Nom du paquet
postgresql
Date
2007-09-25
Advisory ID
MDKSA-2007:188
Affected versions
CS4.0 x86_64 , 2007.0 x86_64 , 2007.1 i586 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2007.1 x86_64

Problem description

PostgreSQL 8.1 and probably later and earlier versions, when local
trust authentication is enabled and the Database Link library (dblink)
is installed, allows remote attackers to access arbitrary accounts
and execute arbitrary SQL queries via a dblink host parameter that
proxies the connection from 127.0.0.1. (CVE-2007-3278)

PostgreSQL 8.1 and probably later and earlier versions, when the
PL/pgSQL (plpgsql) language has been created, grants certain plpgsql
privileges to the PUBLIC domain, which allows remote attackers
to create and execute functions, as demonstrated by functions that
perform local brute-force password guessing attacks, which may evade
intrusion detection. (CVE-2007-3279)

The Database Link library (dblink) in PostgreSQL 8.1 implements
functions via CREATE statements that map to arbitrary libraries based
on the C programming language, which allows remote authenticated
superusers to map and execute a function from any library, as
demonstrated by using the system function in libc.so.6 to gain shell
access. (CVE-2007-3280)

Updated packages fix these issues, by requiring non-superusers who
use /contrib/dblink to use only password authentication.

Updated packages

CS4.0 x86_64

 50e3eefd32275cf5b651417cbc4216a1  corporate/4.0/x86_64/lib64ecpg5-8.1.10-0.1.20060mlcs4.x86_64.rpm
 9d795789cc60f424e39d10a9a627fab6  corporate/4.0/x86_64/lib64ecpg5-devel-8.1.10-0.1.20060mlcs4.x86_64.rpm
 7bc3a22a9a1c8b179223f8f300652539  corporate/4.0/x86_64/lib64pq4-8.1.10-0.1.20060mlcs4.x86_64.rpm
 b4f5279bc1c028e9633ff3ae69df2e98  corporate/4.0/x86_64/lib64pq4-devel-8.1.10-0.1.20060mlcs4.x86_64.rpm
 135f2583ebba8c937ef65e94cfff4b46  corporate/4.0/x86_64/postgresql-8.1.10-0.1.20060mlcs4.x86_64.rpm
 b29df3a033c4f80d93166c4e075a73dc  corporate/4.0/x86_64/postgresql-contrib-8.1.10-0.1.20060mlcs4.x86_64.rpm
 c46e540ca5e063b53feb63e06f438f66  corporate/4.0/x86_64/postgresql-devel-8.1.10-0.1.20060mlcs4.x86_64.rpm
 49a645929b23b095d68b1343d33ed584  corporate/4.0/x86_64/postgresql-docs-8.1.10-0.1.20060mlcs4.x86_64.rpm
 0bc2d6034bbdf336283afd735c141987  corporate/4.0/x86_64/postgresql-pl-8.1.10-0.1.20060mlcs4.x86_64.rpm
 7ed1208bb18735772c6cecd5c005c635  corporate/4.0/x86_64/postgresql-plperl-8.1.10-0.1.20060mlcs4.x86_64.rpm
 b1fe1e0863f0f7a7231146b7707b18d5  corporate/4.0/x86_64/postgresql-plpgsql-8.1.10-0.1.20060mlcs4.x86_64.rpm
 76223a8ac834672a08f8005890ac3b89  corporate/4.0/x86_64/postgresql-plpython-8.1.10-0.1.20060mlcs4.x86_64.rpm
 1d755e3c55734e3a372d34f8ed1be73d  corporate/4.0/x86_64/postgresql-pltcl-8.1.10-0.1.20060mlcs4.x86_64.rpm
 9f65beb9255b19140e6e3e27c9ee6f55  corporate/4.0/x86_64/postgresql-server-8.1.10-0.1.20060mlcs4.x86_64.rpm
 f06a3c86c59c737d944bde1eaedae166  corporate/4.0/x86_64/postgresql-test-8.1.10-0.1.20060mlcs4.x86_64.rpm 
 6aa551b36336a70ce3cc58dc073a3485  corporate/4.0/SRPMS/postgresql-8.1.10-0.1.20060mlcs4.src.rpm

2007.0 x86_64

 3dab8c951c0944e1bc3a00d4ca64d32e  2007.0/x86_64/lib64ecpg5-8.1.10-0.1mdv2007.0.x86_64.rpm
 1d6c86c2593873bf9c4adc4745d3abc2  2007.0/x86_64/lib64ecpg5-devel-8.1.10-0.1mdv2007.0.x86_64.rpm
 3141c891ff439c458803cd258fc4479b  2007.0/x86_64/lib64pq4-8.1.10-0.1mdv2007.0.x86_64.rpm
 9a30293d6761c4b2b1f2a2e8b284f0ff  2007.0/x86_64/lib64pq4-devel-8.1.10-0.1mdv2007.0.x86_64.rpm
 25006369de4abf770fc7a516a762a897  2007.0/x86_64/postgresql-8.1.10-0.1mdv2007.0.x86_64.rpm
 5ce4bad8022fc65eb7d1db9d53f32551  2007.0/x86_64/postgresql-contrib-8.1.10-0.1mdv2007.0.x86_64.rpm
 03a29dc13f4f556d8df0dcaa07c4766d  2007.0/x86_64/postgresql-devel-8.1.10-0.1mdv2007.0.x86_64.rpm
 89ba6a9c0c747108df0209167150c02f  2007.0/x86_64/postgresql-docs-8.1.10-0.1mdv2007.0.x86_64.rpm
 a723d7449913d52fca2030d0e63ca182  2007.0/x86_64/postgresql-pl-8.1.10-0.1mdv2007.0.x86_64.rpm
 827c1b0092c8b86b6631d16eb30b904e  2007.0/x86_64/postgresql-plperl-8.1.10-0.1mdv2007.0.x86_64.rpm
 b2c9eda89df39db40ec55d7a383b15b5  2007.0/x86_64/postgresql-plpgsql-8.1.10-0.1mdv2007.0.x86_64.rpm
 25ea855473edb7ef6c9dc372957c2277  2007.0/x86_64/postgresql-plpython-8.1.10-0.1mdv2007.0.x86_64.rpm
 23ae5b09b00e0b8518f1ada8163d57a0  2007.0/x86_64/postgresql-pltcl-8.1.10-0.1mdv2007.0.x86_64.rpm
 464d1f64bdb2b0f16c6be7b56c71b346  2007.0/x86_64/postgresql-server-8.1.10-0.1mdv2007.0.x86_64.rpm
 900cfbe6d3adac1711779b21b3dd4100  2007.0/x86_64/postgresql-test-8.1.10-0.1mdv2007.0.x86_64.rpm 
 be22e5ac6dd504511798d4caa3c3f1df  2007.0/SRPMS/postgresql-8.1.10-0.1mdv2007.0.src.rpm

2007.1 i586

 28b4b8a53e1dc0117441630c75e8c4ae  2007.1/i586/libecpg5-8.2.5-0.1mdv2007.1.i586.rpm
 697b841fa6fcf2fe92e5509ed9b262a3  2007.1/i586/libecpg5-devel-8.2.5-0.1mdv2007.1.i586.rpm
 5c6d7bd957121c443fe31562f9fe6261  2007.1/i586/libpq5-8.2.5-0.1mdv2007.1.i586.rpm
 be14414b10e8ca06c576090cc802de26  2007.1/i586/libpq5-devel-8.2.5-0.1mdv2007.1.i586.rpm
 00baebc695b0d791aacbb0fe1c08e0ad  2007.1/i586/postgresql-8.2.5-0.1mdv2007.1.i586.rpm
 97c538ee913a520f429b4581013edc3e  2007.1/i586/postgresql-contrib-8.2.5-0.1mdv2007.1.i586.rpm
 b9daafeed274fd9ddb1bd4fdadf03f3f  2007.1/i586/postgresql-devel-8.2.5-0.1mdv2007.1.i586.rpm
 75da06b542bbea1f4278a4ba8c5f46bb  2007.1/i586/postgresql-docs-8.2.5-0.1mdv2007.1.i586.rpm
 89dfcbe1690c2f4e5917b81c17205d10  2007.1/i586/postgresql-pl-8.2.5-0.1mdv2007.1.i586.rpm
 72ef35d3c36a7f7850dab8f095980e44  2007.1/i586/postgresql-plperl-8.2.5-0.1mdv2007.1.i586.rpm
 6b3e178ac649527dfcb3adfbbbfbe44e  2007.1/i586/postgresql-plpgsql-8.2.5-0.1mdv2007.1.i586.rpm
 c6066550b12d0cd826d16ad57151d323  2007.1/i586/postgresql-plpython-8.2.5-0.1mdv2007.1.i586.rpm
 cb6f37ca6ff51f09dba6f1668af9d594  2007.1/i586/postgresql-pltcl-8.2.5-0.1mdv2007.1.i586.rpm
 63e6b9fe073410b34165ddf147ed6011  2007.1/i586/postgresql-server-8.2.5-0.1mdv2007.1.i586.rpm
 982a89aee68c2fe2a4528f7a53443a23  2007.1/i586/postgresql-test-8.2.5-0.1mdv2007.1.i586.rpm 
 b8b3ac22c8f39026cfcade15cc2aea94  2007.1/SRPMS/postgresql-8.2.5-0.1mdv2007.1.src.rpm

2007.0 i586

 8e0e2cff4bbda7444671086bd7e0430b  2007.0/i586/libecpg5-8.1.10-0.1mdv2007.0.i586.rpm
 3be5df4380e5680c3a2adc9ba74543fb  2007.0/i586/libecpg5-devel-8.1.10-0.1mdv2007.0.i586.rpm
 59594d2f05d4f23a467b2bd684bc0fa3  2007.0/i586/libpq4-8.1.10-0.1mdv2007.0.i586.rpm
 aba27ad1b97f86debfd63b1ae76558a9  2007.0/i586/libpq4-devel-8.1.10-0.1mdv2007.0.i586.rpm
 dc4bc45a46d1b69cf13991d70d7d0c71  2007.0/i586/postgresql-8.1.10-0.1mdv2007.0.i586.rpm
 7a487ba0458f09c21b941f1a76f74357  2007.0/i586/postgresql-contrib-8.1.10-0.1mdv2007.0.i586.rpm
 08a4a0ba67e4c83c43931e61983348ca  2007.0/i586/postgresql-devel-8.1.10-0.1mdv2007.0.i586.rpm
 1c02f6136ace73a51ea365c77f28ea6a  2007.0/i586/postgresql-docs-8.1.10-0.1mdv2007.0.i586.rpm
 a13c547f110fa39ed62a843526f70e8e  2007.0/i586/postgresql-pl-8.1.10-0.1mdv2007.0.i586.rpm
 305884f17ccaee34ee2ac3d2dc1c8170  2007.0/i586/postgresql-plperl-8.1.10-0.1mdv2007.0.i586.rpm
 cc34a8f0e4bef8d6a0adddc54c3d8f2c  2007.0/i586/postgresql-plpgsql-8.1.10-0.1mdv2007.0.i586.rpm
 43d8bf8f3613e038441551cb1662eb8d  2007.0/i586/postgresql-plpython-8.1.10-0.1mdv2007.0.i586.rpm
 770b9fc3031c9b97aa0ca8d2ac669e6c  2007.0/i586/postgresql-pltcl-8.1.10-0.1mdv2007.0.i586.rpm
 f5a0af71805f7c430696cbbb03ad922f  2007.0/i586/postgresql-server-8.1.10-0.1mdv2007.0.i586.rpm
 1e043a882b3d9d445414dabebb96fcf4  2007.0/i586/postgresql-test-8.1.10-0.1mdv2007.0.i586.rpm 
 be22e5ac6dd504511798d4caa3c3f1df  2007.0/SRPMS/postgresql-8.1.10-0.1mdv2007.0.src.rpm

CS3.0 x86_64

 81c7148e224774ff1d0af00d70cbf3dd  corporate/3.0/x86_64/lib64ecpg3-7.4.18-0.1.C30mdk.x86_64.rpm
 bb141143be18ef10210753b1d938056d  corporate/3.0/x86_64/lib64ecpg3-devel-7.4.18-0.1.C30mdk.x86_64.rpm
 c7699ded100b384d7700c9036a89bae8  corporate/3.0/x86_64/lib64pgtcl2-7.4.18-0.1.C30mdk.x86_64.rpm
 2295fb70c32eda4c04d06526a09abfd4  corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.18-0.1.C30mdk.x86_64.rpm
 db97ceb3194087a390ddb03c69b30c8a  corporate/3.0/x86_64/lib64pq3-7.4.18-0.1.C30mdk.x86_64.rpm
 41b623e7e1a24deb6d31a03082577556  corporate/3.0/x86_64/lib64pq3-devel-7.4.18-0.1.C30mdk.x86_64.rpm
 39f0e5df87ebb9539ec42cee909a8645  corporate/3.0/x86_64/postgresql-7.4.18-0.1.C30mdk.x86_64.rpm
 48469cd980bbc2d29ec6eb3a45bc77bb  corporate/3.0/x86_64/postgresql-contrib-7.4.18-0.1.C30mdk.x86_64.rpm
 4b2bd788cba6e39b223e0452ccefb102  corporate/3.0/x86_64/postgresql-devel-7.4.18-0.1.C30mdk.x86_64.rpm
 a64df12801fc2a4bda8d7c8e5834a436  corporate/3.0/x86_64/postgresql-docs-7.4.18-0.1.C30mdk.x86_64.rpm
 5922318852bd8de043ba30cd55e7fe29  corporate/3.0/x86_64/postgresql-jdbc-7.4.18-0.1.C30mdk.x86_64.rpm
 832eebcd9ab3c06b9473f2d3289dc05c  corporate/3.0/x86_64/postgresql-pl-7.4.18-0.1.C30mdk.x86_64.rpm
 02510d7e598d40f25dd6c610d1546027  corporate/3.0/x86_64/postgresql-server-7.4.18-0.1.C30mdk.x86_64.rpm
 c9ce6d529054cd8b21a92b03dbc0896b  corporate/3.0/x86_64/postgresql-tcl-7.4.18-0.1.C30mdk.x86_64.rpm
 04a0e3f49d4f91935132a20bccdffeb3  corporate/3.0/x86_64/postgresql-test-7.4.18-0.1.C30mdk.x86_64.rpm 
 180401c4053b1517946e5f30d58b9d4b  corporate/3.0/SRPMS/postgresql-7.4.18-0.1.C30mdk.src.rpm

CS4.0 i586

 0f2321b2bc99ed8aee6aecdb49ab33df  corporate/4.0/i586/libecpg5-8.1.10-0.1.20060mlcs4.i586.rpm
 e23d1d0fa713e09f66feaf0e1ad751c0  corporate/4.0/i586/libecpg5-devel-8.1.10-0.1.20060mlcs4.i586.rpm
 b8765e2b0650d2e71aec83652d2a4e7c  corporate/4.0/i586/libpq4-8.1.10-0.1.20060mlcs4.i586.rpm
 8cd02f43142df2ffe865d694332ec01f  corporate/4.0/i586/libpq4-devel-8.1.10-0.1.20060mlcs4.i586.rpm
 5c02374f4b80d8abfb5f03d4bc108c08  corporate/4.0/i586/postgresql-8.1.10-0.1.20060mlcs4.i586.rpm
 6c51a1332a49afb9a5645255f059aca6  corporate/4.0/i586/postgresql-contrib-8.1.10-0.1.20060mlcs4.i586.rpm
 72e90c47c7fda06bc9dedce429848acc  corporate/4.0/i586/postgresql-devel-8.1.10-0.1.20060mlcs4.i586.rpm
 1b31a1a48b6b1fba2244517a2a789992  corporate/4.0/i586/postgresql-docs-8.1.10-0.1.20060mlcs4.i586.rpm
 08425c9962e55546592c03a28fa3177b  corporate/4.0/i586/postgresql-pl-8.1.10-0.1.20060mlcs4.i586.rpm
 b2888a0453e8a6d9914fb09bb2ae4c30  corporate/4.0/i586/postgresql-plperl-8.1.10-0.1.20060mlcs4.i586.rpm
 7f1fa8b30628ed65bdc7e01fa287dcfd  corporate/4.0/i586/postgresql-plpgsql-8.1.10-0.1.20060mlcs4.i586.rpm
 f077a91da95c35725f167dd0f9033376  corporate/4.0/i586/postgresql-plpython-8.1.10-0.1.20060mlcs4.i586.rpm
 d4f4a70065a40b0e036d9adc63dfdb30  corporate/4.0/i586/postgresql-pltcl-8.1.10-0.1.20060mlcs4.i586.rpm
 54cf91740d33e33e6d1a0a05212884d1  corporate/4.0/i586/postgresql-server-8.1.10-0.1.20060mlcs4.i586.rpm
 1ec216cc5f3dcc15796e0b70523840c5  corporate/4.0/i586/postgresql-test-8.1.10-0.1.20060mlcs4.i586.rpm 
 6aa551b36336a70ce3cc58dc073a3485  corporate/4.0/SRPMS/postgresql-8.1.10-0.1.20060mlcs4.src.rpm

CS3.0 i586

 588715bb0163718873938ff86f1d4202  corporate/3.0/i586/libecpg3-7.4.18-0.1.C30mdk.i586.rpm
 928ab48c3f7617f757644bcacc034710  corporate/3.0/i586/libecpg3-devel-7.4.18-0.1.C30mdk.i586.rpm
 72f7fd9f4d05c667070052446017f6bc  corporate/3.0/i586/libpgtcl2-7.4.18-0.1.C30mdk.i586.rpm
 290f3c248453b5b6fd1117be7e1ab747  corporate/3.0/i586/libpgtcl2-devel-7.4.18-0.1.C30mdk.i586.rpm
 aaa399732adf2e6fa080135de4fc1862  corporate/3.0/i586/libpq3-7.4.18-0.1.C30mdk.i586.rpm
 fe8fbed859473f11ba528a55f58e9d46  corporate/3.0/i586/libpq3-devel-7.4.18-0.1.C30mdk.i586.rpm
 5061808637e3c371f9736055af4aa037  corporate/3.0/i586/postgresql-7.4.18-0.1.C30mdk.i586.rpm
 fcd466fade3f59c11c5b557280f10797  corporate/3.0/i586/postgresql-contrib-7.4.18-0.1.C30mdk.i586.rpm
 ed805cb294ec49aa896fb0c74cd4c963  corporate/3.0/i586/postgresql-devel-7.4.18-0.1.C30mdk.i586.rpm
 960a6ec9df468b8a4246439d81e1f83f  corporate/3.0/i586/postgresql-docs-7.4.18-0.1.C30mdk.i586.rpm
 abf0aadc29a47561556e0b3989cef2ce  corporate/3.0/i586/postgresql-jdbc-7.4.18-0.1.C30mdk.i586.rpm
 cb8a2fd57dd82f5ccb38cf01e75297d9  corporate/3.0/i586/postgresql-pl-7.4.18-0.1.C30mdk.i586.rpm
 aa32657f105fe2a691ff96bcc4ba741e  corporate/3.0/i586/postgresql-server-7.4.18-0.1.C30mdk.i586.rpm
 2fdb9a752cf31d82ebb00df0588130c6  corporate/3.0/i586/postgresql-tcl-7.4.18-0.1.C30mdk.i586.rpm
 fe46f24547fa10573306933033926061  corporate/3.0/i586/postgresql-test-7.4.18-0.1.C30mdk.i586.rpm 
 180401c4053b1517946e5f30d58b9d4b  corporate/3.0/SRPMS/postgresql-7.4.18-0.1.C30mdk.src.rpm

2007.1 x86_64

 1d5111ef660b6fb5247839ba75fc37a3  2007.1/x86_64/lib64ecpg5-8.2.5-0.1mdv2007.1.x86_64.rpm
 d365d0cf979e1c2632e144ba2ff051a5  2007.1/x86_64/lib64ecpg5-devel-8.2.5-0.1mdv2007.1.x86_64.rpm
 bcb2d08186934a70a8088ad7b26348ff  2007.1/x86_64/lib64pq5-8.2.5-0.1mdv2007.1.x86_64.rpm
 687c54dd685832e3458f4474ba329659  2007.1/x86_64/lib64pq5-devel-8.2.5-0.1mdv2007.1.x86_64.rpm
 d7ea11ad9524fdab20225117b20f2717  2007.1/x86_64/postgresql-8.2.5-0.1mdv2007.1.x86_64.rpm
 1a2e68d503b6903bd2f4934ea768f055  2007.1/x86_64/postgresql-contrib-8.2.5-0.1mdv2007.1.x86_64.rpm
 d877344b20f92228f8021985fa69ab21  2007.1/x86_64/postgresql-devel-8.2.5-0.1mdv2007.1.x86_64.rpm
 757f20c5feecec4087bf006b8cdba0b3  2007.1/x86_64/postgresql-docs-8.2.5-0.1mdv2007.1.x86_64.rpm
 59b65c9035d55e44c28ee37d6b449646  2007.1/x86_64/postgresql-pl-8.2.5-0.1mdv2007.1.x86_64.rpm
 30b2a348faafbf1a1772427207cbd162  2007.1/x86_64/postgresql-plperl-8.2.5-0.1mdv2007.1.x86_64.rpm
 18a270c6a3cf0c8e6135c7d1c19a2328  2007.1/x86_64/postgresql-plpgsql-8.2.5-0.1mdv2007.1.x86_64.rpm
 a75d1de15ff8bb8b888d8d843a3f3f55  2007.1/x86_64/postgresql-plpython-8.2.5-0.1mdv2007.1.x86_64.rpm
 9b6aaeda052fbc274de087987e8681c8  2007.1/x86_64/postgresql-pltcl-8.2.5-0.1mdv2007.1.x86_64.rpm
 8ad62e7c5319a0e2c5b5079512dca7b9  2007.1/x86_64/postgresql-server-8.2.5-0.1mdv2007.1.x86_64.rpm
 b5409350a8877578ab54ae4a0e7f61cd  2007.1/x86_64/postgresql-test-8.2.5-0.1mdv2007.1.x86_64.rpm 
 b8b3ac22c8f39026cfcade15cc2aea94  2007.1/SRPMS/postgresql-8.2.5-0.1mdv2007.1.src.rpm

References