Kod programskog paketa PostgreSQL uočen je novi sigurnosni propust kojeg napadač može iskoristiti za dobivanje većih ovlasti i zaobilaženje postavljenih ograničenja.
Paket:
PostgreSQL 9.x
Operacijski sustavi:
CentOS
Kritičnost:
4.4
Problem:
pogreška u programskoj funkciji
Iskorištavanje:
lokalno/udaljeno
Posljedica:
dobivanje većih privilegija, zaobilaženje postavljenih ograničenja
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-2143
Izvorni ID preporuke:
2012:1036
Izvor:
CentOS
Problem:
Sigurnosni propust nastaje uslijed pogrešne implementacije transformacije lozinki korištenjem DES (eng. Data Encryption Standard) algoritma u funkciji crypt().
Posljedica:
Zloćudni korisnik spomenutu ranjivost može iskoristiti za zaobilaženje ograničenja i dobivanje većih privilegija u sustavu.
Rješenje:
Rješenje problema sigurnosti je nadogradnja paketa na novije inačice.
CentOS Errata and Security Advisory 2012:1036 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1036.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
068825619d5167000cb31c985932b60d79424045d1324d92fe986e95ec93e29a
postgresql-8.1.23-5.el5_8.i386.rpm
890f3603e5356455b3182f54461cd19c7d41116a09ec6db74ca5ef9c42b22e48
postgresql-contrib-8.1.23-5.el5_8.i386.rpm
82d884b1830063574adf5f0a24e4596fd17b15f7784ed415411d7be4c06dd61b
postgresql-devel-8.1.23-5.el5_8.i386.rpm
1c8d12378717bdb45aba7c683e25070a290c511f70bdadcff3cfe60cc3f2621d
postgresql-docs-8.1.23-5.el5_8.i386.rpm
f9323d2bbe23685c2aeb791ccd5bbe52b6148aeba58b3d17f44e1a0fc01398a9
postgresql-libs-8.1.23-5.el5_8.i386.rpm
bff4b250013135713e2de5c2b876b5474efb13ccd184532ab6329488b3d086e7
postgresql-pl-8.1.23-5.el5_8.i386.rpm
54d78562eca1304b6adfca3dbdf8f5a2a43d18da5e155de086732234557b4f33
postgresql-python-8.1.23-5.el5_8.i386.rpm
289f3342f293349da036336247f687f2c7c5be33131988c384106672b9516cdd
postgresql-server-8.1.23-5.el5_8.i386.rpm
c3489d03276c8d0d02b75fba30cb7a67e08627fb3dd45c66b2c7af52c9a241b7
postgresql-tcl-8.1.23-5.el5_8.i386.rpm
e80d31dc3c3739b27cd721f804049c1d4d70e3e919da823f39c10940759a2387
postgresql-test-8.1.23-5.el5_8.i386.rpm
x86_64:
a6c75984db6199a2465d9dc1aa854ebac156a70ecc770dbcdd7604b61df8f64b
postgresql-8.1.23-5.el5_8.x86_64.rpm
bb9ac507c3c11fb95931b8616a9ba6d63dc2d0ff3b65d5255aa553d4ca0a042d
postgresql-contrib-8.1.23-5.el5_8.x86_64.rpm
82d884b1830063574adf5f0a24e4596fd17b15f7784ed415411d7be4c06dd61b
postgresql-devel-8.1.23-5.el5_8.i386.rpm
1ba605e0b2b78ea82bf0a47039afb1815d88e543bdf81fa21a7bf6c99daf3245
postgresql-devel-8.1.23-5.el5_8.x86_64.rpm
b64fc85e7e4e3b31cdeaff6696977b958e3e5cb870dc4f29c4e8bbeda005160d
postgresql-docs-8.1.23-5.el5_8.x86_64.rpm
f9323d2bbe23685c2aeb791ccd5bbe52b6148aeba58b3d17f44e1a0fc01398a9
postgresql-libs-8.1.23-5.el5_8.i386.rpm
9420dd46e63dab27dee995466599792ba2a25375061514fdd74d897115fcda2a
postgresql-libs-8.1.23-5.el5_8.x86_64.rpm
036f57360cd8811a247b4142ad6a460afa8f44e53746123e3bd6c2d4d432604d
postgresql-pl-8.1.23-5.el5_8.x86_64.rpm
747ba5539a1d0e4d522509dcb3577faca157b81312fe7d89a3cbdf9d5a0c8bb3
postgresql-python-8.1.23-5.el5_8.x86_64.rpm
aa7d55e0c047114cc3e5df3abe0e58014c0aa893f62ab3b883abc84fbf738b23
postgresql-server-8.1.23-5.el5_8.x86_64.rpm
e01c08c8b102d8a67bea5480af1724fededb70895d098337fbaa5a93d1a93745
postgresql-tcl-8.1.23-5.el5_8.x86_64.rpm
af054867d22c03a46ece113ed28b19185701a38ad769bc0fd1fd3005e7be52ad
postgresql-test-8.1.23-5.el5_8.x86_64.rpm
Source:
123ff671d4e58c9ead292f621a491ee2515db40dadb740b52e01c4c7df030cd6
postgresql-8.1.23-5.el5_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
CentOS Errata and Security Advisory 2012:1037 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1037.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
0aee8850022e9bba9d1781143410fd2e0e0256def64dfb283c9577ebf202ed36
postgresql84-8.4.12-1.el5_8.i386.rpm
4474a797b726419a4963c23c0f385b6f040f6385c37dcac4780f0636d3d355ca
postgresql84-contrib-8.4.12-1.el5_8.i386.rpm
08abc8b6064d36b758afbad45e3f2ccf36fa955ccf71d2e467f36c3c49c76cde
postgresql84-devel-8.4.12-1.el5_8.i386.rpm
ac8eead8d47c067c62e0a314bd548d6e9f5bbe56e4205550b58bc329a8c46bfa
postgresql84-docs-8.4.12-1.el5_8.i386.rpm
29bea2c35cd9e7ab7eec6e352d44d6ea6f7448756564c8a37bc9d8b344ca70f5
postgresql84-libs-8.4.12-1.el5_8.i386.rpm
cf3c26bf146e54dc9aeb41099ecd397d89dc9d8070034526347004556eda61b3
postgresql84-plperl-8.4.12-1.el5_8.i386.rpm
6879486622c0eb4e6665fc7617226839b727601240f34c88c027487f45ee7668
postgresql84-plpython-8.4.12-1.el5_8.i386.rpm
5e91d00fca70059f2e3c7c6cb6453fccd7a33c26296bf8b9e51210c9f4d6bca7
postgresql84-pltcl-8.4.12-1.el5_8.i386.rpm
89af02bce052b640d26fb4a633cd3f6640f27b7b21c41967b4fd8f3309faf6c1
postgresql84-python-8.4.12-1.el5_8.i386.rpm
eb879bde23385acc20c414e111634a6074f619ed639fec09e6459283f12680e0
postgresql84-server-8.4.12-1.el5_8.i386.rpm
28703119375f45de12e5f950cf6802faf28400767df4253b0b39aca03f795fb9
postgresql84-tcl-8.4.12-1.el5_8.i386.rpm
1726357d79af0e8faf23d9560179b4fda677452fdab12cbea988984384787c10
postgresql84-test-8.4.12-1.el5_8.i386.rpm
x86_64:
4258aa4305f62e27f7fedcc548eb55f1b6460e29d5b0df2deb7bbefec50abd78
postgresql84-8.4.12-1.el5_8.x86_64.rpm
1888530bebb3adb9b918275b76e224462c608065d7ab2dd960597e09eb5a254e
postgresql84-contrib-8.4.12-1.el5_8.x86_64.rpm
08abc8b6064d36b758afbad45e3f2ccf36fa955ccf71d2e467f36c3c49c76cde
postgresql84-devel-8.4.12-1.el5_8.i386.rpm
c0de3996a717f36e088e66b48a48ad2e6aea1dbdeac77e781ff7da190af3532a
postgresql84-devel-8.4.12-1.el5_8.x86_64.rpm
b7db2527ec60ea4bbf145e91a1482df2d7d939da23ed84f42eb586231c55922e
postgresql84-docs-8.4.12-1.el5_8.x86_64.rpm
29bea2c35cd9e7ab7eec6e352d44d6ea6f7448756564c8a37bc9d8b344ca70f5
postgresql84-libs-8.4.12-1.el5_8.i386.rpm
bf0291f63f7b20f1db2e169407d47fc21e8dfd2bea3756e394b2d8fa39581d76
postgresql84-libs-8.4.12-1.el5_8.x86_64.rpm
f19837fadfb113eb966c8349df70f552a6d46a5a17075cb0a010bb6e55b3a41d
postgresql84-plperl-8.4.12-1.el5_8.x86_64.rpm
470626726e0e74cf3fe21deb533e2572fc09b63ac10e9c7e07f8222bdfb74a2e
postgresql84-plpython-8.4.12-1.el5_8.x86_64.rpm
3ed04a9a9f952aa6def266d8b18428c1c6cedc77a53876b0980b5a9dda06e26a
postgresql84-pltcl-8.4.12-1.el5_8.x86_64.rpm
d04a85ba9b9895fa330f54b32ce209ea4b60b36848678ff8a1ba81e7b316678c
postgresql84-python-8.4.12-1.el5_8.x86_64.rpm
ec157a8627ad7f4926d7c3aa038e5ee77ef4a01129dd47cae748cfec1c267058
postgresql84-server-8.4.12-1.el5_8.x86_64.rpm
47ed7af65d0ce54e35d2473018d002352920aa7c590356d46bf3a6a0f91b4493
postgresql84-tcl-8.4.12-1.el5_8.x86_64.rpm
85d053cc64fd5b4cde4e83215b0bdfed9b9aecaec03ae5c481744cbb734c211a
postgresql84-test-8.4.12-1.el5_8.x86_64.rpm
Source:
0734957d4282e9990e04c93a3513e4a1791b12dbf50df399acb13c7493cd51bc
postgresql84-8.4.12-1.el5_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
Posljednje sigurnosne preporuke