Support / Sécurité / Annonces de sécurité / Mandriva Enterprise Server 5 / MDVSA-2011:161

Nom du paquet: postgresql
Date: 2011-10-24
Advisory ID: MDVSA-2011:161
Affected versions: MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64

Problem description

A vulnerability was discovered and corrected in postgresql:

contrib/pg_crypto's blowfish encryption code could give wrong results
on platforms where char is signed (which is most), leading to encrypted
passwords being weaker than they should be (CVE-2011-2483).

Additionally corrected ossp-uuid packages as well as corrected support
in postgresql 9.0.x are being provided for Mandriva Linux 2011.

This update provides a solution to this vulnerability.

Updated packages

MES5 i586

 ce8f0d1d9ab515cb4a64a32a793f110c  mes5/i586/libecpg8.3_6-8.3.16-0.1mdvmes5.2.i586.rpm
 a898795abc544fd0676eba3e2729a4cb  mes5/i586/libpq8.3_5-8.3.16-0.1mdvmes5.2.i586.rpm
 e366d05130dc24feda61ddd84105dadb  mes5/i586/postgresql8.3-8.3.16-0.1mdvmes5.2.i586.rpm
 1759b159fb4b17ce51af94e5e214a5bb  mes5/i586/postgresql8.3-contrib-8.3.16-0.1mdvmes5.2.i586.rpm
 4052f4f111c5eec7a712170b0c1be169  mes5/i586/postgresql8.3-devel-8.3.16-0.1mdvmes5.2.i586.rpm
 d977cf1098bf9c970e0179e30c4e487c  mes5/i586/postgresql8.3-docs-8.3.16-0.1mdvmes5.2.i586.rpm
 245b66b478d044c08d066afb9f04388a  mes5/i586/postgresql8.3-pl-8.3.16-0.1mdvmes5.2.i586.rpm
 385b2128cea82fd736aff3b450f087d5  mes5/i586/postgresql8.3-plperl-8.3.16-0.1mdvmes5.2.i586.rpm
 8d8d4797c66c4849bcba33db497c8e7a  mes5/i586/postgresql8.3-plpgsql-8.3.16-0.1mdvmes5.2.i586.rpm
 2903c6b08c9e82f1447a94ad724955e2  mes5/i586/postgresql8.3-plpython-8.3.16-0.1mdvmes5.2.i586.rpm
 3c55656825609c1337fff2843d19907c  mes5/i586/postgresql8.3-pltcl-8.3.16-0.1mdvmes5.2.i586.rpm
 9537477a620c7f81342c7bb123939320  mes5/i586/postgresql8.3-server-8.3.16-0.1mdvmes5.2.i586.rpm 
 4d59b736bb0a8876ea27fb550ba5fa72  mes5/SRPMS/postgresql8.3-8.3.16-0.1mdvmes5.2.src.rpm

2010.1 i586

 6ad49497750e5b80e804aa82e9eab97c  2010.1/i586/libecpg8.4_6-8.4.9-0.1mdv2010.2.i586.rpm
 08d09e6c12d81d1acadc0fc88d3ccf7c  2010.1/i586/libpq8.4_5-8.4.9-0.1mdv2010.2.i586.rpm
 66fdbfea66319e06651637314614b4e0  2010.1/i586/postgresql8.4-8.4.9-0.1mdv2010.2.i586.rpm
 3d985bb93b57ff99149269bd33396d50  2010.1/i586/postgresql8.4-contrib-8.4.9-0.1mdv2010.2.i586.rpm
 a2dbf648844152e72c4ad669ce2b332d  2010.1/i586/postgresql8.4-devel-8.4.9-0.1mdv2010.2.i586.rpm
 214a0de8e359ca33b726fab8105c56a4  2010.1/i586/postgresql8.4-docs-8.4.9-0.1mdv2010.2.i586.rpm
 3ecb6019615f630e8ad0ca3eaaaf1d1f  2010.1/i586/postgresql8.4-pl-8.4.9-0.1mdv2010.2.i586.rpm
 0fdbe008296608f94fdc9273f9c4b67e  2010.1/i586/postgresql8.4-plperl-8.4.9-0.1mdv2010.2.i586.rpm
 631b7a5e3279a999f263d131a11ac8c5  2010.1/i586/postgresql8.4-plpgsql-8.4.9-0.1mdv2010.2.i586.rpm
 35d0163259485dd28d8ec7daba41a55d  2010.1/i586/postgresql8.4-plpython-8.4.9-0.1mdv2010.2.i586.rpm
 5e1f0f2c87e32ca249fdbf04addb2730  2010.1/i586/postgresql8.4-pltcl-8.4.9-0.1mdv2010.2.i586.rpm
 b4671c7e9513b36b218054f02bca32e1  2010.1/i586/postgresql8.4-server-8.4.9-0.1mdv2010.2.i586.rpm 
 e36b9aea370f4ea290931fbd869cf6ba  2010.1/SRPMS/postgresql8.4-8.4.9-0.1mdv2010.2.src.rpm

2011 x86_64

 e3351db3cc03bfbc5b86402452a1c5c6  2011/x86_64/lib64ecpg9.0_6-9.0.5-0.1-mdv2011.0.x86_64.rpm
 28faf6bddecb1401ca6f0ae3ca390c4e  2011/x86_64/lib64ossp-uuid++16-1.6.2-8.1-mdv2011.0.x86_64.rpm
 9d98dbd5efba1c23d7d1dc0683076a1d  2011/x86_64/lib64ossp-uuid16-1.6.2-8.1-mdv2011.0.x86_64.rpm
 b8d204efd9f37a1bdef8bb49a7d730b7  2011/x86_64/lib64ossp-uuid_dce16-1.6.2-8.1-mdv2011.0.x86_64.rpm
 27af2ea7faa2f3632c0454009a51f783  2011/x86_64/lib64ossp-uuid-devel-1.6.2-8.1-mdv2011.0.x86_64.rpm
 1b5af2a30aac53f2d2cae9a9901daaf9  2011/x86_64/lib64pq9.0_5-9.0.5-0.1-mdv2011.0.x86_64.rpm
 b7d48734ed5176eb4b9d9496e161ee41  2011/x86_64/ossp-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm
 1ac5de522646c67703bdaa712b0ec8b9  2011/x86_64/perl-OSSP-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm
 0d81de7becc15a6baca9f62607b196f3  2011/x86_64/php-OSSP-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm
 af3d5a5a7b42bf9f805a407563bcd57d  2011/x86_64/postgresql9.0-9.0.5-0.1-mdv2011.0.x86_64.rpm
 e00be67b93a181dad3f7648498e08f52  2011/x86_64/postgresql9.0-contrib-9.0.5-0.1-mdv2011.0.x86_64.rpm
 0f91b1e53750bcbe2b28b5a45f0949b7  2011/x86_64/postgresql9.0-devel-9.0.5-0.1-mdv2011.0.x86_64.rpm
 5e7b7b58c09d004d3f62ac3c63ee3519  2011/x86_64/postgresql9.0-docs-9.0.5-0.1-mdv2011.0.x86_64.rpm
 840077d3b88258aa07de31a7fe5117f7  2011/x86_64/postgresql9.0-pl-9.0.5-0.1-mdv2011.0.x86_64.rpm
 c6c16faff77878077e99a7690dd9bd9a  2011/x86_64/postgresql9.0-plperl-9.0.5-0.1-mdv2011.0.x86_64.rpm
 d74eebcd883d4a82a251dca65a76339f  2011/x86_64/postgresql9.0-plpgsql-9.0.5-0.1-mdv2011.0.x86_64.rpm
 04a2ba1fc72676ef03248fa6aaf5e965  2011/x86_64/postgresql9.0-plpython-9.0.5-0.1-mdv2011.0.x86_64.rpm
 17a1bb0f6961e312eb7ca66c18584c3f  2011/x86_64/postgresql9.0-pltcl-9.0.5-0.1-mdv2011.0.x86_64.rpm
 7ab85a1a8ee66442cd5b213be477f7a1  2011/x86_64/postgresql9.0-server-9.0.5-0.1-mdv2011.0.x86_64.rpm
 aaa307bda249a09d4da02d7b3b98dd24  2011/x86_64/postgresql-OSSP-uuid-1.6.2-5.1-mdv2011.0.x86_64.rpm
 11b6f9dc3595d152b37c1f49fa618634  2011/x86_64/postgresql-OSSP-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm 
 332948be973bfa26d5e1a54082394ae8  2011/SRPMS/ossp-uuid-1.6.2-8.1.src.rpm
 269bb81b0c82c2193c802e57b2e32066  2011/SRPMS/postgresql9.0-9.0.5-0.1.src.rpm

2011 i586

 8c9e4fdccd986663a222b38d078e9438  2011/i586/libecpg9.0_6-9.0.5-0.1-mdv2011.0.i586.rpm
 4732b43b1d220ebdbcb9235e3c7ef164  2011/i586/libossp-uuid++16-1.6.2-8.1-mdv2011.0.i586.rpm
 6eb0f7a6505e5f80eccc6259c12e6ccc  2011/i586/libossp-uuid16-1.6.2-8.1-mdv2011.0.i586.rpm
 b73f283d5dbcf211def9c182b90491d7  2011/i586/libossp-uuid_dce16-1.6.2-8.1-mdv2011.0.i586.rpm
 7d425f754975b8d99ae0262296d95955  2011/i586/libossp-uuid-devel-1.6.2-8.1-mdv2011.0.i586.rpm
 d11a60a5e372ba1cd4b2e89e1bf1b530  2011/i586/libpq9.0_5-9.0.5-0.1-mdv2011.0.i586.rpm
 4034835679a544e4e1bbc3638ba68c8e  2011/i586/ossp-uuid-1.6.2-8.1-mdv2011.0.i586.rpm
 09d4b532351c71a6fab9ed626b88b1e9  2011/i586/perl-OSSP-uuid-1.6.2-8.1-mdv2011.0.i586.rpm
 f562fe764feb4b8fa4669ab5fe5badeb  2011/i586/php-OSSP-uuid-1.6.2-8.1-mdv2011.0.i586.rpm
 affb7a08e31f88652c8736b327b2e896  2011/i586/postgresql9.0-9.0.5-0.1-mdv2011.0.i586.rpm
 7c9179398937b9b736f2a8bc1eaa9d45  2011/i586/postgresql9.0-contrib-9.0.5-0.1-mdv2011.0.i586.rpm
 1022893536c9c9f4bf3017f6ac774388  2011/i586/postgresql9.0-devel-9.0.5-0.1-mdv2011.0.i586.rpm
 40bd6639ec2ef40f323de7142f524e6e  2011/i586/postgresql9.0-docs-9.0.5-0.1-mdv2011.0.i586.rpm
 e93d2c029729b01fea75812cdd6f1617  2011/i586/postgresql9.0-pl-9.0.5-0.1-mdv2011.0.i586.rpm
 d8aa2b49c9e4526a35582e1494735a48  2011/i586/postgresql9.0-plperl-9.0.5-0.1-mdv2011.0.i586.rpm
 6ee50d0e461985e200767a7cc6f3b90a  2011/i586/postgresql9.0-plpgsql-9.0.5-0.1-mdv2011.0.i586.rpm
 88818f42ae3bd567af12a64b41cfda2c  2011/i586/postgresql9.0-plpython-9.0.5-0.1-mdv2011.0.i586.rpm
 a045777446dd3beb495748ee7b50f85a  2011/i586/postgresql9.0-pltcl-9.0.5-0.1-mdv2011.0.i586.rpm
 05144c91f8c7f4a6af12c6c8845c6216  2011/i586/postgresql9.0-server-9.0.5-0.1-mdv2011.0.i586.rpm
 db7f0521eb6e4a674def8654c39ed544  2011/i586/postgresql-OSSP-uuid-1.6.2-5.1-mdv2011.0.i586.rpm
 56b573310edc54120394bf151b8bf654  2011/i586/postgresql-OSSP-uuid-1.6.2-8.1-mdv2011.0.i586.rpm 
 332948be973bfa26d5e1a54082394ae8  2011/SRPMS/ossp-uuid-1.6.2-8.1.src.rpm
 269bb81b0c82c2193c802e57b2e32066  2011/SRPMS/postgresql9.0-9.0.5-0.1.src.rpm

MES5 x86_64

 778733aee5b4c91fbd2f31b162aaab00  mes5/x86_64/lib64ecpg8.3_6-8.3.16-0.1mdvmes5.2.x86_64.rpm
 414fd0859d6637c99ecbe85d168f4c3d  mes5/x86_64/lib64pq8.3_5-8.3.16-0.1mdvmes5.2.x86_64.rpm
 d8b54b7ff437422a0823ec1cf1bdcbb7  mes5/x86_64/postgresql8.3-8.3.16-0.1mdvmes5.2.x86_64.rpm
 30d57cc0444d933b8de3f1a77d015a19  mes5/x86_64/postgresql8.3-contrib-8.3.16-0.1mdvmes5.2.x86_64.rpm
 d957bfd1364abf7b87b1d12a77213274  mes5/x86_64/postgresql8.3-devel-8.3.16-0.1mdvmes5.2.x86_64.rpm
 e04d80db207e6b7cd31d69cf06f5a117  mes5/x86_64/postgresql8.3-docs-8.3.16-0.1mdvmes5.2.x86_64.rpm
 1a5c7bbc1c236402469ceb2325ff8006  mes5/x86_64/postgresql8.3-pl-8.3.16-0.1mdvmes5.2.x86_64.rpm
 a4b4249760177eed26dbdf185ec5c75d  mes5/x86_64/postgresql8.3-plperl-8.3.16-0.1mdvmes5.2.x86_64.rpm
 e55e7aadcd9b498710979918f5f0aeb8  mes5/x86_64/postgresql8.3-plpgsql-8.3.16-0.1mdvmes5.2.x86_64.rpm
 d51d51412134eb2dfe4ec67d7da05176  mes5/x86_64/postgresql8.3-plpython-8.3.16-0.1mdvmes5.2.x86_64.rpm
 89df472fb88dc6c54f5f8108697191e4  mes5/x86_64/postgresql8.3-pltcl-8.3.16-0.1mdvmes5.2.x86_64.rpm
 b76c2785108d14496b50153c93be57bf  mes5/x86_64/postgresql8.3-server-8.3.16-0.1mdvmes5.2.x86_64.rpm 
 4d59b736bb0a8876ea27fb550ba5fa72  mes5/SRPMS/postgresql8.3-8.3.16-0.1mdvmes5.2.src.rpm

2010.1 x86_64

 bd613061738f1e4b148a1d624873b4cd  2010.1/x86_64/lib64ecpg8.4_6-8.4.9-0.1mdv2010.2.x86_64.rpm
 2aca59f2cf01cdabf415597e2208b77f  2010.1/x86_64/lib64pq8.4_5-8.4.9-0.1mdv2010.2.x86_64.rpm
 0a3c853b35cb2f78ce213d58d3465bad  2010.1/x86_64/postgresql8.4-8.4.9-0.1mdv2010.2.x86_64.rpm
 54aec7056b8d65ca7c8cb75b6c9897b6  2010.1/x86_64/postgresql8.4-contrib-8.4.9-0.1mdv2010.2.x86_64.rpm
 b23e350067f4f61e3ae7dc3d7607d7be  2010.1/x86_64/postgresql8.4-devel-8.4.9-0.1mdv2010.2.x86_64.rpm
 6de72c3350ab4e0e81da997ca9b71fff  2010.1/x86_64/postgresql8.4-docs-8.4.9-0.1mdv2010.2.x86_64.rpm
 56710e2f33740317dac0d94539025e8c  2010.1/x86_64/postgresql8.4-pl-8.4.9-0.1mdv2010.2.x86_64.rpm
 d989b63b53a72f1ad8f767ce95ad1361  2010.1/x86_64/postgresql8.4-plperl-8.4.9-0.1mdv2010.2.x86_64.rpm
 f646795ef43957063cd9013c5c203082  2010.1/x86_64/postgresql8.4-plpgsql-8.4.9-0.1mdv2010.2.x86_64.rpm
 440c81835562deff1f19e8f654a3ccb4  2010.1/x86_64/postgresql8.4-plpython-8.4.9-0.1mdv2010.2.x86_64.rpm
 c92a47b8b176224ad73ec684872c0496  2010.1/x86_64/postgresql8.4-pltcl-8.4.9-0.1mdv2010.2.x86_64.rpm
 c9f6b92267657709ea389da9794714d7  2010.1/x86_64/postgresql8.4-server-8.4.9-0.1mdv2010.2.x86_64.rpm 
 e36b9aea370f4ea290931fbd869cf6ba  2010.1/SRPMS/postgresql8.4-8.4.9-0.1mdv2010.2.src.rpm

MDVSA-2011:161