-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:021 http://www.mandriva.com/security/ _______________________________________________________________________ Package : postgresql Date : February 7, 2011 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered and corrected in postgresql: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions (CVE-2010-4015). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 This update provides a solution to this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4015 http://www.postgresql.org/support/security _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: f0bccd8d08d160cb9d182cbc2e8c8b7a 2009.0/i586/libecpg8.3_6-8.3.14-0.1mdv2009.0.i586.rpm d6f744a7755f9f8c0b2f002ff6c8cd11 2009.0/i586/libpq8.3_5-8.3.14-0.1mdv2009.0.i586.rpm ffebfa72365425584027e245e119e752 2009.0/i586/postgresql8.3-8.3.14-0.1mdv2009.0.i586.rpm 00bdc189c6da5e369436ee7777b55c65 2009.0/i586/postgresql8.3-contrib-8.3.14-0.1mdv2009.0.i586.rpm 5df87eed578bf29dee48d6ce99f3a8e9 2009.0/i586/postgresql8.3-devel-8.3.14-0.1mdv2009.0.i586.rpm 4addea6fa7b09eaf949ae80139119be8 2009.0/i586/postgresql8.3-docs-8.3.14-0.1mdv2009.0.i586.rpm 5f1290608a4598ebc2033f0045697c49 2009.0/i586/postgresql8.3-pl-8.3.14-0.1mdv2009.0.i586.rpm 9cb9fb2b3734ca50c8bcf6f23a235aef 2009.0/i586/postgresql8.3-plperl-8.3.14-0.1mdv2009.0.i586.rpm 827480cb9eb3e345f0882ec9762780d6 2009.0/i586/postgresql8.3-plpgsql-8.3.14-0.1mdv2009.0.i586.rpm ec71f327dd30092b202835aee7213e95 2009.0/i586/postgresql8.3-plpython-8.3.14-0.1mdv2009.0.i586.rpm 0f3bc4f0d1484dc6ac4a3998fa89d4d0 2009.0/i586/postgresql8.3-pltcl-8.3.14-0.1mdv2009.0.i586.rpm edcfe5eadb8b6b8eb39795956144ed44 2009.0/i586/postgresql8.3-server-8.3.14-0.1mdv2009.0.i586.rpm 61cfcfbf9a0b7b99e9e38acfacbbf124 2009.0/SRPMS/postgresql8.3-8.3.14-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 053375b35b0ce33c26c30d73ece99577 2009.0/x86_64/lib64ecpg8.3_6-8.3.14-0.1mdv2009.0.x86_64.rpm b8666b21d37ee63abdcdb66b55313a1a 2009.0/x86_64/lib64pq8.3_5-8.3.14-0.1mdv2009.0.x86_64.rpm 3e2adf342dd4018240a87b87dc7d01ba 2009.0/x86_64/postgresql8.3-8.3.14-0.1mdv2009.0.x86_64.rpm de5f645713c9f0fe71a160bb89331d3c 2009.0/x86_64/postgresql8.3-contrib-8.3.14-0.1mdv2009.0.x86_64.rpm 5c2692c198ac6e218a74e429f5d6f50f 2009.0/x86_64/postgresql8.3-devel-8.3.14-0.1mdv2009.0.x86_64.rpm db9b03e8d3a1f8897fb7ea86edbb8398 2009.0/x86_64/postgresql8.3-docs-8.3.14-0.1mdv2009.0.x86_64.rpm 84cf45007a4d1f7827b8565230b5b31f 2009.0/x86_64/postgresql8.3-pl-8.3.14-0.1mdv2009.0.x86_64.rpm ad9fe7ecce4900a4248680866cf46cbc 2009.0/x86_64/postgresql8.3-plperl-8.3.14-0.1mdv2009.0.x86_64.rpm 29042256018d013605646926f3474607 2009.0/x86_64/postgresql8.3-plpgsql-8.3.14-0.1mdv2009.0.x86_64.rpm 1ac37ea2cee1c3d79bde823c523c2d1f 2009.0/x86_64/postgresql8.3-plpython-8.3.14-0.1mdv2009.0.x86_64.rpm e5e5a0ca1006656941a06ae0f9ecca11 2009.0/x86_64/postgresql8.3-pltcl-8.3.14-0.1mdv2009.0.x86_64.rpm f66e98845b229ff95a785101b3065f35 2009.0/x86_64/postgresql8.3-server-8.3.14-0.1mdv2009.0.x86_64.rpm 61cfcfbf9a0b7b99e9e38acfacbbf124 2009.0/SRPMS/postgresql8.3-8.3.14-0.1mdv2009.0.src.rpm Mandriva Linux 2010.0: 0ece68fe218e3442be8f7918c1712765 2010.0/i586/libecpg8.4_6-8.4.7-0.1mdv2010.0.i586.rpm 6a2ba568ef4bf51283b825a18b3982ea 2010.0/i586/libpq8.4_5-8.4.7-0.1mdv2010.0.i586.rpm de41eb54cb027b20dbad7bbebc20e295 2010.0/i586/postgresql8.4-8.4.7-0.1mdv2010.0.i586.rpm 28171f90ba8b2d5a670585bd13e626e3 2010.0/i586/postgresql8.4-contrib-8.4.7-0.1mdv2010.0.i586.rpm 8e748ef38f263052c3082075439e4879 2010.0/i586/postgresql8.4-devel-8.4.7-0.1mdv2010.0.i586.rpm ed4d8c6a21427aa5c527bfa7671dfa47 2010.0/i586/postgresql8.4-docs-8.4.7-0.1mdv2010.0.i586.rpm 7e8540eaf85fb34aae611005bc985d82 2010.0/i586/postgresql8.4-pl-8.4.7-0.1mdv2010.0.i586.rpm 82327abe1707cb27c7f49f1795f30dd0 2010.0/i586/postgresql8.4-plperl-8.4.7-0.1mdv2010.0.i586.rpm f4b8811588c5523f49c1fc86a8c15c14 2010.0/i586/postgresql8.4-plpgsql-8.4.7-0.1mdv2010.0.i586.rpm 963b6cd68921b3b9ae3b811a928896aa 2010.0/i586/postgresql8.4-plpython-8.4.7-0.1mdv2010.0.i586.rpm 792a160d7c77ae929970fb7fd90e5ec4 2010.0/i586/postgresql8.4-pltcl-8.4.7-0.1mdv2010.0.i586.rpm 5b1e68552a8b8106882f607fe067fcdf 2010.0/i586/postgresql8.4-server-8.4.7-0.1mdv2010.0.i586.rpm bd79383547e7585a6395fd77d06ae470 2010.0/SRPMS/postgresql8.4-8.4.7-0.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: deda0f97286d50ae577111dd646dbd9a 2010.0/x86_64/lib64ecpg8.4_6-8.4.7-0.1mdv2010.0.x86_64.rpm 549a9f712f0e3b39be27f0a6aed508cb 2010.0/x86_64/lib64pq8.4_5-8.4.7-0.1mdv2010.0.x86_64.rpm aee29ff14a896caa4ec7ba39fd7f8a30 2010.0/x86_64/postgresql8.4-8.4.7-0.1mdv2010.0.x86_64.rpm 15c72050b730a5fb138842d0c59e09cd 2010.0/x86_64/postgresql8.4-contrib-8.4.7-0.1mdv2010.0.x86_64.rpm 7ad27b22e7b3f7bca1c6dabd158009c9 2010.0/x86_64/postgresql8.4-devel-8.4.7-0.1mdv2010.0.x86_64.rpm 3eaa8dfadbf38c87a6a1007546ee393a 2010.0/x86_64/postgresql8.4-docs-8.4.7-0.1mdv2010.0.x86_64.rpm dc4f5b31a276b05c13b39846b90395b8 2010.0/x86_64/postgresql8.4-pl-8.4.7-0.1mdv2010.0.x86_64.rpm da195bc2c1a4b0961f4e674b240b4ce5 2010.0/x86_64/postgresql8.4-plperl-8.4.7-0.1mdv2010.0.x86_64.rpm e6a90cb7ab1efb6233687a3d8dff2062 2010.0/x86_64/postgresql8.4-plpgsql-8.4.7-0.1mdv2010.0.x86_64.rpm 24655ad3d0e43322685f3aa9b7b3ce7a 2010.0/x86_64/postgresql8.4-plpython-8.4.7-0.1mdv2010.0.x86_64.rpm 8631e24599904f118bd9114152ac40dd 2010.0/x86_64/postgresql8.4-pltcl-8.4.7-0.1mdv2010.0.x86_64.rpm 47846aee3af806c245765effe0359a2a 2010.0/x86_64/postgresql8.4-server-8.4.7-0.1mdv2010.0.x86_64.rpm bd79383547e7585a6395fd77d06ae470 2010.0/SRPMS/postgresql8.4-8.4.7-0.1mdv2010.0.src.rpm Mandriva Linux 2010.1: d0119a0d5ec0d48438f6ac9cdf6b0bd4 2010.1/i586/libecpg8.4_6-8.4.7-0.1mdv2010.2.i586.rpm 8e78d14d756e05ca95761eed5a336f84 2010.1/i586/libpq8.4_5-8.4.7-0.1mdv2010.2.i586.rpm e29aeee8be677c55de77d92010c462d2 2010.1/i586/postgresql8.4-8.4.7-0.1mdv2010.2.i586.rpm e451afff2ab77197c068484eadd95d16 2010.1/i586/postgresql8.4-contrib-8.4.7-0.1mdv2010.2.i586.rpm 722db374655619fb8204c166a490e8c4 2010.1/i586/postgresql8.4-devel-8.4.7-0.1mdv2010.2.i586.rpm 8dc3759b5644d14340c27005cd81529b 2010.1/i586/postgresql8.4-docs-8.4.7-0.1mdv2010.2.i586.rpm a453b4e859ae52b2748bb7fa22f8ab8c 2010.1/i586/postgresql8.4-pl-8.4.7-0.1mdv2010.2.i586.rpm 04480ad8546addfb601a49fac54c4043 2010.1/i586/postgresql8.4-plperl-8.4.7-0.1mdv2010.2.i586.rpm f517cda74c958313ea6525c22666e535 2010.1/i586/postgresql8.4-plpgsql-8.4.7-0.1mdv2010.2.i586.rpm ef8b8e6c6df1b2595be328d96883634c 2010.1/i586/postgresql8.4-plpython-8.4.7-0.1mdv2010.2.i586.rpm 3c1c6f1b7ed346f7c051af50013e49cc 2010.1/i586/postgresql8.4-pltcl-8.4.7-0.1mdv2010.2.i586.rpm 9987b551f0f3afe405439c0a968a2e46 2010.1/i586/postgresql8.4-server-8.4.7-0.1mdv2010.2.i586.rpm 702d03503e51686e530ce42d200a17fb 2010.1/SRPMS/postgresql8.4-8.4.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 2fd9cf238ef9fe27f959e45f1048520c 2010.1/x86_64/lib64ecpg8.4_6-8.4.7-0.1mdv2010.2.x86_64.rpm 2e4462234d1adff10f6bfc6795f13214 2010.1/x86_64/lib64pq8.4_5-8.4.7-0.1mdv2010.2.x86_64.rpm bb269b3106341a9ae9a497fa3ba945aa 2010.1/x86_64/postgresql8.4-8.4.7-0.1mdv2010.2.x86_64.rpm 95bcc61a118be20e5506a2e7ff5127b4 2010.1/x86_64/postgresql8.4-contrib-8.4.7-0.1mdv2010.2.x86_64.rpm 19241b23cf5d02220d0c3051992b2a1c 2010.1/x86_64/postgresql8.4-devel-8.4.7-0.1mdv2010.2.x86_64.rpm 694eb59dc752fa034a7eb4784e8cf597 2010.1/x86_64/postgresql8.4-docs-8.4.7-0.1mdv2010.2.x86_64.rpm 84e4b685f59cccee26c36ec4fcb0cc0f 2010.1/x86_64/postgresql8.4-pl-8.4.7-0.1mdv2010.2.x86_64.rpm 3890e3d87bfdbe301274c8afb04e9ac2 2010.1/x86_64/postgresql8.4-plperl-8.4.7-0.1mdv2010.2.x86_64.rpm 996773cd8a7b2075d732496cc430e0aa 2010.1/x86_64/postgresql8.4-plpgsql-8.4.7-0.1mdv2010.2.x86_64.rpm 02dbda7feefa8555a6de3cf971e74baf 2010.1/x86_64/postgresql8.4-plpython-8.4.7-0.1mdv2010.2.x86_64.rpm fde555fa30aefa1dfadd3a44baa9045b 2010.1/x86_64/postgresql8.4-pltcl-8.4.7-0.1mdv2010.2.x86_64.rpm 2203e4f730316458b234d51105be07a4 2010.1/x86_64/postgresql8.4-server-8.4.7-0.1mdv2010.2.x86_64.rpm 702d03503e51686e530ce42d200a17fb 2010.1/SRPMS/postgresql8.4-8.4.7-0.1mdv2010.2.src.rpm Corporate 4.0: 84d84f59bc96d249e8f787431787b033 corporate/4.0/i586/libecpg5-8.1.23-0.1.20060mlcs4.i586.rpm de1c7c23792ab45b0383de7499ea04db corporate/4.0/i586/libecpg5-devel-8.1.23-0.1.20060mlcs4.i586.rpm 914bec35fafe8500b1b3c74a94ba15cc corporate/4.0/i586/libpq4-8.1.23-0.1.20060mlcs4.i586.rpm 15e2c84e2c575f3db0fb76a23c10cfca corporate/4.0/i586/libpq4-devel-8.1.23-0.1.20060mlcs4.i586.rpm 1ecd7a1318f2bf4402ea5a79569954c5 corporate/4.0/i586/postgresql-8.1.23-0.1.20060mlcs4.i586.rpm 96321aa691cc9bce999103680bde92bb corporate/4.0/i586/postgresql-contrib-8.1.23-0.1.20060mlcs4.i586.rpm e0b8ad818bd04cbce8b89ff7c934ca5c corporate/4.0/i586/postgresql-devel-8.1.23-0.1.20060mlcs4.i586.rpm 428e3cd5306f71caed82f0eebe5f725f corporate/4.0/i586/postgresql-docs-8.1.23-0.1.20060mlcs4.i586.rpm 1508aec4160a0ae140faef382d7e4e4f corporate/4.0/i586/postgresql-pl-8.1.23-0.1.20060mlcs4.i586.rpm 3429828546b1d6571a9750fbf11b5812 corporate/4.0/i586/postgresql-plperl-8.1.23-0.1.20060mlcs4.i586.rpm c9481eb68aa75e0adc3538257b29add3 corporate/4.0/i586/postgresql-plpgsql-8.1.23-0.1.20060mlcs4.i586.rpm 9d695975709e619290b614ee5dcbc3a7 corporate/4.0/i586/postgresql-plpython-8.1.23-0.1.20060mlcs4.i586.rpm 24662a906365cd6c2b4ff1cec923235f corporate/4.0/i586/postgresql-pltcl-8.1.23-0.1.20060mlcs4.i586.rpm 4c17284a1dca9e52820d648fca403a50 corporate/4.0/i586/postgresql-server-8.1.23-0.1.20060mlcs4.i586.rpm c4d5803eac1f6f7b80f2b53a79362585 corporate/4.0/i586/postgresql-test-8.1.23-0.1.20060mlcs4.i586.rpm 0b928cddf6711847bfeda970a8ba41a1 corporate/4.0/SRPMS/postgresql-8.1.23-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: e7b2a63fc95339504a527026c88f2103 corporate/4.0/x86_64/lib64ecpg5-8.1.23-0.1.20060mlcs4.x86_64.rpm 312724a920f7fdad181cd2f8c3552f4f corporate/4.0/x86_64/lib64ecpg5-devel-8.1.23-0.1.20060mlcs4.x86_64.rpm 4fb79b73bec2f32d7c69e0074902344b corporate/4.0/x86_64/lib64pq4-8.1.23-0.1.20060mlcs4.x86_64.rpm d2a621f4f75b9c3f17f302123fe5f80b corporate/4.0/x86_64/lib64pq4-devel-8.1.23-0.1.20060mlcs4.x86_64.rpm 2d558dc95ec010e126b43c11e18a48b9 corporate/4.0/x86_64/postgresql-8.1.23-0.1.20060mlcs4.x86_64.rpm a03958a651964465da5216838eb4bf1f corporate/4.0/x86_64/postgresql-contrib-8.1.23-0.1.20060mlcs4.x86_64.rpm 20f9d5c47453d357ff8f7ebbcc4cd4da corporate/4.0/x86_64/postgresql-devel-8.1.23-0.1.20060mlcs4.x86_64.rpm 791c0d08cc263ec4cb111250a4364e52 corporate/4.0/x86_64/postgresql-docs-8.1.23-0.1.20060mlcs4.x86_64.rpm 27cbdff371f7d8230bf8994002a4a9c6 corporate/4.0/x86_64/postgresql-pl-8.1.23-0.1.20060mlcs4.x86_64.rpm cfda862107e9dde8d71ea1e42a85b651 corporate/4.0/x86_64/postgresql-plperl-8.1.23-0.1.20060mlcs4.x86_64.rpm 4f8752e8a833ab11f4d61ca19d26d74b corporate/4.0/x86_64/postgresql-plpgsql-8.1.23-0.1.20060mlcs4.x86_64.rpm 69f90a191a3f6eee89f8f980c09c090a corporate/4.0/x86_64/postgresql-plpython-8.1.23-0.1.20060mlcs4.x86_64.rpm d2619d70040ac36294d4dd077b1eeaf7 corporate/4.0/x86_64/postgresql-pltcl-8.1.23-0.1.20060mlcs4.x86_64.rpm 20e01c5d5e5c8e30c781eaf8f37dec8f corporate/4.0/x86_64/postgresql-server-8.1.23-0.1.20060mlcs4.x86_64.rpm 861faeaa6dee124f27fccaf762e6fde7 corporate/4.0/x86_64/postgresql-test-8.1.23-0.1.20060mlcs4.x86_64.rpm 0b928cddf6711847bfeda970a8ba41a1 corporate/4.0/SRPMS/postgresql-8.1.23-0.1.20060mlcs4.src.rpm Mandriva Enterprise Server 5: dc04ce17c2f47f9b01664622ecc6af61 mes5/i586/libecpg8.3_6-8.3.14-0.1mdvmes5.1.i586.rpm 8e542be4781541b896b4bce9755cb1d7 mes5/i586/libpq8.3_5-8.3.14-0.1mdvmes5.1.i586.rpm e92eb792197952bdc527bc23290732f6 mes5/i586/postgresql8.3-8.3.14-0.1mdvmes5.1.i586.rpm ba946b94299892be7ef390068cec7b2d mes5/i586/postgresql8.3-contrib-8.3.14-0.1mdvmes5.1.i586.rpm 2f7965860ae85cd070de5c148530a668 mes5/i586/postgresql8.3-devel-8.3.14-0.1mdvmes5.1.i586.rpm 1aa0e8096626cb06dab9571f4161490b mes5/i586/postgresql8.3-docs-8.3.14-0.1mdvmes5.1.i586.rpm c2360b89aa11b67990aec750c21a9543 mes5/i586/postgresql8.3-pl-8.3.14-0.1mdvmes5.1.i586.rpm 64005b2b4b33311923268212cf05b67b mes5/i586/postgresql8.3-plperl-8.3.14-0.1mdvmes5.1.i586.rpm aa0b0838303ce1e6187e67726d6abe11 mes5/i586/postgresql8.3-plpgsql-8.3.14-0.1mdvmes5.1.i586.rpm 59993c55e5260939f96023df2cb72150 mes5/i586/postgresql8.3-plpython-8.3.14-0.1mdvmes5.1.i586.rpm 869957cffb3750d8cff0291ce8346f7e mes5/i586/postgresql8.3-pltcl-8.3.14-0.1mdvmes5.1.i586.rpm d165b4df10f023bf38f3b899b257c4ee mes5/i586/postgresql8.3-server-8.3.14-0.1mdvmes5.1.i586.rpm 65f62e28215df602b9b584e2bc808730 mes5/SRPMS/postgresql8.3-8.3.14-0.1mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: a6975de2bdff272f7ad48a88d073e839 mes5/x86_64/lib64ecpg8.3_6-8.3.14-0.1mdvmes5.1.x86_64.rpm 82464f36802a86e5d42b8c1528745569 mes5/x86_64/lib64pq8.3_5-8.3.14-0.1mdvmes5.1.x86_64.rpm 2960b3e4ec1a0b888f8f3f7b116e0c12 mes5/x86_64/postgresql8.3-8.3.14-0.1mdvmes5.1.x86_64.rpm 1b96902da61773d12a65be15a68f70bb mes5/x86_64/postgresql8.3-contrib-8.3.14-0.1mdvmes5.1.x86_64.rpm f36c11451740968d976106dc87332814 mes5/x86_64/postgresql8.3-devel-8.3.14-0.1mdvmes5.1.x86_64.rpm 4195a33d127f5d4ddf94ec80405979ad mes5/x86_64/postgresql8.3-docs-8.3.14-0.1mdvmes5.1.x86_64.rpm dba2d1099056555fa63e88bfa221ee27 mes5/x86_64/postgresql8.3-pl-8.3.14-0.1mdvmes5.1.x86_64.rpm 08ddec51248aef1b15048ca5333afe02 mes5/x86_64/postgresql8.3-plperl-8.3.14-0.1mdvmes5.1.x86_64.rpm 5b0d762e714a8c1f0d34499032e692e6 mes5/x86_64/postgresql8.3-plpgsql-8.3.14-0.1mdvmes5.1.x86_64.rpm 66e3de220776283be9193446c05fd8dc mes5/x86_64/postgresql8.3-plpython-8.3.14-0.1mdvmes5.1.x86_64.rpm 99973d6b8594650365fb6c85f9a9902e mes5/x86_64/postgresql8.3-pltcl-8.3.14-0.1mdvmes5.1.x86_64.rpm b39ea5f5ccd8fd0f2ab1b601e8c5217e mes5/x86_64/postgresql8.3-server-8.3.14-0.1mdvmes5.1.x86_64.rpm 65f62e28215df602b9b584e2bc808730 mes5/SRPMS/postgresql8.3-8.3.14-0.1mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNT8nymqjQ0CJFipgRAqLPAKC94iQaXPujlE1tSFgLNhxThctb3gCfTzvK OThW/nnuqLpEO9nRFmiiNrE= =upRK -----END PGP SIGNATURE-----
