-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: postgresql Advisory ID: MDKSA-2004:149 Date: December 13th, 2004 Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1 ______________________________________________________________________ Problem Description: The Trustix development team found insecure temporary file creation problems in a script included in the postgresql package. This could allow an attacker to trick a user into overwriting arbitrary files he has access to. The updated packages have been patched to prevent this problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0977 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: 42ee929f1d987654c3d18a93651bd71e 10.0/RPMS/libecpg3-7.4.1-2.2.100mdk.i586.rpm db39f8074f6d90240c23bf5ec1f785a0 10.0/RPMS/libecpg3-devel-7.4.1-2.2.100mdk.i586.rpm a7746beff4b6d47aa8d9cc5c5ca46bf3 10.0/RPMS/libpgtcl2-7.4.1-2.2.100mdk.i586.rpm 2d2ede92fbdbcc7a9504015fc532b150 10.0/RPMS/libpgtcl2-devel-7.4.1-2.2.100mdk.i586.rpm f13bdbed6efc524a7bbdf6d232b0093e 10.0/RPMS/libpq3-7.4.1-2.2.100mdk.i586.rpm 470b28bf6f82a13a2d266c5417d04533 10.0/RPMS/libpq3-devel-7.4.1-2.2.100mdk.i586.rpm d02317c7fd9db0a3faf225688b4874b1 10.0/RPMS/postgresql-7.4.1-2.2.100mdk.i586.rpm 549800345474a3b33d59db5376389885 10.0/RPMS/postgresql-contrib-7.4.1-2.2.100mdk.i586.rpm 2fd5328fa98becbdaa22007926c473b4 10.0/RPMS/postgresql-devel-7.4.1-2.2.100mdk.i586.rpm 415467b037e260e3a8a5f6451e4bf415 10.0/RPMS/postgresql-docs-7.4.1-2.2.100mdk.i586.rpm fe6cfe7cfd7c24062305dff1a6e1b294 10.0/RPMS/postgresql-jdbc-7.4.1-2.2.100mdk.i586.rpm bc01788a5b21564916fdf995c7b0e47d 10.0/RPMS/postgresql-pl-7.4.1-2.2.100mdk.i586.rpm 5d9a6bfc0dd20edddb7bdf6f56fd0e95 10.0/RPMS/postgresql-server-7.4.1-2.2.100mdk.i586.rpm 40fcaecae0fe467eb082f065cbf06865 10.0/RPMS/postgresql-tcl-7.4.1-2.2.100mdk.i586.rpm 77d53b5d459ba3d31b50895da67689b4 10.0/RPMS/postgresql-test-7.4.1-2.2.100mdk.i586.rpm b5e9dd330b5a93f2e31c78612da3a1ba 10.0/SRPMS/postgresql-7.4.1-2.2.100mdk.src.rpm Mandrakelinux 10.0/AMD64: d3440d6317df79751543b7f22dc20b60 amd64/10.0/RPMS/lib64ecpg3-7.4.1-2.2.100mdk.amd64.rpm ddd1b953d28b8910af06d8decfa0149d amd64/10.0/RPMS/lib64ecpg3-devel-7.4.1-2.2.100mdk.amd64.rpm 607243700c600e07c9e763c0ece9b182 amd64/10.0/RPMS/lib64pgtcl2-7.4.1-2.2.100mdk.amd64.rpm 989358fda80fecaadb0e2e7d6bd2b6f3 amd64/10.0/RPMS/lib64pgtcl2-devel-7.4.1-2.2.100mdk.amd64.rpm 19fbfbcd84538a8410746bd2f3ea84c9 amd64/10.0/RPMS/lib64pq3-7.4.1-2.2.100mdk.amd64.rpm 57584a8013b252ffd59226ee2f470074 amd64/10.0/RPMS/lib64pq3-devel-7.4.1-2.2.100mdk.amd64.rpm 06d45b7bb58f706efad0d7d9402863e3 amd64/10.0/RPMS/postgresql-7.4.1-2.2.100mdk.amd64.rpm 3051717bc1a5ec844ff7fb9297c60a18 amd64/10.0/RPMS/postgresql-contrib-7.4.1-2.2.100mdk.amd64.rpm 7d20ec815a7ad95e15d3a3bc7224edb8 amd64/10.0/RPMS/postgresql-devel-7.4.1-2.2.100mdk.amd64.rpm 91eb092a900105a459d12731ef8b3849 amd64/10.0/RPMS/postgresql-docs-7.4.1-2.2.100mdk.amd64.rpm f2da22a5c1dad2e5f717031ee6a2646f amd64/10.0/RPMS/postgresql-jdbc-7.4.1-2.2.100mdk.amd64.rpm d692ef3e7a59ede26a01640e48417b5f amd64/10.0/RPMS/postgresql-pl-7.4.1-2.2.100mdk.amd64.rpm f607a841fe8f40bd6ca89822c3bdb6e6 amd64/10.0/RPMS/postgresql-server-7.4.1-2.2.100mdk.amd64.rpm 4b6fe73d3fd986dd9a770ba8ff5864e7 amd64/10.0/RPMS/postgresql-tcl-7.4.1-2.2.100mdk.amd64.rpm 1de143fdd0ac197b19cb451a86c63f46 amd64/10.0/RPMS/postgresql-test-7.4.1-2.2.100mdk.amd64.rpm b5e9dd330b5a93f2e31c78612da3a1ba amd64/10.0/SRPMS/postgresql-7.4.1-2.2.100mdk.src.rpm Mandrakelinux 10.1: 038b421964e5a06edc0cac07bc6f3357 10.1/RPMS/libecpg3-7.4.5-4.1.101mdk.i586.rpm f3e8e3f87c09151241dc48eb9c650d38 10.1/RPMS/libecpg3-devel-7.4.5-4.1.101mdk.i586.rpm 90ec55f75b39ef3c8c3ed9b99f832414 10.1/RPMS/libpgtcl2-7.4.5-4.1.101mdk.i586.rpm 231c7257b30d0ce6adfd3a98f55cf0e7 10.1/RPMS/libpgtcl2-devel-7.4.5-4.1.101mdk.i586.rpm 549bb1646113fd1d26453ad7e036bc47 10.1/RPMS/libpq3-7.4.5-4.1.101mdk.i586.rpm 1c42911cd577275f87fc8af503e58ae8 10.1/RPMS/libpq3-devel-7.4.5-4.1.101mdk.i586.rpm cc6539fd61356d1ea6ec7b2d99d092da 10.1/RPMS/postgresql-7.4.5-4.1.101mdk.i586.rpm ba9dc03f958ed7839eead88c4520fc82 10.1/RPMS/postgresql-contrib-7.4.5-4.1.101mdk.i586.rpm e8fe9519d222e7350723bed3b1d9d969 10.1/RPMS/postgresql-devel-7.4.5-4.1.101mdk.i586.rpm 09e6494b80b19df104092c60b8ce756d 10.1/RPMS/postgresql-docs-7.4.5-4.1.101mdk.i586.rpm 8453edde5e91a015a44c1217a08d6f78 10.1/RPMS/postgresql-jdbc-7.4.5-4.1.101mdk.i586.rpm 36b29f846bee72f41cc1dc8f626d25ad 10.1/RPMS/postgresql-pl-7.4.5-4.1.101mdk.i586.rpm 01f682ba687913c50099b1c0b009b988 10.1/RPMS/postgresql-server-7.4.5-4.1.101mdk.i586.rpm 920e43ddab348634e52e840792aeb8f5 10.1/RPMS/postgresql-tcl-7.4.5-4.1.101mdk.i586.rpm 8efb20c5240dfd3b6c0bc3d9e64e84b9 10.1/RPMS/postgresql-test-7.4.5-4.1.101mdk.i586.rpm 292193400d7813990be865f293124501 10.1/SRPMS/postgresql-7.4.5-4.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 6ec21fdc7cad01b8a4e8dc29a3960f8b x86_64/10.1/RPMS/lib64ecpg3-7.4.5-4.1.101mdk.x86_64.rpm 16c09677bb10ed07f6d471e2019044d7 x86_64/10.1/RPMS/lib64ecpg3-devel-7.4.5-4.1.101mdk.x86_64.rpm bc26791211a5dca9f763c255f37df9e6 x86_64/10.1/RPMS/lib64pgtcl2-7.4.5-4.1.101mdk.x86_64.rpm e23806d64a0deab807386c86e52dae16 x86_64/10.1/RPMS/lib64pgtcl2-devel-7.4.5-4.1.101mdk.x86_64.rpm b6feb4c09cb845a253f6a7007c8a11d9 x86_64/10.1/RPMS/lib64pq3-7.4.5-4.1.101mdk.x86_64.rpm cca224d5eacf0bd54706fb3f65bee943 x86_64/10.1/RPMS/lib64pq3-devel-7.4.5-4.1.101mdk.x86_64.rpm 9de90f3d97d7575921576740c2fb9ce3 x86_64/10.1/RPMS/postgresql-7.4.5-4.1.101mdk.x86_64.rpm 4b85e80adc337f0640a176ad329e360e x86_64/10.1/RPMS/postgresql-contrib-7.4.5-4.1.101mdk.x86_64.rpm 75dc09a9290fd56034f99f213c0956da x86_64/10.1/RPMS/postgresql-devel-7.4.5-4.1.101mdk.x86_64.rpm ad406f522abcb278de9e16324165efac x86_64/10.1/RPMS/postgresql-docs-7.4.5-4.1.101mdk.x86_64.rpm 365d7596860d4832ef9d56ee2479e3f1 x86_64/10.1/RPMS/postgresql-jdbc-7.4.5-4.1.101mdk.x86_64.rpm 9bc7275c01374582cbac17da054d1777 x86_64/10.1/RPMS/postgresql-pl-7.4.5-4.1.101mdk.x86_64.rpm 4658e428b35795a78455e20f0e38fefe x86_64/10.1/RPMS/postgresql-server-7.4.5-4.1.101mdk.x86_64.rpm 7cf5a6545c5ae5897dc1ce32b0c4b3db x86_64/10.1/RPMS/postgresql-tcl-7.4.5-4.1.101mdk.x86_64.rpm 8c51186bccbc4448de47a3309a45b8c8 x86_64/10.1/RPMS/postgresql-test-7.4.5-4.1.101mdk.x86_64.rpm 292193400d7813990be865f293124501 x86_64/10.1/SRPMS/postgresql-7.4.5-4.1.101mdk.src.rpm Corporate Server 2.1: d022cd961c05e657463edbc70845e9ce corporate/2.1/RPMS/libecpg3-7.2.2-1.5.C21mdk.i586.rpm c5019b3e01e4c9e2c257d9f5b34f47d7 corporate/2.1/RPMS/libpgperl-7.2.2-1.5.C21mdk.i586.rpm b795620fff920ac80e4a56284c4fdc6e corporate/2.1/RPMS/libpgsql2-7.2.2-1.5.C21mdk.i586.rpm fc685cb269ff0793d7c996e7a14f8c5a corporate/2.1/RPMS/libpgsqlodbc0-7.2.2-1.5.C21mdk.i586.rpm 510173f27010b3f4dc7e9607baf65b43 corporate/2.1/RPMS/libpgtcl2-7.2.2-1.5.C21mdk.i586.rpm 57f1f00f797206fa88a4568f2fc9d30c corporate/2.1/RPMS/postgresql-7.2.2-1.5.C21mdk.i586.rpm 12a784a3da037aeea4d5c2ef9edf514b corporate/2.1/RPMS/postgresql-contrib-7.2.2-1.5.C21mdk.i586.rpm fbe3b2288a3c9ac27f9aa87f40745f13 corporate/2.1/RPMS/postgresql-devel-7.2.2-1.5.C21mdk.i586.rpm a2005700f5785e8500ddbd47f6339f7a corporate/2.1/RPMS/postgresql-docs-7.2.2-1.5.C21mdk.i586.rpm 16e1741a45057b0153e4c859602f9347 corporate/2.1/RPMS/postgresql-jdbc-7.2.2-1.5.C21mdk.i586.rpm 2dea178aa7de43d6e8ef55dba5bf611e corporate/2.1/RPMS/postgresql-python-7.2.2-1.5.C21mdk.i586.rpm 8c5bb8efdcb8d1e36d2e88f771d3c63c corporate/2.1/RPMS/postgresql-server-7.2.2-1.5.C21mdk.i586.rpm 80e77abb1a2f3ca838084be70fd8de23 corporate/2.1/RPMS/postgresql-tcl-7.2.2-1.5.C21mdk.i586.rpm 29fab63997c6a08c7f926b962cb9e389 corporate/2.1/RPMS/postgresql-test-7.2.2-1.5.C21mdk.i586.rpm ae8da67f7fd5975b34c82ce030e138e2 corporate/2.1/RPMS/postgresql-tk-7.2.2-1.5.C21mdk.i586.rpm a25011601914e23dd61bab79dbb45d01 corporate/2.1/SRPMS/postgresql-7.2.2-1.5.C21mdk.src.rpm Corporate Server 2.1/x86_64: 15bdf9f3362ad77ef0230f6e5499351d x86_64/corporate/2.1/RPMS/libecpg3-7.2.2-1.5.C21mdk.x86_64.rpm 1c63a7aa7effbeed43338ecab9fec590 x86_64/corporate/2.1/RPMS/libpgperl-7.2.2-1.5.C21mdk.x86_64.rpm 0a38f33b0d1444e5fc8d77e8253bdd6a x86_64/corporate/2.1/RPMS/libpgsql2-7.2.2-1.5.C21mdk.x86_64.rpm 2f1c19013fe39a229c7a0c4fcbd0cd50 x86_64/corporate/2.1/RPMS/libpgsqlodbc0-7.2.2-1.5.C21mdk.x86_64.rpm fee3ae104e853bc1bb328607746cdef1 x86_64/corporate/2.1/RPMS/libpgtcl2-7.2.2-1.5.C21mdk.x86_64.rpm cdb838c60d8b829d819f5c73befbe4c9 x86_64/corporate/2.1/RPMS/postgresql-7.2.2-1.5.C21mdk.x86_64.rpm 45ead71320f0c0e744306eaf0d95379a x86_64/corporate/2.1/RPMS/postgresql-contrib-7.2.2-1.5.C21mdk.x86_64.rpm 787e733325d7df27b0a223950fe0c749 x86_64/corporate/2.1/RPMS/postgresql-devel-7.2.2-1.5.C21mdk.x86_64.rpm 7c16ba4e4cc84ace4a7d45cc9a0ff3a8 x86_64/corporate/2.1/RPMS/postgresql-docs-7.2.2-1.5.C21mdk.x86_64.rpm 585229208bcdbbd91e7fa39370354f26 x86_64/corporate/2.1/RPMS/postgresql-jdbc-7.2.2-1.5.C21mdk.x86_64.rpm 7ca7e40602da3cb897f874deaf3dc7aa x86_64/corporate/2.1/RPMS/postgresql-python-7.2.2-1.5.C21mdk.x86_64.rpm 35d2095552e69a94370a40c2f0b57883 x86_64/corporate/2.1/RPMS/postgresql-server-7.2.2-1.5.C21mdk.x86_64.rpm 6003298dacd098e898fcd2a786d9b6b1 x86_64/corporate/2.1/RPMS/postgresql-tcl-7.2.2-1.5.C21mdk.x86_64.rpm 0f8e7cb8f7db8a2e4138eccf6bc4ce61 x86_64/corporate/2.1/RPMS/postgresql-test-7.2.2-1.5.C21mdk.x86_64.rpm 9c698daa17937ee304cf67e775ac1f9f x86_64/corporate/2.1/RPMS/postgresql-tk-7.2.2-1.5.C21mdk.x86_64.rpm a25011601914e23dd61bab79dbb45d01 x86_64/corporate/2.1/SRPMS/postgresql-7.2.2-1.5.C21mdk.src.rpm Mandrakelinux 9.2: d0078b151e7eb45ebe2228f989629c58 9.2/RPMS/libecpg3-7.3.4-3.1.92mdk.i586.rpm 6a7a09fc264f5ff881b858009b139e19 9.2/RPMS/libecpg3-devel-7.3.4-3.1.92mdk.i586.rpm e38a3444013cc11a7fa314a14e30e8ca 9.2/RPMS/libpgtcl2-7.3.4-3.1.92mdk.i586.rpm 061057164351e02c5c9fecbefe0f57b9 9.2/RPMS/libpgtcl2-devel-7.3.4-3.1.92mdk.i586.rpm ac290d173ee5bad4d00d8e6ced7b57e1 9.2/RPMS/libpq3-7.3.4-3.1.92mdk.i586.rpm 0243523c0378c0dda1e0921b28529d27 9.2/RPMS/libpq3-devel-7.3.4-3.1.92mdk.i586.rpm 61dccb2131084e82861f7c924c5ada76 9.2/RPMS/postgresql-7.3.4-3.1.92mdk.i586.rpm 4ae07bd394812cb0d5942ebd9eb9ccab 9.2/RPMS/postgresql-contrib-7.3.4-3.1.92mdk.i586.rpm 72ed5aa265b0fcc12164e3a0892bd2b0 9.2/RPMS/postgresql-devel-7.3.4-3.1.92mdk.i586.rpm b0f8ac986367b03ff68887054f8b1d97 9.2/RPMS/postgresql-docs-7.3.4-3.1.92mdk.i586.rpm f7b05064cdb3ab43112e090c4dbe00d4 9.2/RPMS/postgresql-jdbc-7.3.4-3.1.92mdk.i586.rpm 6d6bede725e5390c724b21574ea91f62 9.2/RPMS/postgresql-pl-7.3.4-3.1.92mdk.i586.rpm 1dc67d78a8c6822f9155ae02794d23c7 9.2/RPMS/postgresql-python-7.3.4-3.1.92mdk.i586.rpm b36df52025ff07b5df65ab202d5a5e4c 9.2/RPMS/postgresql-server-7.3.4-3.1.92mdk.i586.rpm 8ee633f85b7e1712e4526540b6888f6f 9.2/RPMS/postgresql-tcl-7.3.4-3.1.92mdk.i586.rpm 18e4b698056fe783eb3d814a89216d1b 9.2/RPMS/postgresql-test-7.3.4-3.1.92mdk.i586.rpm 4f6776fd9b0eecf4e92ec1d30937a0c3 9.2/SRPMS/postgresql-7.3.4-3.1.92mdk.src.rpm Mandrakelinux 9.2/AMD64: ed0d88c0e870f5fffaabfd58ae479ab5 amd64/9.2/RPMS/lib64ecpg3-7.3.4-3.1.92mdk.amd64.rpm 8e675f9a736722c9663619670e792846 amd64/9.2/RPMS/lib64ecpg3-devel-7.3.4-3.1.92mdk.amd64.rpm cc23092f8a3acbfcf5fa675d4506dbc8 amd64/9.2/RPMS/lib64pgtcl2-7.3.4-3.1.92mdk.amd64.rpm d71c28e9896df7727a73d19c40341d36 amd64/9.2/RPMS/lib64pgtcl2-devel-7.3.4-3.1.92mdk.amd64.rpm d67a6007ebf0a299fa0264b3feb7cdb3 amd64/9.2/RPMS/lib64pq3-7.3.4-3.1.92mdk.amd64.rpm a08f264d6eadfe84afa3dc5f0333467c amd64/9.2/RPMS/lib64pq3-devel-7.3.4-3.1.92mdk.amd64.rpm 9651d89d9e8fb7a1c8ceb1fb8972e7c2 amd64/9.2/RPMS/postgresql-7.3.4-3.1.92mdk.amd64.rpm 9fbfd6fc58ab4c0d51c42f2d24b60bda amd64/9.2/RPMS/postgresql-contrib-7.3.4-3.1.92mdk.amd64.rpm 950a9b42b66f79920c185a33a1242370 amd64/9.2/RPMS/postgresql-devel-7.3.4-3.1.92mdk.amd64.rpm ece2006b6cb6406540361c64873c85ec amd64/9.2/RPMS/postgresql-docs-7.3.4-3.1.92mdk.amd64.rpm 40b425552eac286f191489ca58d64898 amd64/9.2/RPMS/postgresql-jdbc-7.3.4-3.1.92mdk.amd64.rpm c968c4ef557762518c356b2d06ac0c9d amd64/9.2/RPMS/postgresql-pl-7.3.4-3.1.92mdk.amd64.rpm 63c4e04d4b71de80a72181099aaa0fea amd64/9.2/RPMS/postgresql-python-7.3.4-3.1.92mdk.amd64.rpm 7aa9d7a7690b5fd4f63b6c57845b28ef amd64/9.2/RPMS/postgresql-server-7.3.4-3.1.92mdk.amd64.rpm 9f76feb6acddf11ae1413a3f45822aa5 amd64/9.2/RPMS/postgresql-tcl-7.3.4-3.1.92mdk.amd64.rpm 7ae63a7101d32df569dbe68b5fc4d982 amd64/9.2/RPMS/postgresql-test-7.3.4-3.1.92mdk.amd64.rpm 4f6776fd9b0eecf4e92ec1d30937a0c3 amd64/9.2/SRPMS/postgresql-7.3.4-3.1.92mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBvjK6mqjQ0CJFipgRAvyfAKCOKKU5pcNQbOPm/m0/F062fTxHyACg7V8S t7FSv+JS/5oZszPjp0Hwg5o= =Xz93 -----END PGP SIGNATURE-----