-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:176 http://www.mandriva.com/security/ _______________________________________________________________________ Package : postgresql Date : September 30, 2009 Affected: Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600 (CVE-2009-3230). This update provides a fix for this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230 _______________________________________________________________________ Updated Packages: Corporate 3.0: 1929c054467e461c3345c16dee6c97f3 corporate/3.0/i586/libecpg3-7.4.26-0.1.C30mdk.i586.rpm 8dd98dafb3dd31cd96e3d99506cac462 corporate/3.0/i586/libecpg3-devel-7.4.26-0.1.C30mdk.i586.rpm 6bb0e11db96faa5a2080413fbc576282 corporate/3.0/i586/libpgtcl2-7.4.26-0.1.C30mdk.i586.rpm 9d64c23e87f979fe15afddd32f8f442c corporate/3.0/i586/libpgtcl2-devel-7.4.26-0.1.C30mdk.i586.rpm eec7e7ff106f78604f16775d8f9f48ae corporate/3.0/i586/libpq3-7.4.26-0.1.C30mdk.i586.rpm 65879d23793826965699df7304307127 corporate/3.0/i586/libpq3-devel-7.4.26-0.1.C30mdk.i586.rpm 3dcd3e0dddbfe6c6f8af7008e415c3a8 corporate/3.0/i586/postgresql-7.4.26-0.1.C30mdk.i586.rpm fdcb8ab4f043a93651d3d9e08c5430d8 corporate/3.0/i586/postgresql-contrib-7.4.26-0.1.C30mdk.i586.rpm 52aba19ff8c021210ed6b69e862958bc corporate/3.0/i586/postgresql-devel-7.4.26-0.1.C30mdk.i586.rpm 5ee5a574c6603b2bcf6d93ddb45a7eeb corporate/3.0/i586/postgresql-docs-7.4.26-0.1.C30mdk.i586.rpm 6ef9fa81860e576cbd02a0cec5f16ca7 corporate/3.0/i586/postgresql-jdbc-7.4.26-0.1.C30mdk.i586.rpm 3d05ea5969170700c8cd2da172a23904 corporate/3.0/i586/postgresql-pl-7.4.26-0.1.C30mdk.i586.rpm fe5e1dc8ca21d99a0d9efea4e9ca70fe corporate/3.0/i586/postgresql-server-7.4.26-0.1.C30mdk.i586.rpm 48a983024a138fd28842584c42718b12 corporate/3.0/i586/postgresql-tcl-7.4.26-0.1.C30mdk.i586.rpm bff860c01b98053958c4481732e9280d corporate/3.0/i586/postgresql-test-7.4.26-0.1.C30mdk.i586.rpm 04b3c70744a007bb24fe4895cef60d6c corporate/3.0/SRPMS/postgresql-7.4.26-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: cabfabde318f3b426e1507cad427994c corporate/3.0/x86_64/lib64ecpg3-7.4.26-0.1.C30mdk.x86_64.rpm 4f6caf785709077e29ee430834771494 corporate/3.0/x86_64/lib64ecpg3-devel-7.4.26-0.1.C30mdk.x86_64.rpm c0422ce2cb71f6daadafece0343ea29e corporate/3.0/x86_64/lib64pgtcl2-7.4.26-0.1.C30mdk.x86_64.rpm 0dfb23cd2cb21ff9804f9c74c91611c7 corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.26-0.1.C30mdk.x86_64.rpm 5fb30f95e34da096f111feb443a9bde0 corporate/3.0/x86_64/lib64pq3-7.4.26-0.1.C30mdk.x86_64.rpm 58edfbaf8f3406e09181cd0b3559c019 corporate/3.0/x86_64/lib64pq3-devel-7.4.26-0.1.C30mdk.x86_64.rpm db5b5e2932907e7a2be177df6b320c16 corporate/3.0/x86_64/postgresql-7.4.26-0.1.C30mdk.x86_64.rpm 8722f0fbdbcfcdec7f53ed0465b8f7a6 corporate/3.0/x86_64/postgresql-contrib-7.4.26-0.1.C30mdk.x86_64.rpm 39a5d0d05521291dae3f4964e3ec1d91 corporate/3.0/x86_64/postgresql-devel-7.4.26-0.1.C30mdk.x86_64.rpm dea59ffea0dcc6d3e5718ce826d92490 corporate/3.0/x86_64/postgresql-docs-7.4.26-0.1.C30mdk.x86_64.rpm f053a335de9d2f950f0be7b5638e4e4b corporate/3.0/x86_64/postgresql-jdbc-7.4.26-0.1.C30mdk.x86_64.rpm e49e8061402605afc8155e7738765c92 corporate/3.0/x86_64/postgresql-pl-7.4.26-0.1.C30mdk.x86_64.rpm 46ade6bc397485c5191f8987c621a4b5 corporate/3.0/x86_64/postgresql-server-7.4.26-0.1.C30mdk.x86_64.rpm c9306c7dc29c35cd351abd44ed338ec8 corporate/3.0/x86_64/postgresql-tcl-7.4.26-0.1.C30mdk.x86_64.rpm 14a59e129085aecd862e85b0d1d2afdc corporate/3.0/x86_64/postgresql-test-7.4.26-0.1.C30mdk.x86_64.rpm 04b3c70744a007bb24fe4895cef60d6c corporate/3.0/SRPMS/postgresql-7.4.26-0.1.C30mdk.src.rpm Corporate 4.0: dd5fd7f5d0d77bd4231ee1edddf2f488 corporate/4.0/i586/libecpg5-8.1.18-0.1.20060mlcs4.i586.rpm 022fcfd3f26d3e33928591d0bf65ce75 corporate/4.0/i586/libecpg5-devel-8.1.18-0.1.20060mlcs4.i586.rpm ebd8e1c4d8e412889117ee9ee0555cf6 corporate/4.0/i586/libpq4-8.1.18-0.1.20060mlcs4.i586.rpm 47335465d898f9082b05ba6795eb5c49 corporate/4.0/i586/libpq4-devel-8.1.18-0.1.20060mlcs4.i586.rpm f9509df0d178c0e317034a8aa331c4a2 corporate/4.0/i586/postgresql-8.1.18-0.1.20060mlcs4.i586.rpm 163a0f1702a406a056a849802d07820a corporate/4.0/i586/postgresql-contrib-8.1.18-0.1.20060mlcs4.i586.rpm 067adf7c039e58d3ff0da9698f8b14b4 corporate/4.0/i586/postgresql-devel-8.1.18-0.1.20060mlcs4.i586.rpm 64b9b78c9b579a7cbf077fc715001477 corporate/4.0/i586/postgresql-docs-8.1.18-0.1.20060mlcs4.i586.rpm 00a0077db9bf3276b6e244578d1cef6e corporate/4.0/i586/postgresql-pl-8.1.18-0.1.20060mlcs4.i586.rpm bce9456fa8f0270ae63655b73083c9b5 corporate/4.0/i586/postgresql-plperl-8.1.18-0.1.20060mlcs4.i586.rpm f00cd9bc86dacdd122e9f0427c4b53e5 corporate/4.0/i586/postgresql-plpgsql-8.1.18-0.1.20060mlcs4.i586.rpm a386ef451546d4fc862b8ae1f4dc300d corporate/4.0/i586/postgresql-plpython-8.1.18-0.1.20060mlcs4.i586.rpm da74a334338d03adafc22bd94a14e495 corporate/4.0/i586/postgresql-pltcl-8.1.18-0.1.20060mlcs4.i586.rpm 6b8e85641a0ac84ec352e72604889810 corporate/4.0/i586/postgresql-server-8.1.18-0.1.20060mlcs4.i586.rpm c49787bfe34528529342a0396b24d7de corporate/4.0/i586/postgresql-test-8.1.18-0.1.20060mlcs4.i586.rpm 298101b846540072a6af791340de08dc corporate/4.0/SRPMS/postgresql-8.1.18-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 6b3df04b45fd1b0d79a60cfbc89d1ee4 corporate/4.0/x86_64/lib64ecpg5-8.1.18-0.1.20060mlcs4.x86_64.rpm 0d13a0d12391801c23d3bb45f54ed3a8 corporate/4.0/x86_64/lib64ecpg5-devel-8.1.18-0.1.20060mlcs4.x86_64.rpm 508a98605e92ca64224162bab14fac25 corporate/4.0/x86_64/lib64pq4-8.1.18-0.1.20060mlcs4.x86_64.rpm c2ebdfbd5276cd1f0571f8779af0b2c3 corporate/4.0/x86_64/lib64pq4-devel-8.1.18-0.1.20060mlcs4.x86_64.rpm 910360f74ac1cd62586c67731ec14c87 corporate/4.0/x86_64/postgresql-8.1.18-0.1.20060mlcs4.x86_64.rpm 257fe2756d78719bec8fb22bc4edece5 corporate/4.0/x86_64/postgresql-contrib-8.1.18-0.1.20060mlcs4.x86_64.rpm 5dd5dec707ec5860cd2a59d5f852ede0 corporate/4.0/x86_64/postgresql-devel-8.1.18-0.1.20060mlcs4.x86_64.rpm 67661aaa75522f1aa6e43d92db9ec9d8 corporate/4.0/x86_64/postgresql-docs-8.1.18-0.1.20060mlcs4.x86_64.rpm 58e3c1ef1a2616b246c285a484d49bd7 corporate/4.0/x86_64/postgresql-pl-8.1.18-0.1.20060mlcs4.x86_64.rpm e302ba48835b6a572e76e379bb00afbf corporate/4.0/x86_64/postgresql-plperl-8.1.18-0.1.20060mlcs4.x86_64.rpm 22ea68b363dfa14521426e28d35dbd19 corporate/4.0/x86_64/postgresql-plpgsql-8.1.18-0.1.20060mlcs4.x86_64.rpm 1864462b86204d25f3eef191229c04f4 corporate/4.0/x86_64/postgresql-plpython-8.1.18-0.1.20060mlcs4.x86_64.rpm a6a4323bfc7bde8677e42ee70708d841 corporate/4.0/x86_64/postgresql-pltcl-8.1.18-0.1.20060mlcs4.x86_64.rpm 9197be9651978469f54af90f27b71a5a corporate/4.0/x86_64/postgresql-server-8.1.18-0.1.20060mlcs4.x86_64.rpm 9a9613d72460a9faed47b9a4c5cf00ca corporate/4.0/x86_64/postgresql-test-8.1.18-0.1.20060mlcs4.x86_64.rpm 298101b846540072a6af791340de08dc corporate/4.0/SRPMS/postgresql-8.1.18-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKw3jtmqjQ0CJFipgRAh4hAKC1gY7JNurllieceTOo6FsKun2UOgCfSBEf 4zDvL897MXHFHtOy3s90+mI= =PBCz -----END PGP SIGNATURE-----
