MDKSA-2005:093 - Updated PostgreSQL packages
Posted on: 06/02/2005 03:55 AM

Updated PostgreSQL packages are available for Mandriva Linux

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: postgresql
Advisory ID: MDKSA-2005:093
Date: May 26th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

A number of vulnerabilities were found and corrected in the PostgreSQL DBMS:

Two serious security errors have been found in PostgreSQL 7.3 and newer releases. These errors at least allow an unprivileged database user to crash the backend process, and may make it possible for an unprivileged user to gain the privileges of a database superuser.

Functions that support client-to-server character set conversion can be called from SQL commands by unprivileged users, but these functions are not designed to be safe against malicious choices of argument values. (CAN-2005-1409)

The contrib/tsearch2 module misdeclares several functions as returning type "internal" when they do not have any "internal" argument. This breaks the type safety of "internal" by allowing users to construct SQL commands that invoke other functions accepting "internal" arguments.
(CAN-2005-1410)

These vulnerabilities must also be fixed in all existing databases when upgrading. The post-installation script of the updated postgresql-server package attempts to do this automatically.

The updated packages have been patched to correct these problems.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1410
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
aeedc1072185c106fcafe2797a52302b 10.0/RPMS/libecpg3-7.4.1-2.5.100mdk.i586.rpm
d81d17fb9e13e0bb887f4663624c52e0 10.0/RPMS/libecpg3-devel-7.4.1-2.5.100mdk.i586.rpm
ec386e33401e002a09ac6c54aec9eaeb 10.0/RPMS/libpgtcl2-7.4.1-2.5.100mdk.i586.rpm
bafb74ea7dc4cd80996b249e2ce0a532 10.0/RPMS/libpgtcl2-devel-7.4.1-2.5.100mdk.i586.rpm
58ce2d043358b14d9f09cc2b5e952940 10.0/RPMS/libpq3-7.4.1-2.5.100mdk.i586.rpm
3d036161d3d50e02147a4f84b4d9200c 10.0/RPMS/libpq3-devel-7.4.1-2.5.100mdk.i586.rpm
bae8fa690bc501efddfda5f182981c7e 10.0/RPMS/postgresql-7.4.1-2.5.100mdk.i586.rpm
ab74642e890a5824208be7e0cb05352f 10.0/RPMS/postgresql-contrib-7.4.1-2.5.100mdk.i586.rpm
35fd0d594e8fab8822bfb7620877f919 10.0/RPMS/postgresql-devel-7.4.1-2.5.100mdk.i586.rpm
3f9c657ce179b9546789255b65f6c977 10.0/RPMS/postgresql-docs-7.4.1-2.5.100mdk.i586.rpm
02f3a3878d2fbf0666cc8aa5979064e6 10.0/RPMS/postgresql-jdbc-7.4.1-2.5.100mdk.i586.rpm
3ebe274bcb0914335abad73e246f36bb 10.0/RPMS/postgresql-pl-7.4.1-2.5.100mdk.i586.rpm
4b6bd61c9d7b9ce663a88f0c2e0d915a 10.0/RPMS/postgresql-server-7.4.1-2.5.100mdk.i586.rpm
79a2686235e0465f7dba8999ad177ec8 10.0/RPMS/postgresql-tcl-7.4.1-2.5.100mdk.i586.rpm
e18521d0a723f63f75864195618a540a 10.0/RPMS/postgresql-test-7.4.1-2.5.100mdk.i586.rpm
378f0e512dd7f333b587453755882383 10.0/SRPMS/postgresql-7.4.1-2.5.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
a03225fe2348b3c94b69a0cf024a72b4 amd64/10.0/RPMS/lib64ecpg3-7.4.1-2.5.100mdk.amd64.rpm
b844f646558df72e9066e0dda8293ad0 amd64/10.0/RPMS/lib64ecpg3-devel-7.4.1-2.5.100mdk.amd64.rpm
4abf07522176fab45e3cedfa4ea486ab amd64/10.0/RPMS/lib64pgtcl2-7.4.1-2.5.100mdk.amd64.rpm
edadf59a66119ea2053cdaf1b706bae0 amd64/10.0/RPMS/lib64pgtcl2-devel-7.4.1-2.5.100mdk.amd64.rpm
cacc38a0324383c5b5c1a7ede85e893a amd64/10.0/RPMS/lib64pq3-7.4.1-2.5.100mdk.amd64.rpm
781bd584c08364468c468e1f20ac024b amd64/10.0/RPMS/lib64pq3-devel-7.4.1-2.5.100mdk.amd64.rpm
01cc41dd346dbd97f902669aceadcbc1 amd64/10.0/RPMS/postgresql-7.4.1-2.5.100mdk.amd64.rpm
9e31560671ab5f98e667cc0ffef509ff amd64/10.0/RPMS/postgresql-contrib-7.4.1-2.5.100mdk.amd64.rpm
d68cd3987e1fb07c85e8677a922aea57 amd64/10.0/RPMS/postgresql-devel-7.4.1-2.5.100mdk.amd64.rpm
66454d5034e732ef7d2cc6b0b86ff67b amd64/10.0/RPMS/postgresql-docs-7.4.1-2.5.100mdk.amd64.rpm
f1d6651b86cf725df5350b0152ca6a56 amd64/10.0/RPMS/postgresql-jdbc-7.4.1-2.5.100mdk.amd64.rpm
fb10823047b3ff5b55867c60dccb75fc amd64/10.0/RPMS/postgresql-pl-7.4.1-2.5.100mdk.amd64.rpm
33617c7b030b95f0665782ff6e66abaf amd64/10.0/RPMS/postgresql-server-7.4.1-2.5.100mdk.amd64.rpm
55f7443460141b83b1af9db28b3ed613 amd64/10.0/RPMS/postgresql-tcl-7.4.1-2.5.100mdk.amd64.rpm
db4eaf039b41a3b72f4d2e634269ceb7 amd64/10.0/RPMS/postgresql-test-7.4.1-2.5.100mdk.amd64.rpm
378f0e512dd7f333b587453755882383 amd64/10.0/SRPMS/postgresql-7.4.1-2.5.100mdk.src.rpm

Mandrakelinux 10.1:
09606474acc279cf257c232276a80f6d 10.1/RPMS/libecpg3-7.4.5-4.3.101mdk.i586.rpm
8e4a27778ba55f2b2713c4ff03147b91 10.1/RPMS/libecpg3-devel-7.4.5-4.3.101mdk.i586.rpm
a8351c0abe59c0f668e73ddea0414b90 10.1/RPMS/libpgtcl2-7.4.5-4.3.101mdk.i586.rpm
b0821e8cd84d21680b99ef1d0f59e93b 10.1/RPMS/libpgtcl2-devel-7.4.5-4.3.101mdk.i586.rpm
c248b5409ec28142da7dd2c42b82bf7e 10.1/RPMS/libpq3-7.4.5-4.3.101mdk.i586.rpm
cc865b79edf26e5959e2d2c4f3303bdf 10.1/RPMS/libpq3-devel-7.4.5-4.3.101mdk.i586.rpm
b86715d30a1760abf186492dceedcd0b 10.1/RPMS/postgresql-7.4.5-4.3.101mdk.i586.rpm
02a611cfb25fa10b342d4c4e99166fb1 10.1/RPMS/postgresql-contrib-7.4.5-4.3.101mdk.i586.rpm
bc2d9475031ca568de4c523d5a732d0a 10.1/RPMS/postgresql-devel-7.4.5-4.3.101mdk.i586.rpm
63839ede6a4b8baa70a441567c42443f 10.1/RPMS/postgresql-docs-7.4.5-4.3.101mdk.i586.rpm
fe1ef871c021672de9fc5c0deaea3368 10.1/RPMS/postgresql-jdbc-7.4.5-4.3.101mdk.i586.rpm
c9a8be14fbf5a3a76aca31b6f13d9fc4 10.1/RPMS/postgresql-pl-7.4.5-4.3.101mdk.i586.rpm
a906c3ef7edb6c69b8da32b32857e64b 10.1/RPMS/postgresql-server-7.4.5-4.3.101mdk.i586.rpm
474ad52e73e70c6a68b6ba2d61f53b3c 10.1/RPMS/postgresql-tcl-7.4.5-4.3.101mdk.i586.rpm
2ffc7c3402f23607ec0d2178bfec0926 10.1/RPMS/postgresql-test-7.4.5-4.3.101mdk.i586.rpm
8241f1ad851b1ab1e6325f972db24d43 10.1/SRPMS/postgresql-7.4.5-4.3.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
5a60b5d1caa1a8d24d52bd1d64b9e6d7 x86_64/10.1/RPMS/lib64ecpg3-7.4.5-4.3.101mdk.x86_64.rpm
0938c879ccdc1385796005ab2697fc38 x86_64/10.1/RPMS/lib64ecpg3-devel-7.4.5-4.3.101mdk.x86_64.rpm
40bbe3d1f9d72cb2b4a71f2345a9bf56 x86_64/10.1/RPMS/lib64pgtcl2-7.4.5-4.3.101mdk.x86_64.rpm
26ea7696e0f3416e53fc5747f4bd38d6 x86_64/10.1/RPMS/lib64pgtcl2-devel-7.4.5-4.3.101mdk.x86_64.rpm
1ff13822321bfc41c82ee7b903c10958 x86_64/10.1/RPMS/lib64pq3-7.4.5-4.3.101mdk.x86_64.rpm
c76722085f68d98e442534ed52fc7b16 x86_64/10.1/RPMS/lib64pq3-devel-7.4.5-4.3.101mdk.x86_64.rpm
b07617ff5b49437f34a54ddfea917d2c x86_64/10.1/RPMS/postgresql-7.4.5-4.3.101mdk.x86_64.rpm
d576aebbff57bdfaf4ecca953f6333b4 x86_64/10.1/RPMS/postgresql-contrib-7.4.5-4.3.101mdk.x86_64.rpm
a09f7ea1b574465a9c078e20aa876451 x86_64/10.1/RPMS/postgresql-devel-7.4.5-4.3.101mdk.x86_64.rpm
5679dc9d250bfa18ce8822633dde80fc x86_64/10.1/RPMS/postgresql-docs-7.4.5-4.3.101mdk.x86_64.rpm
272f98ec19d1762bcd1b9f4728a331a1 x86_64/10.1/RPMS/postgresql-jdbc-7.4.5-4.3.101mdk.x86_64.rpm
5cbad6ef4166de69de826fe3b3ba0efc x86_64/10.1/RPMS/postgresql-pl-7.4.5-4.3.101mdk.x86_64.rpm
16ecc03b01dccf331e4bb7be51f44fbf x86_64/10.1/RPMS/postgresql-server-7.4.5-4.3.101mdk.x86_64.rpm
3fdcab04553bb9120ba4b7d4993224fe x86_64/10.1/RPMS/postgresql-tcl-7.4.5-4.3.101mdk.x86_64.rpm
0584d593511c3ac5fb8a268d5e7ab83a x86_64/10.1/RPMS/postgresql-test-7.4.5-4.3.101mdk.x86_64.rpm
8241f1ad851b1ab1e6325f972db24d43 x86_64/10.1/SRPMS/postgresql-7.4.5-4.3.101mdk.src.rpm

Mandrakelinux 10.2:
61c64c9b20bb80fe6757a0e4c7894b63 10.2/RPMS/libecpg3-8.0.1-6.1.102mdk.i586.rpm
4de064827bb13edf67e412a4294bd533 10.2/RPMS/libecpg3-devel-8.0.1-6.1.102mdk.i586.rpm
0f45c58fc5230b807fbbd8ca6f5f2725 10.2/RPMS/libpq3-8.0.1-6.1.102mdk.i586.rpm
19a908b24da05da597f6b86203d872e7 10.2/RPMS/libpq3-devel-8.0.1-6.1.102mdk.i586.rpm
41d5f625312105ee64dd2befe0b70d7b 10.2/RPMS/postgresql-8.0.1-6.1.102mdk.i586.rpm
9dffbcad7032dfba00d12147e909b086 10.2/RPMS/postgresql-contrib-8.0.1-6.1.102mdk.i586.rpm
fd5ce05efcb9d7ddc11db907b4025424 10.2/RPMS/postgresql-devel-8.0.1-6.1.102mdk.i586.rpm
aca7525d2ecc366460634e9d8fb3fa42 10.2/RPMS/postgresql-docs-8.0.1-6.1.102mdk.i586.rpm
3fd2312905f4f176cc09772c54db330f 10.2/RPMS/postgresql-jdbc-8.0.1-6.1.102mdk.i586.rpm
9ad8301e937e88763788a025b4dfcead 10.2/RPMS/postgresql-pl-8.0.1-6.1.102mdk.i586.rpm
798f14f65e655b5bbb5b931a2a89faef 10.2/RPMS/postgresql-plperl-8.0.1-6.1.102mdk.i586.rpm
2b16d3bb6c09c87b07be760b5235f209 10.2/RPMS/postgresql-plpgsql-8.0.1-6.1.102mdk.i586.rpm
08fbc6c56c8f1c98b32a75c91615651d 10.2/RPMS/postgresql-plpython-8.0.1-6.1.102mdk.i586.rpm
5efe64db2293f1a2f2c000b16862a462 10.2/RPMS/postgresql-pltcl-8.0.1-6.1.102mdk.i586.rpm
392d86d0de31b2ac369db079d18e91d2 10.2/RPMS/postgresql-server-8.0.1-6.1.102mdk.i586.rpm
983ffbe5df3072aa1600192e0ad957fa 10.2/RPMS/postgresql-test-8.0.1-6.1.102mdk.i586.rpm
e0448322820d9d84bcb5b9634dd71f7a 10.2/SRPMS/postgresql-8.0.1-6.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
bb236f6a074b84ec758ab6e46d3265ef x86_64/10.2/RPMS/lib64ecpg3-8.0.1-6.1.102mdk.x86_64.rpm
90625e7c22b561141a1047b1d7c43529 x86_64/10.2/RPMS/lib64ecpg3-devel-8.0.1-6.1.102mdk.x86_64.rpm
12e0df06b9dbaeb2a937434f1b199b6a x86_64/10.2/RPMS/lib64pq3-8.0.1-6.1.102mdk.x86_64.rpm
51481227bf7a9e408179af112166813b x86_64/10.2/RPMS/lib64pq3-devel-8.0.1-6.1.102mdk.x86_64.rpm
eb8ff843ef146fc9695e71019c4c21e5 x86_64/10.2/RPMS/postgresql-8.0.1-6.1.102mdk.x86_64.rpm
eb81533aa4ceb19b2ad7f2625dccf711 x86_64/10.2/RPMS/postgresql-contrib-8.0.1-6.1.102mdk.x86_64.rpm
a3253f9558f17d3f774619fc64e6ab24 x86_64/10.2/RPMS/postgresql-devel-8.0.1-6.1.102mdk.x86_64.rpm
7199380968ebbac84c607d6be752bf7a x86_64/10.2/RPMS/postgresql-docs-8.0.1-6.1.102mdk.x86_64.rpm
2c20a3d479e0209932937566a17082a0 x86_64/10.2/RPMS/postgresql-jdbc-8.0.1-6.1.102mdk.x86_64.rpm
067014855679381323083143793d3e2b x86_64/10.2/RPMS/postgresql-pl-8.0.1-6.1.102mdk.x86_64.rpm
da9b74b4d0d1e9c838256fe37fa8de6b x86_64/10.2/RPMS/postgresql-plperl-8.0.1-6.1.102mdk.x86_64.rpm
06083864d339c8c01d3e7c025872b5bb x86_64/10.2/RPMS/postgresql-plpgsql-8.0.1-6.1.102mdk.x86_64.rpm
8104f8e470d2d5a727a23f0c14e17b23 x86_64/10.2/RPMS/postgresql-plpython-8.0.1-6.1.102mdk.x86_64.rpm
cc5ad304dfe9afdf37db8e52977c9c2a x86_64/10.2/RPMS/postgresql-pltcl-8.0.1-6.1.102mdk.x86_64.rpm
071540a64c49a0f683b7b01702ab8e2c x86_64/10.2/RPMS/postgresql-server-8.0.1-6.1.102mdk.x86_64.rpm
0284882f4a617159335d61d5ad5d9305 x86_64/10.2/RPMS/postgresql-test-8.0.1-6.1.102mdk.x86_64.rpm
e0448322820d9d84bcb5b9634dd71f7a x86_64/10.2/SRPMS/postgresql-8.0.1-6.1.102mdk.src.rpm

Corporate 3.0:
1084cc1f3a3da18bd773e6a54de4038f corporate/3.0/RPMS/libecpg3-7.4.1-2.5.C30mdk.i586.rpm
9baf7e49e166581c3c0e0b17c42b2c61 corporate/3.0/RPMS/libecpg3-devel-7.4.1-2.5.C30mdk.i586.rpm
3653201f8d29ad836e1ee8a3f6171575 corporate/3.0/RPMS/libpgtcl2-7.4.1-2.5.C30mdk.i586.rpm
17dcd61c96b56c741114fab9ca780c3e corporate/3.0/RPMS/libpgtcl2-devel-7.4.1-2.5.C30mdk.i586.rpm
2eb7ad8e0f230b038cb9046a80ddc299 corporate/3.0/RPMS/libpq3-7.4.1-2.5.C30mdk.i586.rpm
320aa6315ae8bacc4379b1404346ae44 corporate/3.0/RPMS/libpq3-devel-7.4.1-2.5.C30mdk.i586.rpm
5784c53a7932abda8d8343adcf08d350 corporate/3.0/RPMS/postgresql-7.4.1-2.5.C30mdk.i586.rpm
8a8c0a27c10485d7905946f9d87450aa corporate/3.0/RPMS/postgresql-devel-7.4.1-2.5.C30mdk.i586.rpm
6c5c1595e1e44818c46d2d3591b0b3bc corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.5.C30mdk.i586.rpm
59a9a365b643025a1165af9d392f5bbf corporate/3.0/RPMS/postgresql-server-7.4.1-2.5.C30mdk.i586.rpm
42f850d67cb9eabd30c72639d199d15c corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.5.C30mdk.i586.rpm
2c1a549736575e2ea17e8bc677a60d6b corporate/3.0/RPMS/postgresql-test-7.4.1-2.5.C30mdk.i586.rpm
1a5d1e1335c762cffdae8ef99f9ee8b0 corporate/3.0/SRPMS/postgresql-7.4.1-2.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
61cf52dae208a64c9d9a86f7f84e4715 x86_64/corporate/3.0/RPMS/lib64ecpg3-7.4.1-2.5.C30mdk.x86_64.rpm
4650e70174d13b7532bd2e3ce34bc7d2 x86_64/corporate/3.0/RPMS/lib64ecpg3-devel-7.4.1-2.5.C30mdk.x86_64.rpm
75f69e6e12e87aea7f26d70fc98bd41a x86_64/corporate/3.0/RPMS/lib64pgtcl2-7.4.1-2.5.C30mdk.x86_64.rpm
46a0b82d33e6c3039edc97df1e7c101d x86_64/corporate/3.0/RPMS/lib64pgtcl2-devel-7.4.1-2.5.C30mdk.x86_64.rpm
0e3f53f79b8c8a2ac40fd8a74c3e22ed x86_64/corporate/3.0/RPMS/lib64pq3-7.4.1-2.5.C30mdk.x86_64.rpm
8eb7832db36961e35882f7a6968285eb x86_64/corporate/3.0/RPMS/lib64pq3-devel-7.4.1-2.5.C30mdk.x86_64.rpm
d2333ac12f0da54186d9d7cbad4cf0a8 x86_64/corporate/3.0/RPMS/postgresql-7.4.1-2.5.C30mdk.x86_64.rpm
86d61ab130fe5fc1a2eb4ac8a34e458d x86_64/corporate/3.0/RPMS/postgresql-devel-7.4.1-2.5.C30mdk.x86_64.rpm
b3f04130766368997f072ad35d96fb05 x86_64/corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.5.C30mdk.x86_64.rpm
18cf866bcff3fb0de49c96beb564023e x86_64/corporate/3.0/RPMS/postgresql-server-7.4.1-2.5.C30mdk.x86_64.rpm
5393b957bc89d366e87bd16c68dd828c x86_64/corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.5.C30mdk.x86_64.rpm
31809ff793c8e22bfd8323e16b85580f x86_64/corporate/3.0/RPMS/postgresql-test-7.4.1-2.5.C30mdk.x86_64.rpm
1a5d1e1335c762cffdae8ef99f9ee8b0 x86_64/corporate/3.0/SRPMS/postgresql-7.4.1-2.5.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com




Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/mdksa_2005093__updated_postgresql_packages.html)