<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2006:194 ] - Updated PostgreSQL packages fix vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:194
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : postgresql
 Date    : October 30, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in PostgreSQL 8.1.x allowed remote authenticated users
 to cause a Denial of Service (daemon crash) via certain aggregate
 functions in an UPDATE statement which were not handled correctly
 (CVE-2006-5540).

 Another DoS issue in PostgreSQL 7.4.x, 8.0.x, and 8.1.x allowed remote
 authenticated users to crash the daemon via a coercion of an unknown
 element to ANYARRAY (CVE-2006-5541).

 Finally, another vulnerability in 8.1.x could allow a remote
 authenticated user to cause a DoS related to duration logging of
 V3-protocol Execute message for COMMIT and ROLLBACK statements
 (CVE-2006-5542).

 This updated provides the latest 8.0.x and 8.1.x PostgreSQL versions
 and patches the version of PostgreSQL shipped with Corporate 3.0.

 After installing this upgrade, you will need to execute "service
 postgresql restart" for it to take effect.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5540
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5541
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5542
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 1fb571748d2c90bd15e3cd8fd8f2ce44  
2006.0/i586/libecpg5-8.0.9-0.1.20060mdk.i586.rpm
 ed4f5712c8981cad55401043600820cf  
2006.0/i586/libecpg5-devel-8.0.9-0.1.20060mdk.i586.rpm
 0466a77d44a3b0dadd9c4f3e50339eb5  
2006.0/i586/libpq4-8.0.9-0.1.20060mdk.i586.rpm
 1149c289545be7a75d702665672d5191  
2006.0/i586/libpq4-devel-8.0.9-0.1.20060mdk.i586.rpm
 01bf40cba5982c032fe7c30890ea4ba3  
2006.0/i586/postgresql-8.0.9-0.1.20060mdk.i586.rpm
 43b86ce619e0e838dabe50a4db0de4b5  
2006.0/i586/postgresql-contrib-8.0.9-0.1.20060mdk.i586.rpm
 d04bbd08d8a46211738e8ce6f1bf4e32  
2006.0/i586/postgresql-devel-8.0.9-0.1.20060mdk.i586.rpm
 0ca91af936b21233550407b77a062d17  
2006.0/i586/postgresql-docs-8.0.9-0.1.20060mdk.i586.rpm
 9d7db675ef8020751378eddff8472940  
2006.0/i586/postgresql-jdbc-8.0.9-0.1.20060mdk.i586.rpm
 8b02452736d9b74b563f859f14427f26  
2006.0/i586/postgresql-pl-8.0.9-0.1.20060mdk.i586.rpm
 d6044790a99203e54f036bd81b236bb6  
2006.0/i586/postgresql-plperl-8.0.9-0.1.20060mdk.i586.rpm
 2fda8e8a6fa08089aac4b0862b68553b  
2006.0/i586/postgresql-plpgsql-8.0.9-0.1.20060mdk.i586.rpm
 eff79cf24be0c26d58ee2995b12bb130  
2006.0/i586/postgresql-plpython-8.0.9-0.1.20060mdk.i586.rpm
 fd72f96206ef85c1b55488bb68462408  
2006.0/i586/postgresql-pltcl-8.0.9-0.1.20060mdk.i586.rpm
 f5904aecf7f0eaf88d5ec7cf80a910da  
2006.0/i586/postgresql-server-8.0.9-0.1.20060mdk.i586.rpm
 1477b09a635ca665aef8ba43d6ee5c2e  
2006.0/i586/postgresql-test-8.0.9-0.1.20060mdk.i586.rpm 
 ff24736bd204ad38a014215bd32a006a  
2006.0/SRPMS/postgresql-8.0.9-0.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 5fc89eca9286a691155eb5e53519af42  
2006.0/x86_64/lib64ecpg5-8.0.9-0.1.20060mdk.x86_64.rpm
 00de88aa7317e47520524e433df4983d  
2006.0/x86_64/lib64ecpg5-devel-8.0.9-0.1.20060mdk.x86_64.rpm
 cf2533c6dd26873da1df50f310669acd  
2006.0/x86_64/lib64pq4-8.0.9-0.1.20060mdk.x86_64.rpm
 8ea480eb47f34581a647820f3a9b2a6c  
2006.0/x86_64/lib64pq4-devel-8.0.9-0.1.20060mdk.x86_64.rpm
 f021ef750b2705421014f90ade870d43  
2006.0/x86_64/postgresql-8.0.9-0.1.20060mdk.x86_64.rpm
 adbdd69d8ae11e1b068c58f25d8f64eb  
2006.0/x86_64/postgresql-contrib-8.0.9-0.1.20060mdk.x86_64.rpm
 e35b8a7ee77fd1a5a6a031016514b195  
2006.0/x86_64/postgresql-devel-8.0.9-0.1.20060mdk.x86_64.rpm
 314b05df0f065843135a4d4920fc2599  
2006.0/x86_64/postgresql-docs-8.0.9-0.1.20060mdk.x86_64.rpm
 5a6d3aaa058ea31eb1e05e54104d5350  
2006.0/x86_64/postgresql-jdbc-8.0.9-0.1.20060mdk.x86_64.rpm
 32fb058d2d478c505a1f3957dcb7c994  
2006.0/x86_64/postgresql-pl-8.0.9-0.1.20060mdk.x86_64.rpm
 f1a1d5a54e4ac529744eeca2de780066  
2006.0/x86_64/postgresql-plperl-8.0.9-0.1.20060mdk.x86_64.rpm
 76665f281a7696f710fc2dc9a8138374  
2006.0/x86_64/postgresql-plpgsql-8.0.9-0.1.20060mdk.x86_64.rpm
 ff50a1b54276a6d5d80689ef1d8069ff  
2006.0/x86_64/postgresql-plpython-8.0.9-0.1.20060mdk.x86_64.rpm
 19ea6350ab699a2224325b2de5ebd84b  
2006.0/x86_64/postgresql-pltcl-8.0.9-0.1.20060mdk.x86_64.rpm
 bdaf40227e8352392a33be14f546bf72  
2006.0/x86_64/postgresql-server-8.0.9-0.1.20060mdk.x86_64.rpm
 f3729161d74e40ec9755f4d6ed00719c  
2006.0/x86_64/postgresql-test-8.0.9-0.1.20060mdk.x86_64.rpm 
 ff24736bd204ad38a014215bd32a006a  
2006.0/SRPMS/postgresql-8.0.9-0.1.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 ac56fa5052022abcd0e14020b358f405  
2007.0/i586/libecpg5-8.1.5-1.1mdv2007.0.i586.rpm
 3478d9db597de1ca4301f215dc0d723b  
2007.0/i586/libecpg5-devel-8.1.5-1.1mdv2007.0.i586.rpm
 8a3118cd7c30bd148f8c28eb67634ed4  
2007.0/i586/libpq4-8.1.5-1.1mdv2007.0.i586.rpm
 faf39e2ca0b08d3f3fecb653c29cb3ee  
2007.0/i586/libpq4-devel-8.1.5-1.1mdv2007.0.i586.rpm
 9455b83b95b34dcc4f63cae6bb09ba43  
2007.0/i586/postgresql-8.1.5-1.1mdv2007.0.i586.rpm
 73ad9b8f3b64f30606df8df0c9c50cae  
2007.0/i586/postgresql-contrib-8.1.5-1.1mdv2007.0.i586.rpm
 f413df37137b6442f8f0f98f90cdd0f2  
2007.0/i586/postgresql-devel-8.1.5-1.1mdv2007.0.i586.rpm
 1ea0dbdee49b367698c4a154328a9c2a  
2007.0/i586/postgresql-docs-8.1.5-1.1mdv2007.0.i586.rpm
 4c05a60ab179ccf2bf0d26b516976abf  
2007.0/i586/postgresql-pl-8.1.5-1.1mdv2007.0.i586.rpm
 25e2b5df178be8deb2f2f2bfeae29d48  
2007.0/i586/postgresql-plperl-8.1.5-1.1mdv2007.0.i586.rpm
 eee6444693f723372a287d62dc2ea0da  
2007.0/i586/postgresql-plpgsql-8.1.5-1.1mdv2007.0.i586.rpm
 08044754f6a3bb70aab008e0f91395f1  
2007.0/i586/postgresql-plpython-8.1.5-1.1mdv2007.0.i586.rpm
 a75b7c287e4946f3ff4c2b66be1f8931  
2007.0/i586/postgresql-pltcl-8.1.5-1.1mdv2007.0.i586.rpm
 46150f94055d88e114d6d7563a0a2af6  
2007.0/i586/postgresql-server-8.1.5-1.1mdv2007.0.i586.rpm
 c1c48e44ea40621c7b9166161bafbdbd  
2007.0/i586/postgresql-test-8.1.5-1.1mdv2007.0.i586.rpm 
 2445c13c47075faa93f8a74c1dff9b15  
2007.0/SRPMS/postgresql-8.1.5-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 c9f5a2bd635f3a8f71a642fdb0c61a70  
2007.0/x86_64/lib64ecpg5-8.1.5-1.1mdv2007.0.x86_64.rpm
 97356c96c606e93ea935929817e1bdf9  
2007.0/x86_64/lib64ecpg5-devel-8.1.5-1.1mdv2007.0.x86_64.rpm
 df65534147d923dfd8aed7cecd15d2b1  
2007.0/x86_64/lib64pq4-8.1.5-1.1mdv2007.0.x86_64.rpm
 88b41f69996829f9113afbc526630431  
2007.0/x86_64/lib64pq4-devel-8.1.5-1.1mdv2007.0.x86_64.rpm
 c721cb020ae8d47d3953a9b5d3942b58  
2007.0/x86_64/postgresql-8.1.5-1.1mdv2007.0.x86_64.rpm
 92a27c6b77e20e943781dcf117e36439  
2007.0/x86_64/postgresql-contrib-8.1.5-1.1mdv2007.0.x86_64.rpm
 67ba2ad1be4c65c711f443178a32364e  
2007.0/x86_64/postgresql-devel-8.1.5-1.1mdv2007.0.x86_64.rpm
 4ed8e29d73fffe92e7d90a8cd913ca18  
2007.0/x86_64/postgresql-docs-8.1.5-1.1mdv2007.0.x86_64.rpm
 932fb1d2b0592953fa9d6a931140d6a2  
2007.0/x86_64/postgresql-pl-8.1.5-1.1mdv2007.0.x86_64.rpm
 299452ce74af7d7a5913a292bf649ac2  
2007.0/x86_64/postgresql-plperl-8.1.5-1.1mdv2007.0.x86_64.rpm
 f0477ff759d4026051e68a927f7ee0d4  
2007.0/x86_64/postgresql-plpgsql-8.1.5-1.1mdv2007.0.x86_64.rpm
 0dd0e8a435d403ea8fffcc8f4d708070  
2007.0/x86_64/postgresql-plpython-8.1.5-1.1mdv2007.0.x86_64.rpm
 a42972ca797bebef9faa861fd32917fa  
2007.0/x86_64/postgresql-pltcl-8.1.5-1.1mdv2007.0.x86_64.rpm
 201faf962540b78f49fb1c6ad6657c57  
2007.0/x86_64/postgresql-server-8.1.5-1.1mdv2007.0.x86_64.rpm
 f307467b7567da24cd4e46fb8745e05f  
2007.0/x86_64/postgresql-test-8.1.5-1.1mdv2007.0.x86_64.rpm 
 2445c13c47075faa93f8a74c1dff9b15  
2007.0/SRPMS/postgresql-8.1.5-1.1mdv2007.0.src.rpm

 Corporate 3.0:
 ea5314d8ea3b3f18c0075aff95bc7200  
corporate/3.0/i586/libecpg3-7.4.1-2.7.C30mdk.i586.rpm
 23c6670398f27abf928992a9812fc578  
corporate/3.0/i586/libecpg3-devel-7.4.1-2.7.C30mdk.i586.rpm
 101e16a7faf1a6920d24af4ccc66e319  
corporate/3.0/i586/libpgtcl2-7.4.1-2.7.C30mdk.i586.rpm
 ca2d39a28d8c86fa1ff2e1f8ed510e89  
corporate/3.0/i586/libpgtcl2-devel-7.4.1-2.7.C30mdk.i586.rpm
 bc955518e6ad3315226fe5ab14ffc6d7  
corporate/3.0/i586/libpq3-7.4.1-2.7.C30mdk.i586.rpm
 f65ec0a99e111f76e7bb6e515648cd0a  
corporate/3.0/i586/libpq3-devel-7.4.1-2.7.C30mdk.i586.rpm
 e47e849098af0d788b406a982391edbe  
corporate/3.0/i586/postgresql-7.4.1-2.7.C30mdk.i586.rpm
 4435fecede0b88db775c2c9aee378158  
corporate/3.0/i586/postgresql-contrib-7.4.1-2.7.C30mdk.i586.rpm
 033ad03ff0dd8632d420f16993a7d7ec  
corporate/3.0/i586/postgresql-devel-7.4.1-2.7.C30mdk.i586.rpm
 4b795893f10706b85f51502e403b4044  
corporate/3.0/i586/postgresql-docs-7.4.1-2.7.C30mdk.i586.rpm
 7e784bcba9573e52774256c8b3219c1e  
corporate/3.0/i586/postgresql-jdbc-7.4.1-2.7.C30mdk.i586.rpm
 58d483706e95cd39a5df02a32a7b81d4  
corporate/3.0/i586/postgresql-pl-7.4.1-2.7.C30mdk.i586.rpm
 766327598604b042b2311489ce876a99  
corporate/3.0/i586/postgresql-server-7.4.1-2.7.C30mdk.i586.rpm
 81c7ca36c3e6dabc88c03cbe4134a7d2  
corporate/3.0/i586/postgresql-tcl-7.4.1-2.7.C30mdk.i586.rpm
 9fc697243ac48f3553de9b1ff6500965  
corporate/3.0/i586/postgresql-test-7.4.1-2.7.C30mdk.i586.rpm 
 a43af6d9f276cc26e1c35aca23ef2bbc  
corporate/3.0/SRPMS/postgresql-7.4.1-2.7.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 34954f43ad725af7530b6232bd5bd556  
corporate/3.0/x86_64/lib64ecpg3-7.4.1-2.7.C30mdk.x86_64.rpm
 761e273759dfab143dc126f48d511b45  
corporate/3.0/x86_64/lib64ecpg3-devel-7.4.1-2.7.C30mdk.x86_64.rpm
 517c15b8f4a1d54a4c950220c25dd23b  
corporate/3.0/x86_64/lib64pgtcl2-7.4.1-2.7.C30mdk.x86_64.rpm
 a10677a6af9609fbf8f05526ce9caec6  
corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.1-2.7.C30mdk.x86_64.rpm
 4a5b755a9dbbe425bef61e6269da112f  
corporate/3.0/x86_64/lib64pq3-7.4.1-2.7.C30mdk.x86_64.rpm
 3a4c7d4ef3830c057adb3aa47655d21a  
corporate/3.0/x86_64/lib64pq3-devel-7.4.1-2.7.C30mdk.x86_64.rpm
 e7fe9777ad5637ba96a1260c77a373e0  
corporate/3.0/x86_64/postgresql-7.4.1-2.7.C30mdk.x86_64.rpm
 4f492571534522371d1b6bc6dc27b02c  
corporate/3.0/x86_64/postgresql-contrib-7.4.1-2.7.C30mdk.x86_64.rpm
 7ca9240f5038a2d90da56b31fc698824  
corporate/3.0/x86_64/postgresql-devel-7.4.1-2.7.C30mdk.x86_64.rpm
 7a92752be990700ef7ef1cde076c7bb0  
corporate/3.0/x86_64/postgresql-docs-7.4.1-2.7.C30mdk.x86_64.rpm
 3c660c199d346b565706be8cd1f94196  
corporate/3.0/x86_64/postgresql-jdbc-7.4.1-2.7.C30mdk.x86_64.rpm
 a742de9115bf59fcf57e97f6d4bde9a5  
corporate/3.0/x86_64/postgresql-pl-7.4.1-2.7.C30mdk.x86_64.rpm
 69599b34d2fa9ab8a35dc76acefbaebb  
corporate/3.0/x86_64/postgresql-server-7.4.1-2.7.C30mdk.x86_64.rpm
 5d049cafa926f353f2d999af21511b5b  
corporate/3.0/x86_64/postgresql-tcl-7.4.1-2.7.C30mdk.x86_64.rpm
 f495fdcccc678549b1984a20d6d29134  
corporate/3.0/x86_64/postgresql-test-7.4.1-2.7.C30mdk.x86_64.rpm 
 a43af6d9f276cc26e1c35aca23ef2bbc  
corporate/3.0/SRPMS/postgresql-7.4.1-2.7.C30mdk.src.rpm

 Corporate 4.0:
 7377cc8a31eef5d5862075e95574c042  
corporate/4.0/i586/libecpg5-8.1.5-0.1.20060mlcs4.i586.rpm
 af17c7a5144cf9c234b785fe6cf341ee  
corporate/4.0/i586/libecpg5-devel-8.1.5-0.1.20060mlcs4.i586.rpm
 6ccbc4dcd5546a264c4e7e8172f50ed9  
corporate/4.0/i586/libpq4-8.1.5-0.1.20060mlcs4.i586.rpm
 2a3d0e8816cce25df125b943c6862fbb  
corporate/4.0/i586/libpq4-devel-8.1.5-0.1.20060mlcs4.i586.rpm
 a58c5c6ee6dc30d7be1193c73d5976c8  
corporate/4.0/i586/postgresql-8.1.5-0.1.20060mlcs4.i586.rpm
 d313f326da2c44bb6dd5db7aa9bba64a  
corporate/4.0/i586/postgresql-contrib-8.1.5-0.1.20060mlcs4.i586.rpm
 7d902b81a6bbfaca675b09143553406c  
corporate/4.0/i586/postgresql-devel-8.1.5-0.1.20060mlcs4.i586.rpm
 0c901f454fa377a319aafc3c5dec9675  
corporate/4.0/i586/postgresql-docs-8.1.5-0.1.20060mlcs4.i586.rpm
 2e593d9d3fa83c175eac3f12ad9e45a1  
corporate/4.0/i586/postgresql-pl-8.1.5-0.1.20060mlcs4.i586.rpm
 47d521dbd90198753aab1a70a11081ea  
corporate/4.0/i586/postgresql-plperl-8.1.5-0.1.20060mlcs4.i586.rpm
 cfdf1d454446d5638e2bb0ab1c66522b  
corporate/4.0/i586/postgresql-plpgsql-8.1.5-0.1.20060mlcs4.i586.rpm
 9c9d461b05bb5843668f950592805d59  
corporate/4.0/i586/postgresql-plpython-8.1.5-0.1.20060mlcs4.i586.rpm
 a3e7bffc4a5538ff1177a9cbf1a5ca6b  
corporate/4.0/i586/postgresql-pltcl-8.1.5-0.1.20060mlcs4.i586.rpm
 f7e14aa31b44838a3fdec11ea353f2de  
corporate/4.0/i586/postgresql-server-8.1.5-0.1.20060mlcs4.i586.rpm
 8a38fe370cc5003e3556d83b39ff8dc1  
corporate/4.0/i586/postgresql-test-8.1.5-0.1.20060mlcs4.i586.rpm 
 ff0ac92c00839335e1514eb0c3ed52e4  
corporate/4.0/SRPMS/postgresql-8.1.5-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 7f2c7a45cfda3307178149237df2f6bd  
corporate/4.0/x86_64/lib64ecpg5-8.1.5-0.1.20060mlcs4.x86_64.rpm
 eda7da21931ef9d9b234e1b570bbe61c  
corporate/4.0/x86_64/lib64ecpg5-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm
 ab765fe8f17e0fe3f13039755305d852  
corporate/4.0/x86_64/lib64pq4-8.1.5-0.1.20060mlcs4.x86_64.rpm
 0e78d974ee02cd74123508c7f85a6e08  
corporate/4.0/x86_64/lib64pq4-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm
 d779d763187c574e4eaaeb2e1e4137e2  
corporate/4.0/x86_64/postgresql-8.1.5-0.1.20060mlcs4.x86_64.rpm
 8ffb912e00dbde3a9554e18367b9aad4  
corporate/4.0/x86_64/postgresql-contrib-8.1.5-0.1.20060mlcs4.x86_64.rpm
 1510c836a5d1975322d2f57f6827f8ae  
corporate/4.0/x86_64/postgresql-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm
 21fed3a03cff7118fd02a207e5a639a2  
corporate/4.0/x86_64/postgresql-docs-8.1.5-0.1.20060mlcs4.x86_64.rpm
 cf226c1042bc4dab1a53e81b2452ff0e  
corporate/4.0/x86_64/postgresql-pl-8.1.5-0.1.20060mlcs4.x86_64.rpm
 a027caad15e8b0e4a41743774e686737  
corporate/4.0/x86_64/postgresql-plperl-8.1.5-0.1.20060mlcs4.x86_64.rpm
 b34462b8c3a671e602758f5ccdff1e02  
corporate/4.0/x86_64/postgresql-plpgsql-8.1.5-0.1.20060mlcs4.x86_64.rpm
 010df242aead3b2a30d1892508f3060f  
corporate/4.0/x86_64/postgresql-plpython-8.1.5-0.1.20060mlcs4.x86_64.rpm
 f3f7ccfec77ba15d04a11b9bfa7662ae  
corporate/4.0/x86_64/postgresql-pltcl-8.1.5-0.1.20060mlcs4.x86_64.rpm
 15602549144e5445384aec5ae8378083  
corporate/4.0/x86_64/postgresql-server-8.1.5-0.1.20060mlcs4.x86_64.rpm
 0937f8b274f06f7485671ab6fe29e914  
corporate/4.0/x86_64/postgresql-test-8.1.5-0.1.20060mlcs4.x86_64.rpm 
 ff0ac92c00839335e1514eb0c3ed52e4  
corporate/4.0/SRPMS/postgresql-8.1.5-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFRos7mqjQ0CJFipgRAiqMAJ9+dxlWXvh/9K3fp5sCIVlFCcOuOACePkNj
+YB22ZQxAXehK90Llcv6TEs=
=XPKB
-----END PGP SIGNATURE-----