Detalji

Uočeno je nekoliko sigurnosnih ranjivosti u radu programskog paketa PostgreSQL za operacijski sustav Fedora 13. Riječ je o sustavu za upravljanje objektno relacijskim bazama podataka. Propusti se javljaju zbog neodgovarajuće analize određenih tokena iz SQL upita što rezultira pojavom prepisivanja memorijskog međuspremnika. Ovlašteni korisnik može iskoristiti propuste za izvođenje DoS napada ili pokretanje proizvoljnog programskog koda. Svi se korisnici upućuju na instalaciju odgovarajuće programske nadogradnje. 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0963
2011-02-01 20:15:13
--------------------------------------------------------------------------------

Name        : postgresql
Product     : Fedora 13
Version     : 8.4.7
Release     : 1.fc13
URL         : http://www.postgresql.org/
Summary     : PostgreSQL client programs
Description :
PostgreSQL is an advanced Object-Relational database management system
(DBMS) that supports almost all SQL constructs (including
transactions, subselects and user-defined types and functions). The
postgresql package includes the client programs and libraries that
you'll need to access a PostgreSQL DBMS server.  These PostgreSQL
client programs are programs that directly manipulate the internal
structure of PostgreSQL databases on a PostgreSQL server. These client
programs can be located on the same machine with the PostgreSQL
server, or may be on a remote machine which accesses a PostgreSQL
server over a network connection. This package contains the docs
in HTML for the whole package, as well as command-line utilities for
managing PostgreSQL databases on a PostgreSQL server.

If you want to manipulate a PostgreSQL database on a local or remote
PostgreSQL
server, you need this package. You also need to install this package
if you're installing the postgresql-server package.

--------------------------------------------------------------------------------
Update Information:

Update to PostgreSQL 8.4.7, for various fixes described at
http://www.postgresql.org/docs/8.4/static/release-8-4-7.html
including the fix for CVE-2010-4015
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb  1 2011 Tom Lane <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 8.4.7-1
- Update to PostgreSQL 8.4.7, for various fixes described at
  http://www.postgresql.org/docs/8.4/static/release-8-4-7.html
  including the fix for CVE-2010-4015
Resolves: #674296
* Thu Dec 16 2010 Tom Lane <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 8.4.6-1
- Update to PostgreSQL 8.4.6, for various fixes described at
  http://www.postgresql.org/docs/8.4/static/release-8-4-6.html
- Ensure we don't package any .gitignore files from the source tarball
Related: #642210
* Tue Oct  5 2010 Tom Lane <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 8.4.5-1
- Update to PostgreSQL 8.4.5, for various fixes described at
  http://www.postgresql.org/docs/8.4/static/release-8-4-5.html
  including the fix for CVE-2010-3433
Related: #639371
- Add -p "$pidfile" to initscript's status call to improve corner cases.
Related: #561010
- Duplicate COPYRIGHT in -libs subpackage, per revised packaging guidelines
* Mon May 17 2010 Tom Lane <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 8.4.4-1
- Update to PostgreSQL 8.4.4, for various fixes described at
  http://www.postgresql.org/docs/8.4/static/release-8-4-4.html
  including fixes for CVE-2010-1169 and CVE-2010-1170
Resolves: #593032
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #664402 - CVE-2010-4015 PostgreSQL: Stack-based buffer overflow by
processing certain tokens from SQL query string when intarray module enabled
        https://bugzilla.redhat.com/show_bug.cgi?id=664402
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update postgresql' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh