[ MDKSA-2006:194 ] - Updated PostgreSQL packages fix vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:194
http://www.mandriva.com/security/
_______________________________________________________________________
Package : postgresql
Date : October 30, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability in PostgreSQL 8.1.x allowed remote authenticated users
to cause a Denial of Service (daemon crash) via certain aggregate
functions in an UPDATE statement which were not handled correctly
(CVE-2006-5540).
Another DoS issue in PostgreSQL 7.4.x, 8.0.x, and 8.1.x allowed remote
authenticated users to crash the daemon via a coercion of an unknown
element to ANYARRAY (CVE-2006-5541).
Finally, another vulnerability in 8.1.x could allow a remote
authenticated user to cause a DoS related to duration logging of
V3-protocol Execute message for COMMIT and ROLLBACK statements
(CVE-2006-5542).
This updated provides the latest 8.0.x and 8.1.x PostgreSQL versions
and patches the version of PostgreSQL shipped with Corporate 3.0.
After installing this upgrade, you will need to execute "service
postgresql restart" for it to take effect.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5542
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
1fb571748d2c90bd15e3cd8fd8f2ce44
2006.0/i586/libecpg5-8.0.9-0.1.20060mdk.i586.rpm
ed4f5712c8981cad55401043600820cf
2006.0/i586/libecpg5-devel-8.0.9-0.1.20060mdk.i586.rpm
0466a77d44a3b0dadd9c4f3e50339eb5
2006.0/i586/libpq4-8.0.9-0.1.20060mdk.i586.rpm
1149c289545be7a75d702665672d5191
2006.0/i586/libpq4-devel-8.0.9-0.1.20060mdk.i586.rpm
01bf40cba5982c032fe7c30890ea4ba3
2006.0/i586/postgresql-8.0.9-0.1.20060mdk.i586.rpm
43b86ce619e0e838dabe50a4db0de4b5
2006.0/i586/postgresql-contrib-8.0.9-0.1.20060mdk.i586.rpm
d04bbd08d8a46211738e8ce6f1bf4e32
2006.0/i586/postgresql-devel-8.0.9-0.1.20060mdk.i586.rpm
0ca91af936b21233550407b77a062d17
2006.0/i586/postgresql-docs-8.0.9-0.1.20060mdk.i586.rpm
9d7db675ef8020751378eddff8472940
2006.0/i586/postgresql-jdbc-8.0.9-0.1.20060mdk.i586.rpm
8b02452736d9b74b563f859f14427f26
2006.0/i586/postgresql-pl-8.0.9-0.1.20060mdk.i586.rpm
d6044790a99203e54f036bd81b236bb6
2006.0/i586/postgresql-plperl-8.0.9-0.1.20060mdk.i586.rpm
2fda8e8a6fa08089aac4b0862b68553b
2006.0/i586/postgresql-plpgsql-8.0.9-0.1.20060mdk.i586.rpm
eff79cf24be0c26d58ee2995b12bb130
2006.0/i586/postgresql-plpython-8.0.9-0.1.20060mdk.i586.rpm
fd72f96206ef85c1b55488bb68462408
2006.0/i586/postgresql-pltcl-8.0.9-0.1.20060mdk.i586.rpm
f5904aecf7f0eaf88d5ec7cf80a910da
2006.0/i586/postgresql-server-8.0.9-0.1.20060mdk.i586.rpm
1477b09a635ca665aef8ba43d6ee5c2e
2006.0/i586/postgresql-test-8.0.9-0.1.20060mdk.i586.rpm
ff24736bd204ad38a014215bd32a006a
2006.0/SRPMS/postgresql-8.0.9-0.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
5fc89eca9286a691155eb5e53519af42
2006.0/x86_64/lib64ecpg5-8.0.9-0.1.20060mdk.x86_64.rpm
00de88aa7317e47520524e433df4983d
2006.0/x86_64/lib64ecpg5-devel-8.0.9-0.1.20060mdk.x86_64.rpm
cf2533c6dd26873da1df50f310669acd
2006.0/x86_64/lib64pq4-8.0.9-0.1.20060mdk.x86_64.rpm
8ea480eb47f34581a647820f3a9b2a6c
2006.0/x86_64/lib64pq4-devel-8.0.9-0.1.20060mdk.x86_64.rpm
f021ef750b2705421014f90ade870d43
2006.0/x86_64/postgresql-8.0.9-0.1.20060mdk.x86_64.rpm
adbdd69d8ae11e1b068c58f25d8f64eb
2006.0/x86_64/postgresql-contrib-8.0.9-0.1.20060mdk.x86_64.rpm
e35b8a7ee77fd1a5a6a031016514b195
2006.0/x86_64/postgresql-devel-8.0.9-0.1.20060mdk.x86_64.rpm
314b05df0f065843135a4d4920fc2599
2006.0/x86_64/postgresql-docs-8.0.9-0.1.20060mdk.x86_64.rpm
5a6d3aaa058ea31eb1e05e54104d5350
2006.0/x86_64/postgresql-jdbc-8.0.9-0.1.20060mdk.x86_64.rpm
32fb058d2d478c505a1f3957dcb7c994
2006.0/x86_64/postgresql-pl-8.0.9-0.1.20060mdk.x86_64.rpm
f1a1d5a54e4ac529744eeca2de780066
2006.0/x86_64/postgresql-plperl-8.0.9-0.1.20060mdk.x86_64.rpm
76665f281a7696f710fc2dc9a8138374
2006.0/x86_64/postgresql-plpgsql-8.0.9-0.1.20060mdk.x86_64.rpm
ff50a1b54276a6d5d80689ef1d8069ff
2006.0/x86_64/postgresql-plpython-8.0.9-0.1.20060mdk.x86_64.rpm
19ea6350ab699a2224325b2de5ebd84b
2006.0/x86_64/postgresql-pltcl-8.0.9-0.1.20060mdk.x86_64.rpm
bdaf40227e8352392a33be14f546bf72
2006.0/x86_64/postgresql-server-8.0.9-0.1.20060mdk.x86_64.rpm
f3729161d74e40ec9755f4d6ed00719c
2006.0/x86_64/postgresql-test-8.0.9-0.1.20060mdk.x86_64.rpm
ff24736bd204ad38a014215bd32a006a
2006.0/SRPMS/postgresql-8.0.9-0.1.20060mdk.src.rpm
Mandriva Linux 2007.0:
ac56fa5052022abcd0e14020b358f405
2007.0/i586/libecpg5-8.1.5-1.1mdv2007.0.i586.rpm
3478d9db597de1ca4301f215dc0d723b
2007.0/i586/libecpg5-devel-8.1.5-1.1mdv2007.0.i586.rpm
8a3118cd7c30bd148f8c28eb67634ed4
2007.0/i586/libpq4-8.1.5-1.1mdv2007.0.i586.rpm
faf39e2ca0b08d3f3fecb653c29cb3ee
2007.0/i586/libpq4-devel-8.1.5-1.1mdv2007.0.i586.rpm
9455b83b95b34dcc4f63cae6bb09ba43
2007.0/i586/postgresql-8.1.5-1.1mdv2007.0.i586.rpm
73ad9b8f3b64f30606df8df0c9c50cae
2007.0/i586/postgresql-contrib-8.1.5-1.1mdv2007.0.i586.rpm
f413df37137b6442f8f0f98f90cdd0f2
2007.0/i586/postgresql-devel-8.1.5-1.1mdv2007.0.i586.rpm
1ea0dbdee49b367698c4a154328a9c2a
2007.0/i586/postgresql-docs-8.1.5-1.1mdv2007.0.i586.rpm
4c05a60ab179ccf2bf0d26b516976abf
2007.0/i586/postgresql-pl-8.1.5-1.1mdv2007.0.i586.rpm
25e2b5df178be8deb2f2f2bfeae29d48
2007.0/i586/postgresql-plperl-8.1.5-1.1mdv2007.0.i586.rpm
eee6444693f723372a287d62dc2ea0da
2007.0/i586/postgresql-plpgsql-8.1.5-1.1mdv2007.0.i586.rpm
08044754f6a3bb70aab008e0f91395f1
2007.0/i586/postgresql-plpython-8.1.5-1.1mdv2007.0.i586.rpm
a75b7c287e4946f3ff4c2b66be1f8931
2007.0/i586/postgresql-pltcl-8.1.5-1.1mdv2007.0.i586.rpm
46150f94055d88e114d6d7563a0a2af6
2007.0/i586/postgresql-server-8.1.5-1.1mdv2007.0.i586.rpm
c1c48e44ea40621c7b9166161bafbdbd
2007.0/i586/postgresql-test-8.1.5-1.1mdv2007.0.i586.rpm
2445c13c47075faa93f8a74c1dff9b15
2007.0/SRPMS/postgresql-8.1.5-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
c9f5a2bd635f3a8f71a642fdb0c61a70
2007.0/x86_64/lib64ecpg5-8.1.5-1.1mdv2007.0.x86_64.rpm
97356c96c606e93ea935929817e1bdf9
2007.0/x86_64/lib64ecpg5-devel-8.1.5-1.1mdv2007.0.x86_64.rpm
df65534147d923dfd8aed7cecd15d2b1
2007.0/x86_64/lib64pq4-8.1.5-1.1mdv2007.0.x86_64.rpm
88b41f69996829f9113afbc526630431
2007.0/x86_64/lib64pq4-devel-8.1.5-1.1mdv2007.0.x86_64.rpm
c721cb020ae8d47d3953a9b5d3942b58
2007.0/x86_64/postgresql-8.1.5-1.1mdv2007.0.x86_64.rpm
92a27c6b77e20e943781dcf117e36439
2007.0/x86_64/postgresql-contrib-8.1.5-1.1mdv2007.0.x86_64.rpm
67ba2ad1be4c65c711f443178a32364e
2007.0/x86_64/postgresql-devel-8.1.5-1.1mdv2007.0.x86_64.rpm
4ed8e29d73fffe92e7d90a8cd913ca18
2007.0/x86_64/postgresql-docs-8.1.5-1.1mdv2007.0.x86_64.rpm
932fb1d2b0592953fa9d6a931140d6a2
2007.0/x86_64/postgresql-pl-8.1.5-1.1mdv2007.0.x86_64.rpm
299452ce74af7d7a5913a292bf649ac2
2007.0/x86_64/postgresql-plperl-8.1.5-1.1mdv2007.0.x86_64.rpm
f0477ff759d4026051e68a927f7ee0d4
2007.0/x86_64/postgresql-plpgsql-8.1.5-1.1mdv2007.0.x86_64.rpm
0dd0e8a435d403ea8fffcc8f4d708070
2007.0/x86_64/postgresql-plpython-8.1.5-1.1mdv2007.0.x86_64.rpm
a42972ca797bebef9faa861fd32917fa
2007.0/x86_64/postgresql-pltcl-8.1.5-1.1mdv2007.0.x86_64.rpm
201faf962540b78f49fb1c6ad6657c57
2007.0/x86_64/postgresql-server-8.1.5-1.1mdv2007.0.x86_64.rpm
f307467b7567da24cd4e46fb8745e05f
2007.0/x86_64/postgresql-test-8.1.5-1.1mdv2007.0.x86_64.rpm
2445c13c47075faa93f8a74c1dff9b15
2007.0/SRPMS/postgresql-8.1.5-1.1mdv2007.0.src.rpm
Corporate 3.0:
ea5314d8ea3b3f18c0075aff95bc7200
corporate/3.0/i586/libecpg3-7.4.1-2.7.C30mdk.i586.rpm
23c6670398f27abf928992a9812fc578
corporate/3.0/i586/libecpg3-devel-7.4.1-2.7.C30mdk.i586.rpm
101e16a7faf1a6920d24af4ccc66e319
corporate/3.0/i586/libpgtcl2-7.4.1-2.7.C30mdk.i586.rpm
ca2d39a28d8c86fa1ff2e1f8ed510e89
corporate/3.0/i586/libpgtcl2-devel-7.4.1-2.7.C30mdk.i586.rpm
bc955518e6ad3315226fe5ab14ffc6d7
corporate/3.0/i586/libpq3-7.4.1-2.7.C30mdk.i586.rpm
f65ec0a99e111f76e7bb6e515648cd0a
corporate/3.0/i586/libpq3-devel-7.4.1-2.7.C30mdk.i586.rpm
e47e849098af0d788b406a982391edbe
corporate/3.0/i586/postgresql-7.4.1-2.7.C30mdk.i586.rpm
4435fecede0b88db775c2c9aee378158
corporate/3.0/i586/postgresql-contrib-7.4.1-2.7.C30mdk.i586.rpm
033ad03ff0dd8632d420f16993a7d7ec
corporate/3.0/i586/postgresql-devel-7.4.1-2.7.C30mdk.i586.rpm
4b795893f10706b85f51502e403b4044
corporate/3.0/i586/postgresql-docs-7.4.1-2.7.C30mdk.i586.rpm
7e784bcba9573e52774256c8b3219c1e
corporate/3.0/i586/postgresql-jdbc-7.4.1-2.7.C30mdk.i586.rpm
58d483706e95cd39a5df02a32a7b81d4
corporate/3.0/i586/postgresql-pl-7.4.1-2.7.C30mdk.i586.rpm
766327598604b042b2311489ce876a99
corporate/3.0/i586/postgresql-server-7.4.1-2.7.C30mdk.i586.rpm
81c7ca36c3e6dabc88c03cbe4134a7d2
corporate/3.0/i586/postgresql-tcl-7.4.1-2.7.C30mdk.i586.rpm
9fc697243ac48f3553de9b1ff6500965
corporate/3.0/i586/postgresql-test-7.4.1-2.7.C30mdk.i586.rpm
a43af6d9f276cc26e1c35aca23ef2bbc
corporate/3.0/SRPMS/postgresql-7.4.1-2.7.C30mdk.src.rpm
Corporate 3.0/X86_64:
34954f43ad725af7530b6232bd5bd556
corporate/3.0/x86_64/lib64ecpg3-7.4.1-2.7.C30mdk.x86_64.rpm
761e273759dfab143dc126f48d511b45
corporate/3.0/x86_64/lib64ecpg3-devel-7.4.1-2.7.C30mdk.x86_64.rpm
517c15b8f4a1d54a4c950220c25dd23b
corporate/3.0/x86_64/lib64pgtcl2-7.4.1-2.7.C30mdk.x86_64.rpm
a10677a6af9609fbf8f05526ce9caec6
corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.1-2.7.C30mdk.x86_64.rpm
4a5b755a9dbbe425bef61e6269da112f
corporate/3.0/x86_64/lib64pq3-7.4.1-2.7.C30mdk.x86_64.rpm
3a4c7d4ef3830c057adb3aa47655d21a
corporate/3.0/x86_64/lib64pq3-devel-7.4.1-2.7.C30mdk.x86_64.rpm
e7fe9777ad5637ba96a1260c77a373e0
corporate/3.0/x86_64/postgresql-7.4.1-2.7.C30mdk.x86_64.rpm
4f492571534522371d1b6bc6dc27b02c
corporate/3.0/x86_64/postgresql-contrib-7.4.1-2.7.C30mdk.x86_64.rpm
7ca9240f5038a2d90da56b31fc698824
corporate/3.0/x86_64/postgresql-devel-7.4.1-2.7.C30mdk.x86_64.rpm
7a92752be990700ef7ef1cde076c7bb0
corporate/3.0/x86_64/postgresql-docs-7.4.1-2.7.C30mdk.x86_64.rpm
3c660c199d346b565706be8cd1f94196
corporate/3.0/x86_64/postgresql-jdbc-7.4.1-2.7.C30mdk.x86_64.rpm
a742de9115bf59fcf57e97f6d4bde9a5
corporate/3.0/x86_64/postgresql-pl-7.4.1-2.7.C30mdk.x86_64.rpm
69599b34d2fa9ab8a35dc76acefbaebb
corporate/3.0/x86_64/postgresql-server-7.4.1-2.7.C30mdk.x86_64.rpm
5d049cafa926f353f2d999af21511b5b
corporate/3.0/x86_64/postgresql-tcl-7.4.1-2.7.C30mdk.x86_64.rpm
f495fdcccc678549b1984a20d6d29134
corporate/3.0/x86_64/postgresql-test-7.4.1-2.7.C30mdk.x86_64.rpm
a43af6d9f276cc26e1c35aca23ef2bbc
corporate/3.0/SRPMS/postgresql-7.4.1-2.7.C30mdk.src.rpm
Corporate 4.0:
7377cc8a31eef5d5862075e95574c042
corporate/4.0/i586/libecpg5-8.1.5-0.1.20060mlcs4.i586.rpm
af17c7a5144cf9c234b785fe6cf341ee
corporate/4.0/i586/libecpg5-devel-8.1.5-0.1.20060mlcs4.i586.rpm
6ccbc4dcd5546a264c4e7e8172f50ed9
corporate/4.0/i586/libpq4-8.1.5-0.1.20060mlcs4.i586.rpm
2a3d0e8816cce25df125b943c6862fbb
corporate/4.0/i586/libpq4-devel-8.1.5-0.1.20060mlcs4.i586.rpm
a58c5c6ee6dc30d7be1193c73d5976c8
corporate/4.0/i586/postgresql-8.1.5-0.1.20060mlcs4.i586.rpm
d313f326da2c44bb6dd5db7aa9bba64a
corporate/4.0/i586/postgresql-contrib-8.1.5-0.1.20060mlcs4.i586.rpm
7d902b81a6bbfaca675b09143553406c
corporate/4.0/i586/postgresql-devel-8.1.5-0.1.20060mlcs4.i586.rpm
0c901f454fa377a319aafc3c5dec9675
corporate/4.0/i586/postgresql-docs-8.1.5-0.1.20060mlcs4.i586.rpm
2e593d9d3fa83c175eac3f12ad9e45a1
corporate/4.0/i586/postgresql-pl-8.1.5-0.1.20060mlcs4.i586.rpm
47d521dbd90198753aab1a70a11081ea
corporate/4.0/i586/postgresql-plperl-8.1.5-0.1.20060mlcs4.i586.rpm
cfdf1d454446d5638e2bb0ab1c66522b
corporate/4.0/i586/postgresql-plpgsql-8.1.5-0.1.20060mlcs4.i586.rpm
9c9d461b05bb5843668f950592805d59
corporate/4.0/i586/postgresql-plpython-8.1.5-0.1.20060mlcs4.i586.rpm
a3e7bffc4a5538ff1177a9cbf1a5ca6b
corporate/4.0/i586/postgresql-pltcl-8.1.5-0.1.20060mlcs4.i586.rpm
f7e14aa31b44838a3fdec11ea353f2de
corporate/4.0/i586/postgresql-server-8.1.5-0.1.20060mlcs4.i586.rpm
8a38fe370cc5003e3556d83b39ff8dc1
corporate/4.0/i586/postgresql-test-8.1.5-0.1.20060mlcs4.i586.rpm
ff0ac92c00839335e1514eb0c3ed52e4
corporate/4.0/SRPMS/postgresql-8.1.5-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
7f2c7a45cfda3307178149237df2f6bd
corporate/4.0/x86_64/lib64ecpg5-8.1.5-0.1.20060mlcs4.x86_64.rpm
eda7da21931ef9d9b234e1b570bbe61c
corporate/4.0/x86_64/lib64ecpg5-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm
ab765fe8f17e0fe3f13039755305d852
corporate/4.0/x86_64/lib64pq4-8.1.5-0.1.20060mlcs4.x86_64.rpm
0e78d974ee02cd74123508c7f85a6e08
corporate/4.0/x86_64/lib64pq4-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm
d779d763187c574e4eaaeb2e1e4137e2
corporate/4.0/x86_64/postgresql-8.1.5-0.1.20060mlcs4.x86_64.rpm
8ffb912e00dbde3a9554e18367b9aad4
corporate/4.0/x86_64/postgresql-contrib-8.1.5-0.1.20060mlcs4.x86_64.rpm
1510c836a5d1975322d2f57f6827f8ae
corporate/4.0/x86_64/postgresql-devel-8.1.5-0.1.20060mlcs4.x86_64.rpm
21fed3a03cff7118fd02a207e5a639a2
corporate/4.0/x86_64/postgresql-docs-8.1.5-0.1.20060mlcs4.x86_64.rpm
cf226c1042bc4dab1a53e81b2452ff0e
corporate/4.0/x86_64/postgresql-pl-8.1.5-0.1.20060mlcs4.x86_64.rpm
a027caad15e8b0e4a41743774e686737
corporate/4.0/x86_64/postgresql-plperl-8.1.5-0.1.20060mlcs4.x86_64.rpm
b34462b8c3a671e602758f5ccdff1e02
corporate/4.0/x86_64/postgresql-plpgsql-8.1.5-0.1.20060mlcs4.x86_64.rpm
010df242aead3b2a30d1892508f3060f
corporate/4.0/x86_64/postgresql-plpython-8.1.5-0.1.20060mlcs4.x86_64.rpm
f3f7ccfec77ba15d04a11b9bfa7662ae
corporate/4.0/x86_64/postgresql-pltcl-8.1.5-0.1.20060mlcs4.x86_64.rpm
15602549144e5445384aec5ae8378083
corporate/4.0/x86_64/postgresql-server-8.1.5-0.1.20060mlcs4.x86_64.rpm
0937f8b274f06f7485671ab6fe29e914
corporate/4.0/x86_64/postgresql-test-8.1.5-0.1.20060mlcs4.x86_64.rpm
ff0ac92c00839335e1514eb0c3ed52e4
corporate/4.0/SRPMS/postgresql-8.1.5-0.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFRos7mqjQ0CJFipgRAiqMAJ9+dxlWXvh/9K3fp5sCIVlFCcOuOACePkNj
+YB22ZQxAXehK90Llcv6TEs=
=XPKB
-----END PGP SIGNATURE-----