U radu programskog paketa PostgreSQL uočena je sigurnosna ranjivost koja napadaču omogućuje otkrivanje zaporki.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:161
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : postgresql
 Date    : October 24, 2011
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in postgresql:
 
 contrib/pg_crypto's blowfish encryption code could give wrong results
 on platforms where char is signed (which is most), leading to encrypted
 passwords being weaker than they should be (CVE-2011-2483).
 
 Additionally corrected ossp-uuid packages as well as corrected support
 in postgresql 9.0.x are being provided for Mandriva Linux 2011.
 
 This update provides a solution to this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
 http://www.postgresql.org/docs/8.3/static/release-8-3-15.html
 http://www.postgresql.org/docs/8.3/static/release-8-3-16.html
 http://www.postgresql.org/docs/8.4/static/release-8-4-8.html
 http://www.postgresql.org/docs/8.4/static/release-8-4-9.html
 http://www.postgresql.org/docs/9.0/static/release-9-0-5.html
 http://www.postgresql.org/support/security
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 6ad49497750e5b80e804aa82e9eab97c 
2010.1/i586/libecpg8.4_6-8.4.9-0.1mdv2010.2.i586.rpm
 08d09e6c12d81d1acadc0fc88d3ccf7c 
2010.1/i586/libpq8.4_5-8.4.9-0.1mdv2010.2.i586.rpm
 66fdbfea66319e06651637314614b4e0 
2010.1/i586/postgresql8.4-8.4.9-0.1mdv2010.2.i586.rpm
 3d985bb93b57ff99149269bd33396d50 
2010.1/i586/postgresql8.4-contrib-8.4.9-0.1mdv2010.2.i586.rpm
 a2dbf648844152e72c4ad669ce2b332d 
2010.1/i586/postgresql8.4-devel-8.4.9-0.1mdv2010.2.i586.rpm
 214a0de8e359ca33b726fab8105c56a4 
2010.1/i586/postgresql8.4-docs-8.4.9-0.1mdv2010.2.i586.rpm
 3ecb6019615f630e8ad0ca3eaaaf1d1f 
2010.1/i586/postgresql8.4-pl-8.4.9-0.1mdv2010.2.i586.rpm
 0fdbe008296608f94fdc9273f9c4b67e 
2010.1/i586/postgresql8.4-plperl-8.4.9-0.1mdv2010.2.i586.rpm
 631b7a5e3279a999f263d131a11ac8c5 
2010.1/i586/postgresql8.4-plpgsql-8.4.9-0.1mdv2010.2.i586.rpm
 35d0163259485dd28d8ec7daba41a55d 
2010.1/i586/postgresql8.4-plpython-8.4.9-0.1mdv2010.2.i586.rpm
 5e1f0f2c87e32ca249fdbf04addb2730 
2010.1/i586/postgresql8.4-pltcl-8.4.9-0.1mdv2010.2.i586.rpm
 b4671c7e9513b36b218054f02bca32e1 
2010.1/i586/postgresql8.4-server-8.4.9-0.1mdv2010.2.i586.rpm 
 e36b9aea370f4ea290931fbd869cf6ba 
2010.1/SRPMS/postgresql8.4-8.4.9-0.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 bd613061738f1e4b148a1d624873b4cd 
2010.1/x86_64/lib64ecpg8.4_6-8.4.9-0.1mdv2010.2.x86_64.rpm
 2aca59f2cf01cdabf415597e2208b77f 
2010.1/x86_64/lib64pq8.4_5-8.4.9-0.1mdv2010.2.x86_64.rpm
 0a3c853b35cb2f78ce213d58d3465bad 
2010.1/x86_64/postgresql8.4-8.4.9-0.1mdv2010.2.x86_64.rpm
 54aec7056b8d65ca7c8cb75b6c9897b6 
2010.1/x86_64/postgresql8.4-contrib-8.4.9-0.1mdv2010.2.x86_64.rpm
 b23e350067f4f61e3ae7dc3d7607d7be 
2010.1/x86_64/postgresql8.4-devel-8.4.9-0.1mdv2010.2.x86_64.rpm
 6de72c3350ab4e0e81da997ca9b71fff 
2010.1/x86_64/postgresql8.4-docs-8.4.9-0.1mdv2010.2.x86_64.rpm
 56710e2f33740317dac0d94539025e8c 
2010.1/x86_64/postgresql8.4-pl-8.4.9-0.1mdv2010.2.x86_64.rpm
 d989b63b53a72f1ad8f767ce95ad1361 
2010.1/x86_64/postgresql8.4-plperl-8.4.9-0.1mdv2010.2.x86_64.rpm
 f646795ef43957063cd9013c5c203082 
2010.1/x86_64/postgresql8.4-plpgsql-8.4.9-0.1mdv2010.2.x86_64.rpm
 440c81835562deff1f19e8f654a3ccb4 
2010.1/x86_64/postgresql8.4-plpython-8.4.9-0.1mdv2010.2.x86_64.rpm
 c92a47b8b176224ad73ec684872c0496 
2010.1/x86_64/postgresql8.4-pltcl-8.4.9-0.1mdv2010.2.x86_64.rpm
 c9f6b92267657709ea389da9794714d7 
2010.1/x86_64/postgresql8.4-server-8.4.9-0.1mdv2010.2.x86_64.rpm 
 e36b9aea370f4ea290931fbd869cf6ba 
2010.1/SRPMS/postgresql8.4-8.4.9-0.1mdv2010.2.src.rpm

 Mandriva Linux 2011:
 8c9e4fdccd986663a222b38d078e9438 
2011/i586/libecpg9.0_6-9.0.5-0.1-mdv2011.0.i586.rpm
 4732b43b1d220ebdbcb9235e3c7ef164 
2011/i586/libossp-uuid++16-1.6.2-8.1-mdv2011.0.i586.rpm
 6eb0f7a6505e5f80eccc6259c12e6ccc 
2011/i586/libossp-uuid16-1.6.2-8.1-mdv2011.0.i586.rpm
 b73f283d5dbcf211def9c182b90491d7 
2011/i586/libossp-uuid_dce16-1.6.2-8.1-mdv2011.0.i586.rpm
 7d425f754975b8d99ae0262296d95955 
2011/i586/libossp-uuid-devel-1.6.2-8.1-mdv2011.0.i586.rpm
 d11a60a5e372ba1cd4b2e89e1bf1b530 
2011/i586/libpq9.0_5-9.0.5-0.1-mdv2011.0.i586.rpm
 4034835679a544e4e1bbc3638ba68c8e 
2011/i586/ossp-uuid-1.6.2-8.1-mdv2011.0.i586.rpm
 09d4b532351c71a6fab9ed626b88b1e9 
2011/i586/perl-OSSP-uuid-1.6.2-8.1-mdv2011.0.i586.rpm
 f562fe764feb4b8fa4669ab5fe5badeb 
2011/i586/php-OSSP-uuid-1.6.2-8.1-mdv2011.0.i586.rpm
 affb7a08e31f88652c8736b327b2e896 
2011/i586/postgresql9.0-9.0.5-0.1-mdv2011.0.i586.rpm
 7c9179398937b9b736f2a8bc1eaa9d45 
2011/i586/postgresql9.0-contrib-9.0.5-0.1-mdv2011.0.i586.rpm
 1022893536c9c9f4bf3017f6ac774388 
2011/i586/postgresql9.0-devel-9.0.5-0.1-mdv2011.0.i586.rpm
 40bd6639ec2ef40f323de7142f524e6e 
2011/i586/postgresql9.0-docs-9.0.5-0.1-mdv2011.0.i586.rpm
 e93d2c029729b01fea75812cdd6f1617 
2011/i586/postgresql9.0-pl-9.0.5-0.1-mdv2011.0.i586.rpm
 d8aa2b49c9e4526a35582e1494735a48 
2011/i586/postgresql9.0-plperl-9.0.5-0.1-mdv2011.0.i586.rpm
 6ee50d0e461985e200767a7cc6f3b90a 
2011/i586/postgresql9.0-plpgsql-9.0.5-0.1-mdv2011.0.i586.rpm
 88818f42ae3bd567af12a64b41cfda2c 
2011/i586/postgresql9.0-plpython-9.0.5-0.1-mdv2011.0.i586.rpm
 a045777446dd3beb495748ee7b50f85a 
2011/i586/postgresql9.0-pltcl-9.0.5-0.1-mdv2011.0.i586.rpm
 05144c91f8c7f4a6af12c6c8845c6216 
2011/i586/postgresql9.0-server-9.0.5-0.1-mdv2011.0.i586.rpm
 db7f0521eb6e4a674def8654c39ed544 
2011/i586/postgresql-OSSP-uuid-1.6.2-5.1-mdv2011.0.i586.rpm
 56b573310edc54120394bf151b8bf654 
2011/i586/postgresql-OSSP-uuid-1.6.2-8.1-mdv2011.0.i586.rpm 
 332948be973bfa26d5e1a54082394ae8  2011/SRPMS/ossp-uuid-1.6.2-8.1.src.rpm
 269bb81b0c82c2193c802e57b2e32066  2011/SRPMS/postgresql9.0-9.0.5-0.1.src.rpm

 Mandriva Linux 2011/X86_64:
 e3351db3cc03bfbc5b86402452a1c5c6 
2011/x86_64/lib64ecpg9.0_6-9.0.5-0.1-mdv2011.0.x86_64.rpm
 28faf6bddecb1401ca6f0ae3ca390c4e 
2011/x86_64/lib64ossp-uuid++16-1.6.2-8.1-mdv2011.0.x86_64.rpm
 9d98dbd5efba1c23d7d1dc0683076a1d 
2011/x86_64/lib64ossp-uuid16-1.6.2-8.1-mdv2011.0.x86_64.rpm
 b8d204efd9f37a1bdef8bb49a7d730b7 
2011/x86_64/lib64ossp-uuid_dce16-1.6.2-8.1-mdv2011.0.x86_64.rpm
 27af2ea7faa2f3632c0454009a51f783 
2011/x86_64/lib64ossp-uuid-devel-1.6.2-8.1-mdv2011.0.x86_64.rpm
 1b5af2a30aac53f2d2cae9a9901daaf9 
2011/x86_64/lib64pq9.0_5-9.0.5-0.1-mdv2011.0.x86_64.rpm
 b7d48734ed5176eb4b9d9496e161ee41 
2011/x86_64/ossp-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm
 1ac5de522646c67703bdaa712b0ec8b9 
2011/x86_64/perl-OSSP-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm
 0d81de7becc15a6baca9f62607b196f3 
2011/x86_64/php-OSSP-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm
 af3d5a5a7b42bf9f805a407563bcd57d 
2011/x86_64/postgresql9.0-9.0.5-0.1-mdv2011.0.x86_64.rpm
 e00be67b93a181dad3f7648498e08f52 
2011/x86_64/postgresql9.0-contrib-9.0.5-0.1-mdv2011.0.x86_64.rpm
 0f91b1e53750bcbe2b28b5a45f0949b7 
2011/x86_64/postgresql9.0-devel-9.0.5-0.1-mdv2011.0.x86_64.rpm
 5e7b7b58c09d004d3f62ac3c63ee3519 
2011/x86_64/postgresql9.0-docs-9.0.5-0.1-mdv2011.0.x86_64.rpm
 840077d3b88258aa07de31a7fe5117f7 
2011/x86_64/postgresql9.0-pl-9.0.5-0.1-mdv2011.0.x86_64.rpm
 c6c16faff77878077e99a7690dd9bd9a 
2011/x86_64/postgresql9.0-plperl-9.0.5-0.1-mdv2011.0.x86_64.rpm
 d74eebcd883d4a82a251dca65a76339f 
2011/x86_64/postgresql9.0-plpgsql-9.0.5-0.1-mdv2011.0.x86_64.rpm
 04a2ba1fc72676ef03248fa6aaf5e965 
2011/x86_64/postgresql9.0-plpython-9.0.5-0.1-mdv2011.0.x86_64.rpm
 17a1bb0f6961e312eb7ca66c18584c3f 
2011/x86_64/postgresql9.0-pltcl-9.0.5-0.1-mdv2011.0.x86_64.rpm
 7ab85a1a8ee66442cd5b213be477f7a1 
2011/x86_64/postgresql9.0-server-9.0.5-0.1-mdv2011.0.x86_64.rpm
 aaa307bda249a09d4da02d7b3b98dd24 
2011/x86_64/postgresql-OSSP-uuid-1.6.2-5.1-mdv2011.0.x86_64.rpm
 11b6f9dc3595d152b37c1f49fa618634 
2011/x86_64/postgresql-OSSP-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm 
 332948be973bfa26d5e1a54082394ae8  2011/SRPMS/ossp-uuid-1.6.2-8.1.src.rpm
 269bb81b0c82c2193c802e57b2e32066  2011/SRPMS/postgresql9.0-9.0.5-0.1.src.rpm

 Mandriva Enterprise Server 5:
 ce8f0d1d9ab515cb4a64a32a793f110c 
mes5/i586/libecpg8.3_6-8.3.16-0.1mdvmes5.2.i586.rpm
 a898795abc544fd0676eba3e2729a4cb 
mes5/i586/libpq8.3_5-8.3.16-0.1mdvmes5.2.i586.rpm
 e366d05130dc24feda61ddd84105dadb 
mes5/i586/postgresql8.3-8.3.16-0.1mdvmes5.2.i586.rpm
 1759b159fb4b17ce51af94e5e214a5bb 
mes5/i586/postgresql8.3-contrib-8.3.16-0.1mdvmes5.2.i586.rpm
 4052f4f111c5eec7a712170b0c1be169 
mes5/i586/postgresql8.3-devel-8.3.16-0.1mdvmes5.2.i586.rpm
 d977cf1098bf9c970e0179e30c4e487c 
mes5/i586/postgresql8.3-docs-8.3.16-0.1mdvmes5.2.i586.rpm
 245b66b478d044c08d066afb9f04388a 
mes5/i586/postgresql8.3-pl-8.3.16-0.1mdvmes5.2.i586.rpm
 385b2128cea82fd736aff3b450f087d5 
mes5/i586/postgresql8.3-plperl-8.3.16-0.1mdvmes5.2.i586.rpm
 8d8d4797c66c4849bcba33db497c8e7a 
mes5/i586/postgresql8.3-plpgsql-8.3.16-0.1mdvmes5.2.i586.rpm
 2903c6b08c9e82f1447a94ad724955e2 
mes5/i586/postgresql8.3-plpython-8.3.16-0.1mdvmes5.2.i586.rpm
 3c55656825609c1337fff2843d19907c 
mes5/i586/postgresql8.3-pltcl-8.3.16-0.1mdvmes5.2.i586.rpm
 9537477a620c7f81342c7bb123939320 
mes5/i586/postgresql8.3-server-8.3.16-0.1mdvmes5.2.i586.rpm 
 4d59b736bb0a8876ea27fb550ba5fa72 
mes5/SRPMS/postgresql8.3-8.3.16-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 778733aee5b4c91fbd2f31b162aaab00 
mes5/x86_64/lib64ecpg8.3_6-8.3.16-0.1mdvmes5.2.x86_64.rpm
 414fd0859d6637c99ecbe85d168f4c3d 
mes5/x86_64/lib64pq8.3_5-8.3.16-0.1mdvmes5.2.x86_64.rpm
 d8b54b7ff437422a0823ec1cf1bdcbb7 
mes5/x86_64/postgresql8.3-8.3.16-0.1mdvmes5.2.x86_64.rpm
 30d57cc0444d933b8de3f1a77d015a19 
mes5/x86_64/postgresql8.3-contrib-8.3.16-0.1mdvmes5.2.x86_64.rpm
 d957bfd1364abf7b87b1d12a77213274 
mes5/x86_64/postgresql8.3-devel-8.3.16-0.1mdvmes5.2.x86_64.rpm
 e04d80db207e6b7cd31d69cf06f5a117 
mes5/x86_64/postgresql8.3-docs-8.3.16-0.1mdvmes5.2.x86_64.rpm
 1a5c7bbc1c236402469ceb2325ff8006 
mes5/x86_64/postgresql8.3-pl-8.3.16-0.1mdvmes5.2.x86_64.rpm
 a4b4249760177eed26dbdf185ec5c75d 
mes5/x86_64/postgresql8.3-plperl-8.3.16-0.1mdvmes5.2.x86_64.rpm
 e55e7aadcd9b498710979918f5f0aeb8 
mes5/x86_64/postgresql8.3-plpgsql-8.3.16-0.1mdvmes5.2.x86_64.rpm
 d51d51412134eb2dfe4ec67d7da05176 
mes5/x86_64/postgresql8.3-plpython-8.3.16-0.1mdvmes5.2.x86_64.rpm
 89df472fb88dc6c54f5f8108697191e4 
mes5/x86_64/postgresql8.3-pltcl-8.3.16-0.1mdvmes5.2.x86_64.rpm
 b76c2785108d14496b50153c93be57bf 
mes5/x86_64/postgresql8.3-server-8.3.16-0.1mdvmes5.2.x86_64.rpm 
 4d59b736bb0a8876ea27fb550ba5fa72 
mes5/SRPMS/postgresql8.3-8.3.16-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOpYvXmqjQ0CJFipgRAq8+AKCwGOYsCwr705ZgSF60ZUCKkUOzLACbBCWq
Q5etHSuqmAVNBbDE4v0cAQU=
=ZCT4
-----END PGP SIGNATURE-----