<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:040 - Updated PostgreSQL packages fix multiple vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           postgresql
 Advisory ID:            MDKSA-2005:040
 Date:                   February 17th, 2005

 Affected versions:      10.0, 10.1, Corporate 3.0,
                         Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A number of vulnerabilities were found and corrected in the PostgreSQL
 DBMS:
 
 A flaw in the LOAD command could be abused by a local user to load
 arbitrary shared libraries and as a result execute arbitrary code with
 the privileges of the user running the postgresql server
 (CAN-2005-0227).
 
 A permission checking flaw was found where a local user could bypass
 the EXECUTE permission check for functions using the CREATE AGGREGATE
 command (CAN-2005-0244).
 
 Multiple bufffer overflows were discovered in PL/PgSQL.  A database
 user with permission to create plpgsql functions could trigger these
 flaws which could then lead to arbitrary code execution with the
 privileges of the user running the postgresql server (CAN-2005-0245
 and CAN-2005-0247).
 
 Finally, a flaw in the integer aggregator (intagg) contrib module was
 found.  A user could create carefully crafted arrays and crash the
 server, causing a Denial of Service (CAN-2005-0246).
 
 The updated packages have been patched to correct these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0227
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0244
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0246
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0247
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 16ffc8828537cc68c3677e847bba3423  10.0/RPMS/libecpg3-7.4.1-2.3.100mdk.i586.rpm
 4020d5d5f6f3f54e4d25f84a75ab691d  
10.0/RPMS/libecpg3-devel-7.4.1-2.3.100mdk.i586.rpm
 9232db8cc28358e2d4a3a9edd7a87187  10.0/RPMS/libpgtcl2-7.4.1-2.3.100mdk.i586.rpm
 520b86f7d74d29146e55f74330b1a552  
10.0/RPMS/libpgtcl2-devel-7.4.1-2.3.100mdk.i586.rpm
 d72e9063c841bd43e9242034f474244b  10.0/RPMS/libpq3-7.4.1-2.3.100mdk.i586.rpm
 6419d8bec8b95e4ecaeedebd52c93738  
10.0/RPMS/libpq3-devel-7.4.1-2.3.100mdk.i586.rpm
 7c280a56ab05ea690c766e539c719f99  
10.0/RPMS/postgresql-7.4.1-2.3.100mdk.i586.rpm
 2001b4acc4f4d47b0416a67ef41981fd  
10.0/RPMS/postgresql-contrib-7.4.1-2.3.100mdk.i586.rpm
 4dcc1389b8057ff8200c639ad5a3f4ec  
10.0/RPMS/postgresql-devel-7.4.1-2.3.100mdk.i586.rpm
 453e7a73a7b9dc82ae934cb1e577dc01  
10.0/RPMS/postgresql-docs-7.4.1-2.3.100mdk.i586.rpm
 2e75916c1fba4577305ac550035e4743  
10.0/RPMS/postgresql-jdbc-7.4.1-2.3.100mdk.i586.rpm
 afd194432b0e32084ba5fa8a65f998e2  
10.0/RPMS/postgresql-pl-7.4.1-2.3.100mdk.i586.rpm
 a44ff8f4b5fc39031001e4a9229d572a  
10.0/RPMS/postgresql-server-7.4.1-2.3.100mdk.i586.rpm
 43bc338135c44b923e1fe2a4f8daf2d8  
10.0/RPMS/postgresql-tcl-7.4.1-2.3.100mdk.i586.rpm
 a4b5edb7b50fb00d506f269539291052  
10.0/RPMS/postgresql-test-7.4.1-2.3.100mdk.i586.rpm
 5a2668b9715dff828032beb884f1c13a  
10.0/SRPMS/postgresql-7.4.1-2.3.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 ba8ac7fb475e2458d418a9d28f7a6bdd  
amd64/10.0/RPMS/lib64ecpg3-7.4.1-2.3.100mdk.amd64.rpm
 9aa82839d8707bba9a3f381e541e9eaa  
amd64/10.0/RPMS/lib64ecpg3-devel-7.4.1-2.3.100mdk.amd64.rpm
 e0eea0ccee8fc51fda4b275cee2861d6  
amd64/10.0/RPMS/lib64pgtcl2-7.4.1-2.3.100mdk.amd64.rpm
 f0bfa9d336643270dd80995662af9434  
amd64/10.0/RPMS/lib64pgtcl2-devel-7.4.1-2.3.100mdk.amd64.rpm
 d83ff9d9e546b24091d76aca353d35e2  
amd64/10.0/RPMS/lib64pq3-7.4.1-2.3.100mdk.amd64.rpm
 13dc44f2b9561e42d2a8056fbb699bbb  
amd64/10.0/RPMS/lib64pq3-devel-7.4.1-2.3.100mdk.amd64.rpm
 7d271112bbab112b1fb28b303eb9e0a7  
amd64/10.0/RPMS/postgresql-7.4.1-2.3.100mdk.amd64.rpm
 67a2bb9406e042bea5688d642c337caa  
amd64/10.0/RPMS/postgresql-contrib-7.4.1-2.3.100mdk.amd64.rpm
 56a76464a238ff294c003d28a8200140  
amd64/10.0/RPMS/postgresql-devel-7.4.1-2.3.100mdk.amd64.rpm
 91a14f0eed85c582b631203c1e4f06ac  
amd64/10.0/RPMS/postgresql-docs-7.4.1-2.3.100mdk.amd64.rpm
 fa85691eb7a9324566c4fee3f10076b8  
amd64/10.0/RPMS/postgresql-jdbc-7.4.1-2.3.100mdk.amd64.rpm
 78fd692dc47840cda2bfe8026da94a9e  
amd64/10.0/RPMS/postgresql-pl-7.4.1-2.3.100mdk.amd64.rpm
 803e9e42a9520e987eebc84f2b6775b5  
amd64/10.0/RPMS/postgresql-server-7.4.1-2.3.100mdk.amd64.rpm
 f81990aaf4864f7ff90d6ade4b0e8dc2  
amd64/10.0/RPMS/postgresql-tcl-7.4.1-2.3.100mdk.amd64.rpm
 8c1313adf68fd74632aa90de56206e59  
amd64/10.0/RPMS/postgresql-test-7.4.1-2.3.100mdk.amd64.rpm
 5a2668b9715dff828032beb884f1c13a  
amd64/10.0/SRPMS/postgresql-7.4.1-2.3.100mdk.src.rpm

 Mandrakelinux 10.1:
 cfbf2d0416581890cb92ffbfe85f3148  10.1/RPMS/libecpg3-7.4.5-4.2.101mdk.i586.rpm
 5d06b5ce19f406df2c59c7700aef56b6  
10.1/RPMS/libecpg3-devel-7.4.5-4.2.101mdk.i586.rpm
 fce660063ea19318bb1e3b3ff7a3c3f1  10.1/RPMS/libpgtcl2-7.4.5-4.2.101mdk.i586.rpm
 fa13708a3ce7b8972f6c102409196115  
10.1/RPMS/libpgtcl2-devel-7.4.5-4.2.101mdk.i586.rpm
 d4dbb5f29b2453127e20814c166749a2  10.1/RPMS/libpq3-7.4.5-4.2.101mdk.i586.rpm
 e1c0fb23f3244c0f41e36a24bbd54879  
10.1/RPMS/libpq3-devel-7.4.5-4.2.101mdk.i586.rpm
 26fa14f28369a12a1b94be68ae502429  
10.1/RPMS/postgresql-7.4.5-4.2.101mdk.i586.rpm
 21461b1fcec94edd17d105817664d8d9  
10.1/RPMS/postgresql-contrib-7.4.5-4.2.101mdk.i586.rpm
 7692813ddccb5a365463d0f9644ff4ca  
10.1/RPMS/postgresql-devel-7.4.5-4.2.101mdk.i586.rpm
 8e2040db7835bcce566574da3e7d6cd4  
10.1/RPMS/postgresql-docs-7.4.5-4.2.101mdk.i586.rpm
 b92bfdc895060d4d0802508632105035  
10.1/RPMS/postgresql-jdbc-7.4.5-4.2.101mdk.i586.rpm
 db2c90c7c39c013c013d2d3d9d113765  
10.1/RPMS/postgresql-pl-7.4.5-4.2.101mdk.i586.rpm
 c7613cdabf7e94505eaf7c87184a16f9  
10.1/RPMS/postgresql-server-7.4.5-4.2.101mdk.i586.rpm
 41f893da26544b0fa198e6279c170f07  
10.1/RPMS/postgresql-tcl-7.4.5-4.2.101mdk.i586.rpm
 0454c551cfc2d85561973ccd67c2b91d  
10.1/RPMS/postgresql-test-7.4.5-4.2.101mdk.i586.rpm
 eb44e6b640cda424b0b07a68f1a52dec  
10.1/SRPMS/postgresql-7.4.5-4.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 c3d7002d1791bfd467201e1e3ec45813  
x86_64/10.1/RPMS/lib64ecpg3-7.4.5-4.2.101mdk.x86_64.rpm
 3588072e4ac37d48ce17b19af768ff53  
x86_64/10.1/RPMS/lib64ecpg3-devel-7.4.5-4.2.101mdk.x86_64.rpm
 944c52672e0a156a063e4b9d23be5434  
x86_64/10.1/RPMS/lib64pgtcl2-7.4.5-4.2.101mdk.x86_64.rpm
 3392f7f1bb345198e7db0c5ecda9614e  
x86_64/10.1/RPMS/lib64pgtcl2-devel-7.4.5-4.2.101mdk.x86_64.rpm
 91c6169bc0c6a30d2ca6c3081e7531d3  
x86_64/10.1/RPMS/lib64pq3-7.4.5-4.2.101mdk.x86_64.rpm
 0006b0af52c0f07140ad62f2551a2b75  
x86_64/10.1/RPMS/lib64pq3-devel-7.4.5-4.2.101mdk.x86_64.rpm
 84e54857dd38ceb0331cf7d6afa873f2  
x86_64/10.1/RPMS/postgresql-7.4.5-4.2.101mdk.x86_64.rpm
 d53d51c03e9cf6b2111aec6c2bbecce4  
x86_64/10.1/RPMS/postgresql-contrib-7.4.5-4.2.101mdk.x86_64.rpm
 0a367e8f05859e51fc9c7aa43a77c196  
x86_64/10.1/RPMS/postgresql-devel-7.4.5-4.2.101mdk.x86_64.rpm
 f02047b426694df93a3995251f210e51  
x86_64/10.1/RPMS/postgresql-docs-7.4.5-4.2.101mdk.x86_64.rpm
 441f29064e398dfcb81344c2ab1c97df  
x86_64/10.1/RPMS/postgresql-jdbc-7.4.5-4.2.101mdk.x86_64.rpm
 d0009a4a3e40bd4dbb366cbbd209b75f  
x86_64/10.1/RPMS/postgresql-pl-7.4.5-4.2.101mdk.x86_64.rpm
 ad7747cd7531512f4137ec3fc53bb678  
x86_64/10.1/RPMS/postgresql-server-7.4.5-4.2.101mdk.x86_64.rpm
 a8e723d3059d6464b9543781bac73b13  
x86_64/10.1/RPMS/postgresql-tcl-7.4.5-4.2.101mdk.x86_64.rpm
 8f5bfc4b116ab384a51f5d4f3898a87a  
x86_64/10.1/RPMS/postgresql-test-7.4.5-4.2.101mdk.x86_64.rpm
 eb44e6b640cda424b0b07a68f1a52dec  
x86_64/10.1/SRPMS/postgresql-7.4.5-4.2.101mdk.src.rpm

 Corporate Server 2.1:
 07828dc552fa6bb7ec317629506bbaec  
corporate/2.1/RPMS/libecpg3-7.2.2-1.6.C21mdk.i586.rpm
 1b22046007724c7f2d53daa27bf6aa97  
corporate/2.1/RPMS/libpgperl-7.2.2-1.6.C21mdk.i586.rpm
 543c329b9a40d115fc4cbed5a960f5d8  
corporate/2.1/RPMS/libpgsql2-7.2.2-1.6.C21mdk.i586.rpm
 aa6041f4e4ca1a5e1bc16f1d977940b1  
corporate/2.1/RPMS/libpgsqlodbc0-7.2.2-1.6.C21mdk.i586.rpm
 3cb3c7a6d281dc612df295c2bdb9f0c2  
corporate/2.1/RPMS/libpgtcl2-7.2.2-1.6.C21mdk.i586.rpm
 3e2f09fa209071e921e3d8e0e5b1351c  
corporate/2.1/RPMS/postgresql-7.2.2-1.6.C21mdk.i586.rpm
 d3d7ef771756c8e84e159601a4b10866  
corporate/2.1/RPMS/postgresql-contrib-7.2.2-1.6.C21mdk.i586.rpm
 a443fa9d365d6d9a14078868697fd67e  
corporate/2.1/RPMS/postgresql-devel-7.2.2-1.6.C21mdk.i586.rpm
 f03e1880bcf194e0acbfddb5a6448ec7  
corporate/2.1/RPMS/postgresql-docs-7.2.2-1.6.C21mdk.i586.rpm
 0987e784211fdc488ec199543deba1db  
corporate/2.1/RPMS/postgresql-jdbc-7.2.2-1.6.C21mdk.i586.rpm
 99e748cea890e06a38c5313a7cd92672  
corporate/2.1/RPMS/postgresql-python-7.2.2-1.6.C21mdk.i586.rpm
 ff9096291b65bd3df3b2d54b9f0cd33d  
corporate/2.1/RPMS/postgresql-server-7.2.2-1.6.C21mdk.i586.rpm
 228bc6d5a908e93c916d125ee0f05ae0  
corporate/2.1/RPMS/postgresql-tcl-7.2.2-1.6.C21mdk.i586.rpm
 308a1ec1153ee10773198a55eab564a2  
corporate/2.1/RPMS/postgresql-test-7.2.2-1.6.C21mdk.i586.rpm
 c8b5f9daf5cab602786e1b1a860a9618  
corporate/2.1/RPMS/postgresql-tk-7.2.2-1.6.C21mdk.i586.rpm
 7796f01877c9b9d9b8e3820525cab446  
corporate/2.1/SRPMS/postgresql-7.2.2-1.6.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 967ecc436c88f3d2f608f785ecae7fdf  
x86_64/corporate/2.1/RPMS/libecpg3-7.2.2-1.6.C21mdk.x86_64.rpm
 e05af552003ffd68fbcb272cb2612392  
x86_64/corporate/2.1/RPMS/libpgperl-7.2.2-1.6.C21mdk.x86_64.rpm
 621c6fd539691fba7c17ea952834a9e0  
x86_64/corporate/2.1/RPMS/libpgsql2-7.2.2-1.6.C21mdk.x86_64.rpm
 126c387736352aa517d2d1b0192d68c7  
x86_64/corporate/2.1/RPMS/libpgsqlodbc0-7.2.2-1.6.C21mdk.x86_64.rpm
 93971eeef37a3240cf2230252fe4f102  
x86_64/corporate/2.1/RPMS/libpgtcl2-7.2.2-1.6.C21mdk.x86_64.rpm
 9987aec07e00da4b080be380ffaeda06  
x86_64/corporate/2.1/RPMS/postgresql-7.2.2-1.6.C21mdk.x86_64.rpm
 bc534eb525ace51b90a7242006c1d8d1  
x86_64/corporate/2.1/RPMS/postgresql-contrib-7.2.2-1.6.C21mdk.x86_64.rpm
 797ef3bd86d8f6c124fe31f6d954dc45  
x86_64/corporate/2.1/RPMS/postgresql-devel-7.2.2-1.6.C21mdk.x86_64.rpm
 1ac00353ef746416c66c9f9f5342566a  
x86_64/corporate/2.1/RPMS/postgresql-docs-7.2.2-1.6.C21mdk.x86_64.rpm
 70abda3fd5a1b1fc7a120452e6a357be  
x86_64/corporate/2.1/RPMS/postgresql-jdbc-7.2.2-1.6.C21mdk.x86_64.rpm
 228e3a15542579e652bd0011a18d0a33  
x86_64/corporate/2.1/RPMS/postgresql-python-7.2.2-1.6.C21mdk.x86_64.rpm
 40a38bfcfdbdbb89a3f545be7a38cc02  
x86_64/corporate/2.1/RPMS/postgresql-server-7.2.2-1.6.C21mdk.x86_64.rpm
 d656d3014fab927f6ed576c2f2b0fab2  
x86_64/corporate/2.1/RPMS/postgresql-tcl-7.2.2-1.6.C21mdk.x86_64.rpm
 35fab1227bfc8714b8b3adb906934f4f  
x86_64/corporate/2.1/RPMS/postgresql-test-7.2.2-1.6.C21mdk.x86_64.rpm
 a3e17c5b1e601651125753d743ddbdf2  
x86_64/corporate/2.1/RPMS/postgresql-tk-7.2.2-1.6.C21mdk.x86_64.rpm
 7796f01877c9b9d9b8e3820525cab446  
x86_64/corporate/2.1/SRPMS/postgresql-7.2.2-1.6.C21mdk.src.rpm

 Corporate 3.0:
 703f412b51e8a67f4fe730001fff869a  
corporate/3.0/RPMS/libecpg3-7.4.1-2.3.C30mdk.i586.rpm
 9f110cf2987d1640aad133466a370ac9  
corporate/3.0/RPMS/libecpg3-devel-7.4.1-2.3.C30mdk.i586.rpm
 15faf2e314a2f58576bc767873f38dd5  
corporate/3.0/RPMS/libpgtcl2-7.4.1-2.3.C30mdk.i586.rpm
 453a316a93ed80391c90d7d5f1f3a6a2  
corporate/3.0/RPMS/libpgtcl2-devel-7.4.1-2.3.C30mdk.i586.rpm
 f1cdf3eb4c3c2de0258da3aa96f28b51  
corporate/3.0/RPMS/libpq3-7.4.1-2.3.C30mdk.i586.rpm
 b812a36bcfbfa5ff5e1277916427fed4  
corporate/3.0/RPMS/libpq3-devel-7.4.1-2.3.C30mdk.i586.rpm
 c14ee05bd18670aa32daadf7874058ea  
corporate/3.0/RPMS/postgresql-7.4.1-2.3.C30mdk.i586.rpm
 480c6b12fd9f67b461565150990d94dd  
corporate/3.0/RPMS/postgresql-contrib-7.4.1-2.3.C30mdk.i586.rpm
 3eeddc76a7a76e27f182ba4cb1b17e42  
corporate/3.0/RPMS/postgresql-devel-7.4.1-2.3.C30mdk.i586.rpm
 485b6c829446ea045279be079e1fa072  
corporate/3.0/RPMS/postgresql-docs-7.4.1-2.3.C30mdk.i586.rpm
 8bd2d6305f5251ba836c18f75d988227  
corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.3.C30mdk.i586.rpm
 641f0a542a38f4c11ab4dc3ef4342276  
corporate/3.0/RPMS/postgresql-pl-7.4.1-2.3.C30mdk.i586.rpm
 c3159ed459277846c1039bba90311b95  
corporate/3.0/RPMS/postgresql-server-7.4.1-2.3.C30mdk.i586.rpm
 b21d6d84e624db0392e574a169502061  
corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.3.C30mdk.i586.rpm
 cdb56ad60e5873d9352e368f38e0ff4d  
corporate/3.0/RPMS/postgresql-test-7.4.1-2.3.C30mdk.i586.rpm
 9b08dd32f213eb5d72eefdb1180d4e07  
corporate/3.0/SRPMS/postgresql-7.4.1-2.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 1fea9bc21a5abc4f82b8d7daaa303536  
x86_64/corporate/3.0/RPMS/lib64ecpg3-7.4.1-2.3.C30mdk.x86_64.rpm
 551d09da754f2df20149be16bb6db2d4  
x86_64/corporate/3.0/RPMS/lib64ecpg3-devel-7.4.1-2.3.C30mdk.x86_64.rpm
 47fa740b136759bc2994ae7ec835a94f  
x86_64/corporate/3.0/RPMS/lib64pgtcl2-7.4.1-2.3.C30mdk.x86_64.rpm
 de25619797d5158ced82900075b3936d  
x86_64/corporate/3.0/RPMS/lib64pgtcl2-devel-7.4.1-2.3.C30mdk.x86_64.rpm
 d91013404c9707cd0ae118a463ff0c6f  
x86_64/corporate/3.0/RPMS/lib64pq3-7.4.1-2.3.C30mdk.x86_64.rpm
 71dcfe4eb96aba1530434daa07fd6eed  
x86_64/corporate/3.0/RPMS/lib64pq3-devel-7.4.1-2.3.C30mdk.x86_64.rpm
 3f168888bf5efd05ef6fd719d9c01917  
x86_64/corporate/3.0/RPMS/postgresql-7.4.1-2.3.C30mdk.x86_64.rpm
 6c8dd16779bc40266cd64f1f412d2102  
x86_64/corporate/3.0/RPMS/postgresql-contrib-7.4.1-2.3.C30mdk.x86_64.rpm
 75c1a72e9cbb770c1a236ab6ddb2ab76  
x86_64/corporate/3.0/RPMS/postgresql-devel-7.4.1-2.3.C30mdk.x86_64.rpm
 f0025782e729ec6b411fdf8571c77144  
x86_64/corporate/3.0/RPMS/postgresql-docs-7.4.1-2.3.C30mdk.x86_64.rpm
 49f9232aecedb50ad4aa2d1dcfa701a5  
x86_64/corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.3.C30mdk.x86_64.rpm
 7c26529d41d00b88ea641d93bf1a52b7  
x86_64/corporate/3.0/RPMS/postgresql-pl-7.4.1-2.3.C30mdk.x86_64.rpm
 e329a502d793ac88c26b378558cd8578  
x86_64/corporate/3.0/RPMS/postgresql-server-7.4.1-2.3.C30mdk.x86_64.rpm
 c0864e32bdd125df52263916125bad7b  
x86_64/corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.3.C30mdk.x86_64.rpm
 e8f6a709d4809fd20f2b0842cbfac96a  
x86_64/corporate/3.0/RPMS/postgresql-test-7.4.1-2.3.C30mdk.x86_64.rpm
 9b08dd32f213eb5d72eefdb1180d4e07  
x86_64/corporate/3.0/SRPMS/postgresql-7.4.1-2.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCFVV1mqjQ0CJFipgRAuyjAJ4xpmPIrl4D+T/KF1VaE3l3wP642QCgzk0x
fMnuQu4mRw4/d6UuU5cykDQ=
=Fyd+
-----END PGP SIGNATURE-----