MDVSA-2013:012

Nom du paquet

postgresql

Date

2013-02-15

Advisory ID

MDVSA-2013:012

Affected versions

MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64

Problem description

A vulnerability has been discovered and corrected in postgresql:

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12,
8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare
the enum_recv function in backend/utils/adt/enum.c, which causes it to
be invoked with incorrect arguments and allows remote authenticated
users to cause a denial of service (server crash) or read sensitive
process memory via a crafted SQL command, which triggers an array
index error and an out-of-bounds read (CVE-2013-0255).

This advisory provides the latest versions of PostgreSQL that is not
vulnerable to these issues.

Updated packages

MES5 i586

 0d0ae7925e9cb4592010ab8313967a5b  mes5/i586/libecpg8.3_6-8.3.23-0.1mdvmes5.2.i586.rpm
 11721dc056dfbf642629add846786cab  mes5/i586/libpq8.3_5-8.3.23-0.1mdvmes5.2.i586.rpm
 a0d000548a79ca36d012a7a7f6ad384f  mes5/i586/postgresql8.3-8.3.23-0.1mdvmes5.2.i586.rpm
 2c4b3c6d59580f3b77ffc2d7f8148b6c  mes5/i586/postgresql8.3-contrib-8.3.23-0.1mdvmes5.2.i586.rpm
 de2bb7047ff7efac2a1d9d2e193fbb93  mes5/i586/postgresql8.3-devel-8.3.23-0.1mdvmes5.2.i586.rpm
 8810231bfd92b3a0382257b4e9eb28ce  mes5/i586/postgresql8.3-docs-8.3.23-0.1mdvmes5.2.i586.rpm
 3ec9f82ed5b6abce6ce8dce6de5f0520  mes5/i586/postgresql8.3-pl-8.3.23-0.1mdvmes5.2.i586.rpm
 2eb29d15970865abd9d2c1bd4921ecc5  mes5/i586/postgresql8.3-plperl-8.3.23-0.1mdvmes5.2.i586.rpm
 ac22abd2cbbf8da7e328c0d2b3c9b172  mes5/i586/postgresql8.3-plpgsql-8.3.23-0.1mdvmes5.2.i586.rpm
 ddb37f2e2b8c45eb4babc54a10a51aa2  mes5/i586/postgresql8.3-plpython-8.3.23-0.1mdvmes5.2.i586.rpm
 bd46f094a102f2f5fbdddf8983adc7b7  mes5/i586/postgresql8.3-pltcl-8.3.23-0.1mdvmes5.2.i586.rpm
 afff75170750ad5d4d4d7d653f3aa9fd  mes5/i586/postgresql8.3-server-8.3.23-0.1mdvmes5.2.i586.rpm 
 f7f7ba7bc6e6de514280ed87dd25fb33  mes5/SRPMS/postgresql8.3-8.3.23-0.1mdvmes5.2.src.rpm

2011 i586

 e9506dea9a59005668b046e7c3c6d968  2011/i586/libecpg9.0_6-9.0.12-0.1-mdv2011.0.i586.rpm
 1c4d6b43ff4540bf4e9cd9fcb23ad824  2011/i586/libpq9.0_5-9.0.12-0.1-mdv2011.0.i586.rpm
 2b608e6cc6bfc0d784d4f6a3fd85957f  2011/i586/postgresql9.0-9.0.12-0.1-mdv2011.0.i586.rpm
 8fcb75ea83b5bdb62c10e8a4453cfb89  2011/i586/postgresql9.0-contrib-9.0.12-0.1-mdv2011.0.i586.rpm
 9e4bc0f9b22e0cf75db12042aa0dceb0  2011/i586/postgresql9.0-devel-9.0.12-0.1-mdv2011.0.i586.rpm
 61cbfe086e73750a4c22a6dcc29da48f  2011/i586/postgresql9.0-docs-9.0.12-0.1-mdv2011.0.i586.rpm
 17a11d0af51d26b2dffe0ea532998c82  2011/i586/postgresql9.0-pl-9.0.12-0.1-mdv2011.0.i586.rpm
 f5e09c159529185531ab3703471dd716  2011/i586/postgresql9.0-plperl-9.0.12-0.1-mdv2011.0.i586.rpm
 385989a88a2148262c9c49024881172c  2011/i586/postgresql9.0-plpgsql-9.0.12-0.1-mdv2011.0.i586.rpm
 f16eb4df34dd76b8884ac5f0c9544f8d  2011/i586/postgresql9.0-plpython-9.0.12-0.1-mdv2011.0.i586.rpm
 879576e48d24429a442cc85c003df9da  2011/i586/postgresql9.0-pltcl-9.0.12-0.1-mdv2011.0.i586.rpm
 e993961bf136ed48f01afa28e96ddcd4  2011/i586/postgresql9.0-server-9.0.12-0.1-mdv2011.0.i586.rpm 
 b9ef06eaa866a89f10ce2e024abf918d  2011/SRPMS/postgresql9.0-9.0.12-0.1.src.rpm

MES5 x86_64

 9ad2ad9c6b5ef758f8be28759f77284f  mes5/x86_64/lib64ecpg8.3_6-8.3.23-0.1mdvmes5.2.x86_64.rpm
 e9e0bc69eb089860410c9022b145287e  mes5/x86_64/lib64pq8.3_5-8.3.23-0.1mdvmes5.2.x86_64.rpm
 7f8a87531adf93e9aca1ad05e600c7ee  mes5/x86_64/postgresql8.3-8.3.23-0.1mdvmes5.2.x86_64.rpm
 020840745639ac403d05032b4d30e517  mes5/x86_64/postgresql8.3-contrib-8.3.23-0.1mdvmes5.2.x86_64.rpm
 5c52b266413eccb8506c20cbdb15acd0  mes5/x86_64/postgresql8.3-devel-8.3.23-0.1mdvmes5.2.x86_64.rpm
 131bfa3a306b757513facfc4c2e6be54  mes5/x86_64/postgresql8.3-docs-8.3.23-0.1mdvmes5.2.x86_64.rpm
 d41254775b0aa0f005b89ed4a53226bc  mes5/x86_64/postgresql8.3-pl-8.3.23-0.1mdvmes5.2.x86_64.rpm
 e6bf627454d9fa729f96c1f10514b371  mes5/x86_64/postgresql8.3-plperl-8.3.23-0.1mdvmes5.2.x86_64.rpm
 5e348fcaed39416e70787b5784d9fa92  mes5/x86_64/postgresql8.3-plpgsql-8.3.23-0.1mdvmes5.2.x86_64.rpm
 f6a506888404e022274e87501819c7c7  mes5/x86_64/postgresql8.3-plpython-8.3.23-0.1mdvmes5.2.x86_64.rpm
 5f6492800978d59a991ca17fe32d24a1  mes5/x86_64/postgresql8.3-pltcl-8.3.23-0.1mdvmes5.2.x86_64.rpm
 1e38fc1af606117aaced611e789eafb9  mes5/x86_64/postgresql8.3-server-8.3.23-0.1mdvmes5.2.x86_64.rpm 
 f7f7ba7bc6e6de514280ed87dd25fb33  mes5/SRPMS/postgresql8.3-8.3.23-0.1mdvmes5.2.src.rpm

2011 x86_64

 ca0af0581b132c4691a32ac0bb47fd0d  2011/x86_64/lib64ecpg9.0_6-9.0.12-0.1-mdv2011.0.x86_64.rpm
 be2b6313b2033cefc7968bae266f3d4e  2011/x86_64/lib64pq9.0_5-9.0.12-0.1-mdv2011.0.x86_64.rpm
 79e5ae78046382652d74f8bce6cdcf16  2011/x86_64/postgresql9.0-9.0.12-0.1-mdv2011.0.x86_64.rpm
 d723b8db972c8504d6605a16b6055599  2011/x86_64/postgresql9.0-contrib-9.0.12-0.1-mdv2011.0.x86_64.rpm
 f40e55d14e94f8a891a42903da88ef6c  2011/x86_64/postgresql9.0-devel-9.0.12-0.1-mdv2011.0.x86_64.rpm
 6f90705211bea4469e5c77c3d58b931e  2011/x86_64/postgresql9.0-docs-9.0.12-0.1-mdv2011.0.x86_64.rpm
 22da99fcfe271c77dea055339a1d3aa7  2011/x86_64/postgresql9.0-pl-9.0.12-0.1-mdv2011.0.x86_64.rpm
 2528326a3d1dfa634da7550423e5861d  2011/x86_64/postgresql9.0-plperl-9.0.12-0.1-mdv2011.0.x86_64.rpm
 63e22a5bdb299e69f24ece9a4d71db97  2011/x86_64/postgresql9.0-plpgsql-9.0.12-0.1-mdv2011.0.x86_64.rpm
 89b11a80ea205b87367ad32a592a963b  2011/x86_64/postgresql9.0-plpython-9.0.12-0.1-mdv2011.0.x86_64.rpm
 fbee7bc2f1294375556c3103f1d2f323  2011/x86_64/postgresql9.0-pltcl-9.0.12-0.1-mdv2011.0.x86_64.rpm
 e012bbda94bccb33ff07fdebcc3ac2b9  2011/x86_64/postgresql9.0-server-9.0.12-0.1-mdv2011.0.x86_64.rpm 
 b9ef06eaa866a89f10ce2e024abf918d  2011/SRPMS/postgresql9.0-9.0.12-0.1.src.rpm

References

• http://www.postgresql.org/docs/9.0/static/release-9-0-12.html
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255
• http://www.postgresql.org/docs/8.3/static/release-8-3-23.html