Uočena dva nedostatka kod paketa postgresql

Uočeni su i ispravljeni propusti u programskom paketu postgresql. Potencijalni napadači ih mogu iskoristiti za DoS napad i kompromitaciju pojedinih sadržaja.

Paket:	PostgreSQL 9.x
Operacijski sustavi:	Mandriva Linux 2010.1, Mandriva Linux 2011, Mandriva Linux Enterprise Server 5.0
Kritičnost:	4.4
Problem:	neodgovarajuća provjera ulaznih podataka, pogreška u programskoj funkciji
Iskorištavanje:	udaljeno
Posljedica:	uskraćivanje usluga (DoS)
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2012-2143, CVE-2012-2655
Izvorni ID preporuke:	MDVSA-2012:092
Izvor:	Mandriva

Problem:
Uočena je greška u funkciji "crypt()" te neodgovarajuće rukovanje pozivom proceduralnih jezika.
Posljedica:
Zloćudni napadač može navedene propuste iskoristiti za napad uskraćivanjem usluga (DoS) i izmjenu određenih podataka.
Rješenje:
Rješenje problema sigurnosti je instalacija službenih nadogradnji.

Izvorni tekst preporuke

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:092
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : postgresql
 Date    : June 15, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in
 postgresql:
 
 Fix incorrect password transformation in contrib/pgcrypto&#039;s DES
 crypt() function (Solar Designer). If a password string contained the
 byte value 0x80, the remainder of the password was ignored, causing
 the password to be much weaker than it appeared. With this fix, the
 rest of the string is properly included in the DES hash. Any stored
 password values that are affected by this bug will thus no longer
 match, so the stored values may need to be updated (CVE-2012-2143).
 
 Ignore SECURITY DEFINER and SET attributes for a procedural language&#039;s
 call handler (Tom Lane). Applying such attributes to a call handler
 could crash the server (CVE-2012-2655).
 
 This advisory provides the latest versions of PostgreSQL that is not
 vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2655
 http://www.postgresql.org/docs/8.3/static/release-8-3-19.html
 http://www.postgresql.org/docs/8.4/static/release-8-4-12.html
 http://www.postgresql.org/docs/9.0/static/release-9-0-8.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 31e716bcf05db9b48f3550a71240c0c5 
2010.1/i586/libecpg8.4_6-8.4.12-0.1mdv2010.2.i586.rpm
 2b06427838d6c9da9e3a2250d46bbf77 
2010.1/i586/libpq8.4_5-8.4.12-0.1mdv2010.2.i586.rpm
 0d9eea713a681f0a1afe5058c8858508 
2010.1/i586/postgresql8.4-8.4.12-0.1mdv2010.2.i586.rpm
 f469befc008741292b48f676f6e7594b 
2010.1/i586/postgresql8.4-contrib-8.4.12-0.1mdv2010.2.i586.rpm
 cd43a60afb151f41e5532cbfdbd87a8f 
2010.1/i586/postgresql8.4-devel-8.4.12-0.1mdv2010.2.i586.rpm
 8242397b23fcd4dadf95aedecddc9bbd 
2010.1/i586/postgresql8.4-docs-8.4.12-0.1mdv2010.2.i586.rpm
 193eff696b587b39ea2d76d389b9588d 
2010.1/i586/postgresql8.4-pl-8.4.12-0.1mdv2010.2.i586.rpm
 cfe0dfff1179eadb28367137062e3f63 
2010.1/i586/postgresql8.4-plperl-8.4.12-0.1mdv2010.2.i586.rpm
 2ddf2d0e3ffc6a42f5fe7b59d4cb397c 
2010.1/i586/postgresql8.4-plpgsql-8.4.12-0.1mdv2010.2.i586.rpm
 1692696454818be65ebd6843b2071af1 
2010.1/i586/postgresql8.4-plpython-8.4.12-0.1mdv2010.2.i586.rpm
 0663c2e4731f0b251eeaa945b7063867 
2010.1/i586/postgresql8.4-pltcl-8.4.12-0.1mdv2010.2.i586.rpm
 a4e20a562ea2cfe827ed740276c26fff 
2010.1/i586/postgresql8.4-server-8.4.12-0.1mdv2010.2.i586.rpm 
 87ec6e03f819dfd6a6d0ddd4b49faada 
2010.1/SRPMS/postgresql8.4-8.4.12-0.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 952ffec02dacc14529546c038f1620d1 
2010.1/x86_64/lib64ecpg8.4_6-8.4.12-0.1mdv2010.2.x86_64.rpm
 4fabe0b7c83ce1316e05704947278165 
2010.1/x86_64/lib64pq8.4_5-8.4.12-0.1mdv2010.2.x86_64.rpm
 57691383c476a7ec09ecd8ea59e63ffe 
2010.1/x86_64/postgresql8.4-8.4.12-0.1mdv2010.2.x86_64.rpm
 95f22a8e62f990643caae129102154d1 
2010.1/x86_64/postgresql8.4-contrib-8.4.12-0.1mdv2010.2.x86_64.rpm
 328fd48956c65b492c6ac581a3bc5e96 
2010.1/x86_64/postgresql8.4-devel-8.4.12-0.1mdv2010.2.x86_64.rpm
 aaff2d79751fcf79d725774abcc0775c 
2010.1/x86_64/postgresql8.4-docs-8.4.12-0.1mdv2010.2.x86_64.rpm
 e417de571aa3411c67197ef43d4e9b99 
2010.1/x86_64/postgresql8.4-pl-8.4.12-0.1mdv2010.2.x86_64.rpm
 f7533cef4e593926bc010f4260f7b1b1 
2010.1/x86_64/postgresql8.4-plperl-8.4.12-0.1mdv2010.2.x86_64.rpm
 52e34c35fc3b0edf76e557d6a3631948 
2010.1/x86_64/postgresql8.4-plpgsql-8.4.12-0.1mdv2010.2.x86_64.rpm
 70fe1e458b09d882ed4d30245cb28e6e 
2010.1/x86_64/postgresql8.4-plpython-8.4.12-0.1mdv2010.2.x86_64.rpm
 5922cc411a1a0da57f73d774455e30c3 
2010.1/x86_64/postgresql8.4-pltcl-8.4.12-0.1mdv2010.2.x86_64.rpm
 ba669c2058fa72a3861b6631b2dd0933 
2010.1/x86_64/postgresql8.4-server-8.4.12-0.1mdv2010.2.x86_64.rpm 
 87ec6e03f819dfd6a6d0ddd4b49faada 
2010.1/SRPMS/postgresql8.4-8.4.12-0.1mdv2010.2.src.rpm

 Mandriva Linux 2011:
 bfc282293884669f2f9a70a496b8fdbf 
2011/i586/libecpg9.0_6-9.0.8-0.1-mdv2011.0.i586.rpm
 26e6ef59c62c9e60022cb46531b43fe8 
2011/i586/libpq9.0_5-9.0.8-0.1-mdv2011.0.i586.rpm
 63fa0fdeffc3d6c6649298243528be32 
2011/i586/postgresql9.0-9.0.8-0.1-mdv2011.0.i586.rpm
 3fb6213e2b73d974d2487cc6b63ae93c 
2011/i586/postgresql9.0-contrib-9.0.8-0.1-mdv2011.0.i586.rpm
 8724432a78b0405a47871472d3833450 
2011/i586/postgresql9.0-devel-9.0.8-0.1-mdv2011.0.i586.rpm
 55ed204a26f7caa0e9923dd5fe64a343 
2011/i586/postgresql9.0-docs-9.0.8-0.1-mdv2011.0.i586.rpm
 e2b291ed6993681fb5fdf778d0aa3001 
2011/i586/postgresql9.0-pl-9.0.8-0.1-mdv2011.0.i586.rpm
 d854e2c7cbe287ec9752517de725a95e 
2011/i586/postgresql9.0-plperl-9.0.8-0.1-mdv2011.0.i586.rpm
 812ff48ff0ae3080cd4caa91c71aecaf 
2011/i586/postgresql9.0-plpgsql-9.0.8-0.1-mdv2011.0.i586.rpm
 d6ccf9a1ea0de1d2181beb8905ecb147 
2011/i586/postgresql9.0-plpython-9.0.8-0.1-mdv2011.0.i586.rpm
 911db5377d27dadd70f69a40c2fdcac0 
2011/i586/postgresql9.0-pltcl-9.0.8-0.1-mdv2011.0.i586.rpm
 edb9c92ece4940f59fbcd64483ca1e9d 
2011/i586/postgresql9.0-server-9.0.8-0.1-mdv2011.0.i586.rpm 
 577118b95056f170481457c9b3e53c7d  2011/SRPMS/postgresql9.0-9.0.8-0.1.src.rpm

 Mandriva Linux 2011/X86_64:
 2aef3f6f025d8b4e9747358aaf252b4e 
2011/x86_64/lib64ecpg9.0_6-9.0.8-0.1-mdv2011.0.x86_64.rpm
 f57f9ed8f01b83b26d8c602455c1cc26 
2011/x86_64/lib64pq9.0_5-9.0.8-0.1-mdv2011.0.x86_64.rpm
 2c101ccdf890faa85f13b1ad04fd8262 
2011/x86_64/postgresql9.0-9.0.8-0.1-mdv2011.0.x86_64.rpm
 88c2f34ca727db81361c671b258e9fad 
2011/x86_64/postgresql9.0-contrib-9.0.8-0.1-mdv2011.0.x86_64.rpm
 0be1ff112f06f3f2163fdb117ff2a5a4 
2011/x86_64/postgresql9.0-devel-9.0.8-0.1-mdv2011.0.x86_64.rpm
 e818dd4f45cacc4b0f864b143478acef 
2011/x86_64/postgresql9.0-docs-9.0.8-0.1-mdv2011.0.x86_64.rpm
 23acd229918a41efc3c628dd83cbd7e6 
2011/x86_64/postgresql9.0-pl-9.0.8-0.1-mdv2011.0.x86_64.rpm
 c23b0d3fbe747bd1924454be72865e7f 
2011/x86_64/postgresql9.0-plperl-9.0.8-0.1-mdv2011.0.x86_64.rpm
 625a3d7a6801b91432ac3cb5fb8b352e 
2011/x86_64/postgresql9.0-plpgsql-9.0.8-0.1-mdv2011.0.x86_64.rpm
 d13395955947682259ec2ffe4487ec79 
2011/x86_64/postgresql9.0-plpython-9.0.8-0.1-mdv2011.0.x86_64.rpm
 be8318a2b1570ab6ed533c7307792e6f 
2011/x86_64/postgresql9.0-pltcl-9.0.8-0.1-mdv2011.0.x86_64.rpm
 7af925cf49133dffda95ac4523c2c961 
2011/x86_64/postgresql9.0-server-9.0.8-0.1-mdv2011.0.x86_64.rpm 
 577118b95056f170481457c9b3e53c7d  2011/SRPMS/postgresql9.0-9.0.8-0.1.src.rpm

 Mandriva Enterprise Server 5:
 7c2b370fc22fd1ebbbedd6e270661277 
mes5/i586/libecpg8.3_6-8.3.19-0.1mdvmes5.2.i586.rpm
 e9f17b9bc34e8dd6121a1b664d0a9c16 
mes5/i586/libpq8.3_5-8.3.19-0.1mdvmes5.2.i586.rpm
 ed02218566620f2fcfc51325751b0942 
mes5/i586/postgresql8.3-8.3.19-0.1mdvmes5.2.i586.rpm
 386a86f8d0e0ef2614a7a0cbce99e979 
mes5/i586/postgresql8.3-contrib-8.3.19-0.1mdvmes5.2.i586.rpm
 6fcce2c1c2322d1f5ee9a31ec9a6b1d2 
mes5/i586/postgresql8.3-devel-8.3.19-0.1mdvmes5.2.i586.rpm
 4f83f9daad2541d590ca62b8699f3095 
mes5/i586/postgresql8.3-docs-8.3.19-0.1mdvmes5.2.i586.rpm
 5d196e70073f0afb8ab2b670cf52eb85 
mes5/i586/postgresql8.3-pl-8.3.19-0.1mdvmes5.2.i586.rpm
 ec6704ff7cef00a7edfad27a9b2d7a6a 
mes5/i586/postgresql8.3-plperl-8.3.19-0.1mdvmes5.2.i586.rpm
 81bbf33a83a01d53ef68b4651307569d 
mes5/i586/postgresql8.3-plpgsql-8.3.19-0.1mdvmes5.2.i586.rpm
 fa8ee6cf056461f70307acd625515a41 
mes5/i586/postgresql8.3-plpython-8.3.19-0.1mdvmes5.2.i586.rpm
 0d9794e78fc46b17d383ea201649bc27 
mes5/i586/postgresql8.3-pltcl-8.3.19-0.1mdvmes5.2.i586.rpm
 67045bfceea8b7bf27941caafe519a6f 
mes5/i586/postgresql8.3-server-8.3.19-0.1mdvmes5.2.i586.rpm 
 f3f4560c3e22be0110284cefbcf1b693 
mes5/SRPMS/postgresql8.3-8.3.19-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 cdebff28e4c60391dfd2dc52f978b993 
mes5/x86_64/lib64ecpg8.3_6-8.3.19-0.1mdvmes5.2.x86_64.rpm
 ff60d315fdc1e8a791757b2911d236fc 
mes5/x86_64/lib64pq8.3_5-8.3.19-0.1mdvmes5.2.x86_64.rpm
 bad82ecc2ad8b57f4a32eeaaa87ea187 
mes5/x86_64/postgresql8.3-8.3.19-0.1mdvmes5.2.x86_64.rpm
 2ec6ff1a8c5539a2944e0de48b9d2a02 
mes5/x86_64/postgresql8.3-contrib-8.3.19-0.1mdvmes5.2.x86_64.rpm
 ff1306012e49ce28f2dcae3aae999f5a 
mes5/x86_64/postgresql8.3-devel-8.3.19-0.1mdvmes5.2.x86_64.rpm
 4f5f5ffa2b00e51ce059ed5a702013af 
mes5/x86_64/postgresql8.3-docs-8.3.19-0.1mdvmes5.2.x86_64.rpm
 be8117ab9602c3f5f72fa1808b9dce30 
mes5/x86_64/postgresql8.3-pl-8.3.19-0.1mdvmes5.2.x86_64.rpm
 cfb91f455841dbbecf55c5a7303aaf17 
mes5/x86_64/postgresql8.3-plperl-8.3.19-0.1mdvmes5.2.x86_64.rpm
 a976913613397da80a91dd6219e0db2d 
mes5/x86_64/postgresql8.3-plpgsql-8.3.19-0.1mdvmes5.2.x86_64.rpm
 b0bc7cf21a30d568b829161e28eeb966 
mes5/x86_64/postgresql8.3-plpython-8.3.19-0.1mdvmes5.2.x86_64.rpm
 2df355defa38bcf9131f7ef339748bbf 
mes5/x86_64/postgresql8.3-pltcl-8.3.19-0.1mdvmes5.2.x86_64.rpm
 2ccf2a380d34cb0ecebda54bb9d241ee 
mes5/x86_64/postgresql8.3-server-8.3.19-0.1mdvmes5.2.x86_64.rpm 
 f3f4560c3e22be0110284cefbcf1b693 
mes5/SRPMS/postgresql8.3-8.3.19-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFP2xZxmqjQ0CJFipgRAq4rAKDee6j9zabxWckO7x8NB4WU553yoQCgtrQu
/eGpYDiMrc6Dk0Vt0PkXpCg=
=bUYY
-----END PGP SIGNATURE-----

Uočena dva nedostatka kod paketa postgresql

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Uočena dva nedostatka kod paketa postgresql

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti