Paketname
postgresql
Datum
2012-02-29
Advisory ID
MDVSA-2012:026
Betroffene Versionen
2011 i586 , 2011 x86_64 , 2010.1 i586 , 2010.1 x86_64

Problembeschreibung

Multiple vulnerabilities has been discovered and corrected in
postgresql:

Permissions on a function called by a trigger are not properly checked
(CVE-2012-0866).

SSL certificate name checks are truncated to 32 characters, allowing
connection spoofing under some circumstances when using third party
certificate authorities (CVE-2012-0867).

Line breaks in object names can be exploited to execute arbitrary
SQL when reloading a pg_dump file (CVE-2012-0868).

This advisory provides the latest versions of PostgreSQL that is not
vulnerable to these issues.

Aktualisierte Pakete

2011 i586

 25a1dd4d27d6bdc7289251ecb52f42d9  2011/i586/libecpg9.0_6-9.0.7-0.1-mdv2011.0.i586.rpm
 4da4a70b065506d61eb0b3fae7e9a564  2011/i586/libpq9.0_5-9.0.7-0.1-mdv2011.0.i586.rpm
 62aa0b5091ed185fbab1030acb7ba350  2011/i586/postgresql9.0-9.0.7-0.1-mdv2011.0.i586.rpm
 a0c7f18e7d3c5946431fd2244dad900c  2011/i586/postgresql9.0-contrib-9.0.7-0.1-mdv2011.0.i586.rpm
 858281c6438468c5c5ce9f3ed187ad35  2011/i586/postgresql9.0-devel-9.0.7-0.1-mdv2011.0.i586.rpm
 5c5a07c75d046bf7a56561ec8f670916  2011/i586/postgresql9.0-docs-9.0.7-0.1-mdv2011.0.i586.rpm
 99ed62f4866b74bb62372753568e1dca  2011/i586/postgresql9.0-pl-9.0.7-0.1-mdv2011.0.i586.rpm
 2837096731c5b7f0d96e207190200b28  2011/i586/postgresql9.0-plperl-9.0.7-0.1-mdv2011.0.i586.rpm
 121eb7ed014abdc70b3a9483cc228f2b  2011/i586/postgresql9.0-plpgsql-9.0.7-0.1-mdv2011.0.i586.rpm
 c8a81e4d97a70bcea2673cae904c2d7d  2011/i586/postgresql9.0-plpython-9.0.7-0.1-mdv2011.0.i586.rpm
 1c350ae5ab7f3d5dabce891d297acda0  2011/i586/postgresql9.0-pltcl-9.0.7-0.1-mdv2011.0.i586.rpm
 ac89dd8500774df0e49626e63741429c  2011/i586/postgresql9.0-server-9.0.7-0.1-mdv2011.0.i586.rpm 
 2723eb57e9056fb5e3f76e2519b4fec7  2011/SRPMS/postgresql9.0-9.0.7-0.1.src.rpm

2011 x86_64

 f6db63374053e409b305353151accd67  2011/x86_64/lib64ecpg9.0_6-9.0.7-0.1-mdv2011.0.x86_64.rpm
 96370fd95fc2c3bdbe3a9a6ae648db8b  2011/x86_64/lib64pq9.0_5-9.0.7-0.1-mdv2011.0.x86_64.rpm
 54380c9f81620f0a97733d1fa92667d5  2011/x86_64/postgresql9.0-9.0.7-0.1-mdv2011.0.x86_64.rpm
 6c6b399ade5b4afd6a2539c27a9a8af1  2011/x86_64/postgresql9.0-contrib-9.0.7-0.1-mdv2011.0.x86_64.rpm
 4eefae96bc5377d4032ddd61358f90b1  2011/x86_64/postgresql9.0-devel-9.0.7-0.1-mdv2011.0.x86_64.rpm
 baa973ebb01ff2fa9255ad434cd8e309  2011/x86_64/postgresql9.0-docs-9.0.7-0.1-mdv2011.0.x86_64.rpm
 5d3fcd9cf5f10032ffeb7278c9474b0f  2011/x86_64/postgresql9.0-pl-9.0.7-0.1-mdv2011.0.x86_64.rpm
 4d56f0d01bfb7c5b62928ea2c78a2391  2011/x86_64/postgresql9.0-plperl-9.0.7-0.1-mdv2011.0.x86_64.rpm
 2afb5526fb9eded60c8fca205de1d037  2011/x86_64/postgresql9.0-plpgsql-9.0.7-0.1-mdv2011.0.x86_64.rpm
 378f8a4c4f1a8ac291d05d8d00d94e65  2011/x86_64/postgresql9.0-plpython-9.0.7-0.1-mdv2011.0.x86_64.rpm
 e414f67368a7b600d491b753bde5a96a  2011/x86_64/postgresql9.0-pltcl-9.0.7-0.1-mdv2011.0.x86_64.rpm
 3480e6f3303c4bd2f275afe0017a454d  2011/x86_64/postgresql9.0-server-9.0.7-0.1-mdv2011.0.x86_64.rpm 
 2723eb57e9056fb5e3f76e2519b4fec7  2011/SRPMS/postgresql9.0-9.0.7-0.1.src.rpm

2010.1 i586

 05a4013a0634df4e8cdf169a50c9ec58  2010.1/i586/libecpg8.4_6-8.4.11-0.1mdv2010.2.i586.rpm
 401a0d6d8a713613bda5333ab2932e8e  2010.1/i586/libpq8.4_5-8.4.11-0.1mdv2010.2.i586.rpm
 325fc7f1e8d9753e77ea94cb36a7d702  2010.1/i586/postgresql8.4-8.4.11-0.1mdv2010.2.i586.rpm
 11f758553ba01d0c7cf14822b964d244  2010.1/i586/postgresql8.4-contrib-8.4.11-0.1mdv2010.2.i586.rpm
 a8511d0f4e723eeb69e34338b2a44f6e  2010.1/i586/postgresql8.4-devel-8.4.11-0.1mdv2010.2.i586.rpm
 491480de895c21045ce61782b31686f4  2010.1/i586/postgresql8.4-docs-8.4.11-0.1mdv2010.2.i586.rpm
 43a92413b230b92fc8fe366f8b77b252  2010.1/i586/postgresql8.4-pl-8.4.11-0.1mdv2010.2.i586.rpm
 c68d94e1ccf0fc291a77976280c7a5b1  2010.1/i586/postgresql8.4-plperl-8.4.11-0.1mdv2010.2.i586.rpm
 b176c3f91b3b3d0fd819db7aee7628a5  2010.1/i586/postgresql8.4-plpgsql-8.4.11-0.1mdv2010.2.i586.rpm
 90b3f898d730ae27d8570f814c884361  2010.1/i586/postgresql8.4-plpython-8.4.11-0.1mdv2010.2.i586.rpm
 fdb261871120d1099872528990ac4ecb  2010.1/i586/postgresql8.4-pltcl-8.4.11-0.1mdv2010.2.i586.rpm
 2bd80e158701b25d2f3191bd536a1680  2010.1/i586/postgresql8.4-server-8.4.11-0.1mdv2010.2.i586.rpm 
 a1c05f1b89438e41b8dad632395f6e76  2010.1/SRPMS/postgresql8.4-8.4.11-0.1mdv2010.2.src.rpm

2010.1 x86_64

 8d00eac057a75900287ff76011d24a14  2010.1/x86_64/lib64ecpg8.4_6-8.4.11-0.1mdv2010.2.x86_64.rpm
 63d87909037917014ace4068c2fdf4ed  2010.1/x86_64/lib64pq8.4_5-8.4.11-0.1mdv2010.2.x86_64.rpm
 b5e17b5ef713a8626034384f9b11f537  2010.1/x86_64/postgresql8.4-8.4.11-0.1mdv2010.2.x86_64.rpm
 377dc92be27f45e9a6205c6572a53a68  2010.1/x86_64/postgresql8.4-contrib-8.4.11-0.1mdv2010.2.x86_64.rpm
 4cc7fa9fb0f099b3f909f74810b3fcb6  2010.1/x86_64/postgresql8.4-devel-8.4.11-0.1mdv2010.2.x86_64.rpm
 cfdc1cb65acc9764caee7537aa54de0f  2010.1/x86_64/postgresql8.4-docs-8.4.11-0.1mdv2010.2.x86_64.rpm
 ee278d87463be450d3cb8359d4f436df  2010.1/x86_64/postgresql8.4-pl-8.4.11-0.1mdv2010.2.x86_64.rpm
 c6ab8ff58b96bcb93f36d95aaaebd042  2010.1/x86_64/postgresql8.4-plperl-8.4.11-0.1mdv2010.2.x86_64.rpm
 c203e3403876f4b2e6985686d59c2f51  2010.1/x86_64/postgresql8.4-plpgsql-8.4.11-0.1mdv2010.2.x86_64.rpm
 4ecfd5289218e1aa46786e698b0b1da1  2010.1/x86_64/postgresql8.4-plpython-8.4.11-0.1mdv2010.2.x86_64.rpm
 a0b4adfe98a1165eec3810d1a770d79d  2010.1/x86_64/postgresql8.4-pltcl-8.4.11-0.1mdv2010.2.x86_64.rpm
 6ebfada38479a846055c095604d3d45d  2010.1/x86_64/postgresql8.4-server-8.4.11-0.1mdv2010.2.x86_64.rpm 
 a1c05f1b89438e41b8dad632395f6e76  2010.1/SRPMS/postgresql8.4-8.4.11-0.1mdv2010.2.src.rpm

Referenzen