U radu programskih paketa PostgreSQL i PostgreSQL84 uočena su tri nova sigurnosna nedostatka. Udaljeni ih napadač može iskoristiti za otkrivanje podataka, dobivanje većih privilegija i neovlašteni pristup sustavu.
| Paket: | PostgreSQL 9.x, postgresql84 8.x |
| Operacijski sustavi: | CentOS |
| Kritičnost: | 5 |
| Problem: | nepravilno rukovanje lozinkama, pogreška u programskoj komponenti |
| Iskorištavanje: | udaljeno |
| Posljedica: | dobivanje većih privilegija, neovlašteni pristup sustavu, otkrivanje osjetljivih informacija |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2012-0866, CVE-2012-0867, CVE-2012-0868 |
| Izvorni ID preporuke: | 2012:0678 |
| Izvor: | CentOS |
| Problem: | |
| Sigurnosni propusti se javljaju zbog nepravilne implementacije komponente "pg_dump", neodgovarajuće provjere SSL certifikata te greške u funkciji "CREATE_TRIGGER" koja na provjerava dozvole pristupa. |
|
| Posljedica: | |
| Udaljeni napadač navedene ranjivosti može iskoristiti za dobivanje većih ovlasti i neovlašteni pristup sustavu, te za otkrivanje osjetljivih informacija. |
|
| Rješenje: | |
| Rješenje problema sigurnosti je korištenje dostupnih nadogradnji i zakrpa. |
|
Izvorni tekst preporuke
CentOS Errata and Security Advisory 2012:0678 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0678.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
84ec4f5147f1794dedf496cb3be490a0ded24073018e92cd3a4c931a7d9598dc
postgresql-8.4.11-1.el6_2.i686.rpm
89734dd986e1034152894cda4bdf04c749119a16a02832523d5a090307ca252a
postgresql-contrib-8.4.11-1.el6_2.i686.rpm
88413cb4bddde1936f63856a82be7a53de34e631e17345566911ca7afb863251
postgresql-devel-8.4.11-1.el6_2.i686.rpm
1b884f3abc6605bf2025f2067bec39c31a0cacacc16dc0d966d76f3aaeb1c620
postgresql-docs-8.4.11-1.el6_2.i686.rpm
13b2901269df3ee359251cefacbe0bcace57f864d50c1baa5b0e424a4673b461
postgresql-libs-8.4.11-1.el6_2.i686.rpm
7cc5947da57702c0b4c3e73fa22396b7e12a12fb4b8a2477bf6670e4288cda3a
postgresql-plperl-8.4.11-1.el6_2.i686.rpm
aa86384959a48961fd501cda81decf2cf976137160a314119c2ec2595696b6ae
postgresql-plpython-8.4.11-1.el6_2.i686.rpm
8fdceea801228c3d31b3e2985532de498cf657a4cd4ae68815085d93e650a064
postgresql-pltcl-8.4.11-1.el6_2.i686.rpm
0622f5213344c45877889c832ba3111c31347488e4664c6d858add0b57d01977
postgresql-server-8.4.11-1.el6_2.i686.rpm
286d911fda4d2e94cb6d8a4521a83b0e837c73345cc615b9e6ea7380741eb089
postgresql-test-8.4.11-1.el6_2.i686.rpm
x86_64:
84ec4f5147f1794dedf496cb3be490a0ded24073018e92cd3a4c931a7d9598dc
postgresql-8.4.11-1.el6_2.i686.rpm
a96253bf764b2057cc323104b566c771515f44bf1299106fbcb08da7118e5693
postgresql-8.4.11-1.el6_2.x86_64.rpm
f7fb62a9cf0279c60685097a8194ded94b899b7c9e0a20c5a931ada9fe37614f
postgresql-contrib-8.4.11-1.el6_2.x86_64.rpm
88413cb4bddde1936f63856a82be7a53de34e631e17345566911ca7afb863251
postgresql-devel-8.4.11-1.el6_2.i686.rpm
ca10ecc2037a9fcb51d15d034b038224d630dca0c21136c0d11fa2ea26d41c39
postgresql-devel-8.4.11-1.el6_2.x86_64.rpm
5f45840308a4a025d2aa713bf84911fb5a54926083179391d987f3399e6a9dd2
postgresql-docs-8.4.11-1.el6_2.x86_64.rpm
13b2901269df3ee359251cefacbe0bcace57f864d50c1baa5b0e424a4673b461
postgresql-libs-8.4.11-1.el6_2.i686.rpm
bf31aecd652f3f7ae2ee08970d01f3d6edf09be5a3bc8a03a2783c70d149bd61
postgresql-libs-8.4.11-1.el6_2.x86_64.rpm
5dd9c2f77df7684ab88fd684bd4d630647c536a999046ba4801c6e3cbfb7b3be
postgresql-plperl-8.4.11-1.el6_2.x86_64.rpm
8efdc41bd5431bf676e9d8204162fc8c28a2cd58b5b3efdd7d668848fac5cacc
postgresql-plpython-8.4.11-1.el6_2.x86_64.rpm
78d06ac42b581899a9abb8c600ecaa2f2afdb44d3ea5905b7a372920fcb32266
postgresql-pltcl-8.4.11-1.el6_2.x86_64.rpm
9f30336bff78813a74a99da35a658129ca3ba927bd91e02d260e1a7ba741bafe
postgresql-server-8.4.11-1.el6_2.x86_64.rpm
ef6e413c743edbfa02f7ee7d616cc5149aa910b3aa684336c750a349e217e1a9
postgresql-test-8.4.11-1.el6_2.x86_64.rpm
Source:
b82c20acb2fa0e5742bc2f956bd033ebc496f84e678faacda57aa7a8e5f8d4af
postgresql-8.4.11-1.el6_2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
CentOS Errata and Security Advisory 2012:0678 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0678.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
8abb3bab3559e3f42e1f85ffbc0bb809e582035c569f458c0a9b848bb64f87fe
postgresql84-8.4.11-1.el5_8.i386.rpm
83c207fcac0b1ce8b42698ccf0881c99cfed435c423822369bffda4ba74d5c05
postgresql84-contrib-8.4.11-1.el5_8.i386.rpm
42249c01ae6cf19eb18da8008b5d0db1fcbe735fa58e2937a1ee0efb88f2915a
postgresql84-devel-8.4.11-1.el5_8.i386.rpm
c8c2228e2d8ea41be661f29065f0a3af7627f63b4314bb94ba9d1d1e02ddbb84
postgresql84-docs-8.4.11-1.el5_8.i386.rpm
3d296cf4a88a86fb8a4f58e634ab473dc2a8d0a019007f7f0058c7f2d33d6820
postgresql84-libs-8.4.11-1.el5_8.i386.rpm
90bb183a7ef0d10a5483ee6b137927ba33ff88d7811ac4511343270425d84372
postgresql84-plperl-8.4.11-1.el5_8.i386.rpm
f6db9b1bd7ae1be6451624b6ee4ea6de9a2e86fbfbcd6601f753351294261406
postgresql84-plpython-8.4.11-1.el5_8.i386.rpm
526332f28787dadf3000c1ab09600881a6495b460bc2f743641c0bd2fa80bef6
postgresql84-pltcl-8.4.11-1.el5_8.i386.rpm
6aca09b885b2ad65e9b1683983c9ddbf23c309bbb4b2bb1f0579d5396856297c
postgresql84-python-8.4.11-1.el5_8.i386.rpm
3a97d9723c3f206098efdb906a1fb7e62468b06ed64558ee119d9616d46ec13e
postgresql84-server-8.4.11-1.el5_8.i386.rpm
9e4752564d0ab270d035f10a92a7ea6cdfc9d8fa4a9d22ea74ac2d3a4aa3fd7e
postgresql84-tcl-8.4.11-1.el5_8.i386.rpm
ccad7cbe50a53077b342a60d144d6699fb8a3b1b41b55cf41f93c6dd7c36cb36
postgresql84-test-8.4.11-1.el5_8.i386.rpm
x86_64:
500e46b654ba7753fabc889955aa48e1b9439761cd030013b00919bd30b120fb
postgresql84-8.4.11-1.el5_8.x86_64.rpm
5dfdc5335ae2c890881f4f85bfa1c9324c6df2a19a5f5163fd65e697b57650de
postgresql84-contrib-8.4.11-1.el5_8.x86_64.rpm
42249c01ae6cf19eb18da8008b5d0db1fcbe735fa58e2937a1ee0efb88f2915a
postgresql84-devel-8.4.11-1.el5_8.i386.rpm
e73e15cc41bd77b74ccd56a7dc30827012a135cd65ee1828c964c977e329e0ec
postgresql84-devel-8.4.11-1.el5_8.x86_64.rpm
36b6b381f05f332f3ff876178938658a89f2db4f275b83ec9f26cbe0e3b36fad
postgresql84-docs-8.4.11-1.el5_8.x86_64.rpm
3d296cf4a88a86fb8a4f58e634ab473dc2a8d0a019007f7f0058c7f2d33d6820
postgresql84-libs-8.4.11-1.el5_8.i386.rpm
b7bfc4008181d910ea382d9aea5cbe82ab8bd991b3c9f31b2226ad49d31d4913
postgresql84-libs-8.4.11-1.el5_8.x86_64.rpm
cb0a9c7f68dc8dae12ac6e40541792acfbcefb11aabb0804f55d3304d4c713cf
postgresql84-plperl-8.4.11-1.el5_8.x86_64.rpm
95b626e8268e45fe4109f36836f339d1314a6148f1108d86d93319b795d27a2a
postgresql84-plpython-8.4.11-1.el5_8.x86_64.rpm
02ac4b3d6bc6681ee661f3d59350c2839366aadc179db456e4c0782a2e98822b
postgresql84-pltcl-8.4.11-1.el5_8.x86_64.rpm
746acbf7c495a78abb980dc37302cda9e54a680c04d35c73ec65b4503e7c21e7
postgresql84-python-8.4.11-1.el5_8.x86_64.rpm
07b53de3f60bc3f69717f4b89ca5f68c41c0610e19061c55b747c33ab6d85034
postgresql84-server-8.4.11-1.el5_8.x86_64.rpm
3b17d76640ad3b46e483c72bf852f6f7cb03a705c6d5ca24d5c7e6184277f1eb
postgresql84-tcl-8.4.11-1.el5_8.x86_64.rpm
4b26e4074ec30566f2db13fb64bdc6ff4a83558b0d9d900bfba440e24bb2699e
postgresql84-test-8.4.11-1.el5_8.x86_64.rpm
Source:
08b4e204de306927f9a5dcca328d525c5e28a9369e06272b503ac789359051a0
postgresql84-8.4.11-1.el5_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
CentOS Errata and Security Advisory 2012:0677 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0677.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
f9e276c942b735df8aaa8f64f17a141d718a9804bff7773f1ff06a07fd47db83
postgresql-8.1.23-4.el5_8.i386.rpm
c3a4e0955658e0c632b3fb0b3e85a9992e15a897d92e8eca6f3c777201a6b4df
postgresql-contrib-8.1.23-4.el5_8.i386.rpm
00d92787a9c7de634e45cdf1822b3a9cf8913b2084ce13581ee5b23a2a06b577
postgresql-devel-8.1.23-4.el5_8.i386.rpm
f4e273491ee6627d5057071481e6ec0e928b11fcb9fef278bbc98bdd04d7b6c4
postgresql-docs-8.1.23-4.el5_8.i386.rpm
0bd5d29aba396fca05372358453672816f730ab01b5f03c6a8b30ddaedfb22a7
postgresql-libs-8.1.23-4.el5_8.i386.rpm
37a059f6214a5c541c9714cdbde33100b7407edfd3d674af20c373468297d665
postgresql-pl-8.1.23-4.el5_8.i386.rpm
805ad49d0d49f53984bba1dd0065fd354f0cdd50c06ccbdad0234e20658767f5
postgresql-python-8.1.23-4.el5_8.i386.rpm
d6fa4da806c0dba29c50742e1ce816f77dd092791ecfa0af9c3aeb8371b5ba00
postgresql-server-8.1.23-4.el5_8.i386.rpm
00235559b90095c8374f6b11e40615331050d3f881d9c071240f974e03611ea6
postgresql-tcl-8.1.23-4.el5_8.i386.rpm
c5dd661f2503a79dc2ed8e002fc462851ca6ca2c1b4c0cc9dbac8bca723c816f
postgresql-test-8.1.23-4.el5_8.i386.rpm
x86_64:
44551ba6bef3bb32f129aabf8b30b5b1a8f5e97532741753be994aab0d2ec4dd
postgresql-8.1.23-4.el5_8.x86_64.rpm
0aecec19127f3552e7ce2f3952913d1313e601047cf595c1e7beeaf83ba289fc
postgresql-contrib-8.1.23-4.el5_8.x86_64.rpm
00d92787a9c7de634e45cdf1822b3a9cf8913b2084ce13581ee5b23a2a06b577
postgresql-devel-8.1.23-4.el5_8.i386.rpm
9fcfc89dc721d947879dddbe9a0d45c4820494695ebe25fa696aeef2a74f8ee6
postgresql-devel-8.1.23-4.el5_8.x86_64.rpm
d016311279608f102e451e1018349b1b2fbf1e9ef406496f47e465139972f50b
postgresql-docs-8.1.23-4.el5_8.x86_64.rpm
0bd5d29aba396fca05372358453672816f730ab01b5f03c6a8b30ddaedfb22a7
postgresql-libs-8.1.23-4.el5_8.i386.rpm
c01f4c5d6d06aa2184e6c88171acdaf414f5e0d6af8fd6555cb0d0529eccf381
postgresql-libs-8.1.23-4.el5_8.x86_64.rpm
87aa73348e1081cc0c4177baf824584ca1a1ffcd8f5fc663ab59f3ba1a1ae138
postgresql-pl-8.1.23-4.el5_8.x86_64.rpm
b03eaec63f92c8533a05d90b45102cc47fdadcff3b6a0b7f5e3aad6e47158c9c
postgresql-python-8.1.23-4.el5_8.x86_64.rpm
0a9cfa5fe55a74078257ecb6db8227062884f8d966dded93b8e606504462e788
postgresql-server-8.1.23-4.el5_8.x86_64.rpm
b0a2dabc127be160ad32950118dfc598aeec406ffeac7d1ba228beee0f39d843
postgresql-tcl-8.1.23-4.el5_8.x86_64.rpm
3c73ff8898bf449d8bad68edd87c647cb5918c51eb5fff7c6837a1329b906fd4
postgresql-test-8.1.23-4.el5_8.x86_64.rpm
Source:
c16d2a9298ed52cbb8bc0b84fcdefa98a02f9854adbf8feef7830e24d4b0575a
postgresql-8.1.23-4.el5_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
Posljednje sigurnosne preporuke