpm \
19ea6350ab699a2224325b2de5ebd84b \
2006.0/x86_64/postgresql-pltcl-8.0.9-0.1.20060mdk.x86_64.rpm \
bdaf40227e8352392a33be14f546bf72 \
2006.0/x86_64/postgresql-server-8.0.9-0.1.20060mdk.x86_64.rpm \
f3729161d74e40ec9755f4d6ed00719c \
2006.0/x86_64/postgresql-test-8.0.9-0.1.20060mdk.x86_64.rpm \
ff24736bd204ad38a014215bd32a006a 2006.0/SRPMS/postgresql-8.0.9-0.1.20060mdk.src.rpm
Mandriva Linux 2007.0:
ac56fa5052022abcd0e14020b358f405 2007.0/i586/libecpg5-8.1.5-1.1mdv2007.0.i586.rpm
3478d9db597de1ca4301f215dc0d723b \
2007.0/i586/libecpg5-devel-8.1.5-1.1mdv2007.0.i586.rpm \
8a3118cd7c30bd148f8c28eb67634ed4 2007.0/i586/libpq4-8.1.5-1.1mdv2007.0.i586.rpm \
faf39e2ca0b08d3f3fecb653c29cb3ee \
2007.0/i586/libpq4-devel-8.1.5-1.1mdv2007.0.i586.rpm \
9455b83b95b34dcc4f63cae6bb09ba43 2007.0/i586/postgresql-8.1.5-1.1mdv2007.0.i586.rpm \
73ad9b8f3b64f30606df8df0c9c50cae \
2007.0/i586/postgresql-contrib-8.1.5-1.1mdv2007.0.i586.rpm \
f413df37137b6442f8f0f98f90cdd0f2 \
2007.0/i586/postgresql-devel-8.1.5-1.1mdv2007.0.i586.rpm \
1ea0dbdee49b367698c4a154328a9c2a \
2007.0/i586/postgresql-docs-8.1.5-1.1mdv2007.0.i586.rpm \
4c05a60ab179ccf2bf0d26b516976abf \
2007.0/i586/postgresql-pl-8.1.5-1.1mdv2007.0.i586.rpm \
25e2b5df178be8deb2f2f2bfeae29d48 \
2007.0/i586/postgresql-plperl-8.1.5-1.1mdv2007.0.i586.rpm \
eee6444693f723372a287d62dc2ea0da \
2007.0/i586/postgresql-plpgsql-8.1.5-1.1mdv2007.0.i586.rpm \
08044754f6a3bb70aab008e0f91395f1 \
2007.0/i586/postgresql-plpython-8.1.5-1.1mdv2007.0.i586.rpm \
a75b7c287e4946f3ff4c2b66be1f8931 \
2007.0/i586/postgresql-pltcl-8.1.5-1.1mdv2007.0.i586.rpm \
46150f94055d88e114d6d7563a0a2af6 \
2007.0/i586/postgresql-server-8.1.5-1.1mdv2007.0.i586.rpm \
c1c48e44ea40621c7b9166161bafbdbd \
2007.0/i586/postgresql-test-8.1.5-1.1mdv2007.0.i586.rpm \
2445c13c47075faa93f8a74c1dff9b15 2007.0/SRPMS/postgresql-8.1.5-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
c9f5a2bd635f3a8f71a642fdb0c61a70 \
2007.0/x86_64/lib64ecpg5-8.1.5-1.1mdv2007.0.x86_64.rpm \
97356c96c606e93ea935929817e1bdf9 \
2007.0/x86_64/lib64ecpg5-devel-8.1.5-1.1mdv2007.0.x86_64.rpm \
df65534147d923dfd8aed7cecd15d2b1 \
2007.0/x86_64/lib64pq4-8.1.5-1.1mdv2007.0.x86_64.rpm \
88b41f69996829f9113afbc526630431 \
2007.0/x86_64/lib64pq4-devel-8.1.5-1.1mdv2007.0.x86_64.rpm \
c721cb020ae8d47d3953a9b5d3942b58 \
2007.0/x86_64/postgresql-8.1.5-1.1mdv2007.0.x86_64.rpm \
92a27c6b77e20e943781dcf117e36439 \
2007.0/x86_64/postgresql-contrib-8.1.5-1.1mdv2007.0.x86_64.rpm \
67ba2ad1be4c65c711f443178a32364e \
2007.0/x86_64/postgresql-devel-8.1.5-1.1mdv2007.0.x86_64.rpm \
4ed8e29d73fffe92e7d90a8cd913ca18 \
2007.0/x86_64/postgresql-docs-8.1.5-1.1mdv2007.0.x86_64.rpm \
932fb1d2b0592953fa9d6a931140d6a2 \
2007.0/x86_64/postgresql-pl-8.1.5-1.1mdv2007.0.x86_64.rpm \
299452ce74af7d7a5913a292bf649ac2 \
2007.0/x86_64/postgresql-plperl-8.1.5-1.1mdv2007.0.x86_64.rpm \
f0477ff759d4026051e68a927f7ee0d4 \
2007.0/x86_64/postgresql-plpgsql-8.1.5-1.1mdv2007.0.x86_64.rpm \
0dd0e8a435d403ea8fffcc8f4d708070 \
2007.0/x86_64/postgresql-plpython-8.1.5-1.1mdv2007.0.x86_64.rpm \
a42972ca797bebef9faa861fd32917fa \
2007.0/x86_64/postgresql-pltcl-8.1.5-1.1mdv2007.0.x86_64.rpm \
201faf962540b78f49fb1c6ad6657c57 \
2007.0/x86_64/postgresql-server-8.1.5-1.1mdv2007.0.x86_64.rpm \
f307467b7567da24cd4e46fb8745e05f \
2007.0/x86_64/postgresql-test-8.1.5-1.1mdv2007.0.x86_64.rpm \
2445c13c47075faa93f8a74c1dff9b15 2007.0/SRPMS/postgresql-8.1.5-1.1mdv2007.0.src.rpm
Corporate 3.0:
ea5314d8ea3b3f18c0075aff95bc7200 \
corporate/3.0/i586/libecpg3-7.4.1-2.7.C30mdk.i586.rpm \
23c6670398f27abf928992a9812fc578 \
corporate/3.0/i586/libecpg3-devel-7.4.1-2.7.C30mdk.i586.rpm \
101e16a7faf1a6920d24af4ccc66e319 \
corporate/3.0/i586/libpgtcl2-7.4.1-2.7.C30mdk.i586.rpm \
ca2d39a28d8c86fa1ff2e1f8ed510e89 \
corporate/3.0/i586/libpgtcl2-devel-7.4.1-2.7.C30mdk.i586.rpm \
bc955518e6ad3315226fe5ab14ffc6d7 corporate/3.0/i586/libpq3-7.4.1-2.7.C30mdk.i586.rpm \
f65ec0a99e111f76e7bb6e515648cd0a \
corporate/3.0/i586/libpq3-devel-7.4.1-2.7.C30mdk.i586.rpm \
e47e849098af0d788b406a982391edbe \
corporate/3.0/i586/postgresql-7.4.1-2.7.C30mdk.i586.rpm \
4435fecede0b88db775c2c9aee378158 \
corporate/3.0/i586/postgresql-contrib-7.4.1-2.7.C30mdk.i586.rpm \
033ad03ff0dd8632d420f16993a7d7ec \
corporate/3.0/i586/postgresql-devel-7.4.1-2.7.C30mdk.i586.rpm \
4b795893f10706b85f51502e403b4044 \
corporate/3.0/i586/postgresql-docs-7.4.1-2.7.C30mdk.i586.rpm \
7e784bcba9573e52774256c8b3219c1e \
corporate/3.0/i586/postgresql-jdbc-7.4.1-2.7.C30mdk.i586.rpm \
58d483706e95cd39a5df02a32a7b81d4 \
corporate/3.0/i586/postgresql-pl-7.4.1-2.7.C30mdk.i586.rpm \
766327598604b042b2311489ce876a99 \
corporate/3.0/i586/postgresql-server-7.4.1-2.7.C30mdk.i586.rpm \
81c7ca36c3e6dabc88c03cbe4134a7d2 \
corporate/3.0/i586/postgresql-tcl-7.4.1-2.7.C30mdk.i586.rpm \
9fc697243ac48f3553de9b1ff6500965 \
corporate/3.0/i586/postgresql-test-7.4.1-2.7.C30mdk.i586.rpm \
a43af6d9f276cc26e1c35aca23ef2bbc \
corporate/3.0/SRPMS/postgresql-7.4.1-2.7.C30mdk.src.rpm
Corporate 3.0/X86_64:
34954f43ad725af7530b6232bd5bd556 \
corporate/3.0/x86_64/lib64ecpg3-7.4.1-2.7.C30mdk.x86_64.rpm \
761e273759dfab143dc126f48d511b45 \
corporate/3.0/x86_64/lib64ecpg3-devel-7.4.1-2.7.C30mdk.x86_64.rpm \
517c15b8f4a1d54a4c950220c25dd23b \
corporate/3.0/x86_64/lib64pgtcl2-7.4.1-2.7.C30mdk.x86_64.rpm \
a10677a6af9609fbf8f05526ce9caec6 \
corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.1-2.7.C30mdk.x86_64.rpm \
4a5b755a9dbbe425bef61e6269da112f \
corporate/3.0/x86_64/lib64pq3-7.4.1-2.7.C30mdk.x86_64.rpm \
3a4c7d4ef3830c057adb3aa47655d21a \
corporate/3.0/x86_64/lib64pq3-devel-7.4.1-2.7.C30mdk.x86_64.rpm \
e7fe9777ad5637ba96a1260c77a373e0 \
corporate/3.0/x86_64/postgresql-7.4.1-2.7.C30mdk.x86_64.rpm \
4f492571534522371d1b6bc6dc27b02c \
corporate/3.0/x86_64/postgresql-contrib-7.4.1-2.7.C30mdk.x86_64.rpm \
7ca9240f5038a2d90da56b31fc698824 \
corporate/3.0/x86_64/postgresql-devel-7.4.1-2.7.C30mdk.x86_64.rpm \
7a92752be990700ef7ef1cde076c7bb0 \
corporate/3.0/x86_64/postgresql-docs-7.4.1-2.7.C30mdk.x86_64.rpm \
3c660c199d346b565706be8cd1f94196 \
corporate/3.0/x86_64/postgresql-jdbc-7.4.1-2.7.C30mdk.x86_64.rpm \
a742de9115bf59fcf57e97f6d4bde9a5 \
corporate/3.0/x86_64/postgresql-pl-7.4.1-2.7.C30mdk.x86_64.rpm \
69599b34d2fa9ab8a35dc76acefbaebb \
corporate/3.0/x86_64/postgresql-server-7.4.1-2.7.C30mdk.x86_64.rpm \
5d049cafa926f353f2d999af21511b5b \
corporate/3.0/x86_64/postgresql-tcl-7.4.1-2.7.C30mdk.x86_64.rpm \
f495fdcccc678549b1984a20d6d29134 \
corporate/3.0/x86_64/postgresql-test-7.4.1-2.7.C30mdk.x86_64.rpm \
a43af6d9f276cc26e1c35aca23ef2bbc \
corporate/3.0/SRPMS/postgresql-7.4.1-2.7.C30mdk.src.rpm
Corporate 4.0:
7377cc8a31eef5d5862075e95574c042 \
corporate/4.0/i586/libecpg5-8.1.5-0.1.20060mlcs4.i586.rpm \
af17c7a5144cf9c234b785fe6cf341ee \
corporate/4.0/i586/libecpg5-devel-8.1.5-0.1.20060mlcs4.i586.rpm \
6ccbc4dcd5546a264c4e7e8172f50ed9 \
corporate/4.0/i586/libpq4-8.1.5-0.1.20060mlcs4.i586.rpm \
2a3d0e8816cce25df125b943c6862fbb \
corporate/4.0/i586/libpq4-devel-8.1.5-0.1.20060mlcs4.i586.rpm \
a58c5c6ee6dc30d7be1193c73d5976c8 \
corporate/4.0/i586/postgresql-8.1.5-0.1.20060mlcs4.i586.rpm \
d313f326da2c44bb6dd5db7aa9bba64a \
corporate/4.0/i586/postgresql-contrib-8.1.5-0.1.20060mlcs4.i586.rpm \
7d902b81a6bbfaca675b09143553406c \
corporate/4.0/i586/postgresql-devel-8.1.5-0.1.20060mlcs4.i586.rpm \
0c901f454fa377a319aafc3c5dec9675 \
corporate/4.0/i586/postgresql-docs-8.1.5-0.1.20060mlcs4.i586.rpm \
2e593d9d3fa83c175eac3f12ad9e45a1 \
corporate/4.0/i586/postgresql-pl-8.1.5-0.1.20060mlcs4.i586.rpm \
47d521dbd90198753aab1a70a11081ea \
corporate/4.0/i586/postgresql-plperl-8.1.5-0.1.20060mlcs4.i586.rpm \
cfdf1d454446d5638e2bb0ab1c66522b \
corporate/4.0/i586/postgresql-plpgsql-8.1.5-0.1.20060mlcs4.i586.rpm \
9c9d461b05bb5843668f950592805d59 \
corporate/4.0/i586/postgresql-plpython-8.1.5-0.1.20060mlcs4.i586.rpm \
a3e7bffc4a5538ff1177a9cbf1a5ca6b \
corporate/4.0/i586/postgresql-pltcl-8.1.5-0.1.20060mlcs4.i586.rpm \
f7e14aa31b44838a3fdec11ea353f2de \
corporate/4.0/i586/postgresql-server-8.1.5-0.1.20060mlcs4.i586.rpm \
8a38fe370cc5003e3556d83b39ff8dc1 \
corporate/4.0/i586/postgresql-test-8.1.5-0.1.20060mlcs4.i586.rpm \
ff0ac92c00839335e1514eb0c3ed52e4 \
corporate/4.0/SRPMS/postgresql-8.1.5-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
7f2c7a45cfda3307178149237df2f6bd \
corporate/4.0/x86_64/lib64ecpg5-8.1.5-0.1.20060mlcs4.x86_64.rpm \
eda7da21931ef9d9b234e1b570bbe61c \
corporate/4.0/x86_64/lib64ecpg5-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm \
ab765fe8f17e0fe3f13039755305d852 \
corporate/4.0/x86_64/lib64pq4-8.1.5-0.1.20060mlcs4.x86_64.rpm \
0e78d974ee02cd74123508c7f85a6e08 \
corporate/4.0/x86_64/lib64pq4-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm \
d779d763187c574e4eaaeb2e1e4137e2 \
corporate/4.0/x86_64/postgresql-8.1.5-0.1.20060mlcs4.x86_64.rpm \
8ffb912e00dbde3a9554e18367b9aad4 \
corporate/4.0/x86_64/postgresql-contrib-8.1.5-0.1.20060mlcs4.x86_64.rpm \
1510c836a5d1975322d2f57f6827f8ae \
corporate/4.0/x86_64/postgresql-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm \
21fed3a03cff7118fd02a207e5a639a2 \
corporate/4.0/x86_64/postgresql-docs-8.1.5-0.1.20060mlcs4.x86_64.rpm \
cf226c1042bc4dab1a53e81b2452ff0e \
corporate/4.0/x86_64/postgresql-pl-8.1.5-0.1.20060mlcs4.x86_64.rpm \
a027caad15e8b0e4a41743774e686737 \
corporate/4.0/x86_64/postgresql-plperl-8.1.5-0.1.20060mlcs4.x86_64.rpm \
b34462b8c3a671e602758f5ccdff1e02 \
corporate/4.0/x86_64/postgresql-plpgsql-8.1.5-0.1.20060mlcs4.x86_64.rpm \
010df242aead3b2a30d1892508f3060f \
corporate/4.0/x86_64/postgresql-plpython-8.1.5-0.1.20060mlcs4.x86_64.rpm \
f3f7ccfec77ba15d04a11b9bfa7662ae \
corporate/4.0/x86_64/postgresql-pltcl-8.1.5-0.1.20060mlcs4.x86_64.rpm \
15602549144e5445384aec5ae8378083 \
corporate/4.0/x86_64/postgresql-server-8.1.5-0.1.20060mlcs4.x86_64.rpm \
0937f8b274f06f7485671ab6fe29e914 \
corporate/4.0/x86_64/postgresql-test-8.1.5-0.1.20060mlcs4.x86_64.rpm \
ff0ac92c00839335e1514eb0c3ed52e4 \
corporate/4.0/SRPMS/postgresql-8.1.5-0.1.20060mlcs4.src.rpm \
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFRos7mqjQ0CJFipgRAiqMAJ9+dxlWXvh/9K3fp5sCIVlFCcOuOACePkNj
+YB22ZQxAXehK90Llcv6TEs=
=XPKB
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic