From Mageia wiki
Jump to: navigation, search

MGASA-2012-0113

Date: June 10th, 2012
Affected releases: 1, 2


Description:
The postgresql packages have been updated to latest versions of
current series, to fix multiple security vulnerabilities:

CVE-2012-2143: Passwords containing the byte 0x80 passed to the
crypt() function in pgcrypto are incorrectly truncated if DES
encryption was used.

CVE-2012-2655: SECURITY DEFINER and SET attributes on procedural
call handlers are not ignored and can be used to crash the server.


Updated Packages:
Mageia 1:
postgresql8.4-8.4.12-1.mga1
postgresql8.4-contrib-8.4.12-1.mga1
postgresql8.4-devel-8.4.12-1.mga1
postgresql8.4-docs-8.4.12-1.mga1
postgresql8.4-pl-8.4.12-1.mga1
postgresql8.4-plperl-8.4.12-1.mga1
postgresql8.4-plpgsql-8.4.12-1.mga1
postgresql8.4-pltcl-8.4.12-1.mga1
postgresql8.4-plpython-8.4.12-1.mga1
postgresql8.4-server-8.4.12-1.mga1
lib(64)ecpg8.4_6-8.4.12-1.mga1
lib(64)pq8.4_5-8.4.12-1.mga1
postgresql9.0-9.0.8-1.mga1
postgresql9.0-contrib-9.0.8-1.mga1
postgresql9.0-devel-9.0.8-1.mga1
postgresql9.0-docs-9.0.8-1.mga1
postgresql9.0-pl-9.0.8-1.mga1
postgresql9.0-plperl-9.0.8-1.mga1
postgresql9.0-plpgsql-9.0.8-1.mga1
postgresql9.0-plpython-9.0.8-1.mga1
postgresql9.0-pltcl-9.0.8-1.mga1
postgresql9.0-server-9.0.8-1.mga1
lib(64)ecpg9.0_6-9.0.8-1.mga1
lib(64)pq9.0_5-9.0.8-1.mga1

Mageia 2:
postgresql8.4-8.4.12-1.mga2
postgresql8.4-contrib-8.4.12-1.mga2
postgresql8.4-devel-8.4.12-1.mga2
postgresql8.4-docs-8.4.12-1.mga2
postgresql8.4-pl-8.4.12-1.mga2
postgresql8.4-plperl-8.4.12-1.mga2
postgresql8.4-plpgsql-8.4.12-1.mga2
postgresql8.4-pltcl-8.4.12-1.mga2
postgresql8.4-plpython-8.4.12-1.mga2
postgresql8.4-server-8.4.12-1.mga2
lib(64)ecpg8.4_6-8.4.12-1.mga2
lib(64)pq8.4_5-8.4.12-1.mga2
postgresql9.0-9.0.8-1.mga2
postgresql9.0-contrib-9.0.8-1.mga2
postgresql9.0-devel-9.0.8-1.mga2
postgresql9.0-docs-9.0.8-1.mga2
postgresql9.0-pl-9.0.8-1.mga2
postgresql9.0-plperl-9.0.8-1.mga2
postgresql9.0-plpgsql-9.0.8-1.mga2
postgresql9.0-plpython-9.0.8-1.mga2
postgresql9.0-pltcl-9.0.8-1.mga2
postgresql9.0-server-9.0.8-1.mga2
lib(64)ecpg9.0_6-9.0.8-1.mga2
lib(64)pq9.0_5-9.0.8-1.mga2
postgresql9.1-9.1.4-1.mga2
postgresql9.1-contrib-9.1.4-1.mga2
postgresql9.1-devel-9.1.4-1.mga2
postgresql9.1-docs-9.1.4-1.mga2
postgresql9.1-pl-9.1.4-1.mga2
postgresql9.1-plperl-9.1.4-1.mga2
postgresql9.1-plpgsql-9.1.4-1.mga2
postgresql9.1-plpython-9.1.4-1.mga2
postgresql9.1-pltcl-9.1.4-1.mga2
postgresql9.1-server-9.1.4-1.mga2
lib(64)ecpg9.1_6-9.1.4-1.mga2
lib(64)pq9.1_5-9.1.4-1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2655
https://bugs.mageia.org/show_bug.cgi?id=6334

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2012-0113&oldid=7667"