From Mageia wiki
Jump to: navigation, search

MGASA-2013-0112

Date: April 6th, 2013
Affected releases: 2
Media: Core


Description:
Updated postgresql packages fix security vulnerabilities:

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x
before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a
denial of service (file corruption), and allows remote authenticated users
to modify configuration settings and execute arbitrary code, via a
connection request using a database name that begins with a "-" (hyphen)
(CVE-2013-1899).

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13,
and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently
random numbers, which might allow remote authenticated users to have an
unspecified impact via vectors related to the "contrib/pgcrypto functions"
(CVE-2013-1900).

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly
check REPLICATION privileges, which allows remote authenticated users to
bypass intended backup restrictions by calling the (1) pg_start_backup or
(2) pg_stop_backup functions (CVE-2013-1901).


Updated Packages:
i586:
libecpg8.4_6-8.4.17-1.mga2.i586.rpm
libpq8.4_5-8.4.17-1.mga2.i586.rpm
postgresql8.4-8.4.17-1.mga2.i586.rpm
postgresql8.4-contrib-8.4.17-1.mga2.i586.rpm
postgresql8.4-devel-8.4.17-1.mga2.i586.rpm
postgresql8.4-docs-8.4.17-1.mga2.i586.rpm
postgresql8.4-pl-8.4.17-1.mga2.i586.rpm
postgresql8.4-plperl-8.4.17-1.mga2.i586.rpm
postgresql8.4-plpgsql-8.4.17-1.mga2.i586.rpm
postgresql8.4-plpython-8.4.17-1.mga2.i586.rpm
postgresql8.4-pltcl-8.4.17-1.mga2.i586.rpm
postgresql8.4-server-8.4.17-1.mga2.i586.rpm
postgresql8.4-debug-8.4.17-1.mga2.i586.rpm
libecpg9.0_6-9.0.13-1.mga2.i586.rpm
libpq9.0_5-9.0.13-1.mga2.i586.rpm
postgresql9.0-9.0.13-1.mga2.i586.rpm
postgresql9.0-contrib-9.0.13-1.mga2.i586.rpm
postgresql9.0-devel-9.0.13-1.mga2.i586.rpm
postgresql9.0-docs-9.0.13-1.mga2.i586.rpm
postgresql9.0-pl-9.0.13-1.mga2.i586.rpm
postgresql9.0-plperl-9.0.13-1.mga2.i586.rpm
postgresql9.0-plpgsql-9.0.13-1.mga2.i586.rpm
postgresql9.0-plpython-9.0.13-1.mga2.i586.rpm
postgresql9.0-pltcl-9.0.13-1.mga2.i586.rpm
postgresql9.0-server-9.0.13-1.mga2.i586.rpm
postgresql9.0-debug-9.0.13-1.mga2.i586.rpm
libecpg9.1_6-9.1.9-1.mga2.i586.rpm
libpq9.1_5-9.1.9-1.mga2.i586.rpm
postgresql9.1-9.1.9-1.mga2.i586.rpm
postgresql9.1-contrib-9.1.9-1.mga2.i586.rpm
postgresql9.1-devel-9.1.9-1.mga2.i586.rpm
postgresql9.1-docs-9.1.9-1.mga2.i586.rpm
postgresql9.1-pl-9.1.9-1.mga2.i586.rpm
postgresql9.1-plperl-9.1.9-1.mga2.i586.rpm
postgresql9.1-plpgsql-9.1.9-1.mga2.i586.rpm
postgresql9.1-plpython-9.1.9-1.mga2.i586.rpm
postgresql9.1-pltcl-9.1.9-1.mga2.i586.rpm
postgresql9.1-server-9.1.9-1.mga2.i586.rpm
postgresql9.1-debug-9.1.9-1.mga2.i586.rpm

x86_64:
lib64ecpg8.4_6-8.4.17-1.mga2.x86_64.rpm
lib64pq8.4_5-8.4.17-1.mga2.x86_64.rpm
postgresql8.4-8.4.17-1.mga2.x86_64.rpm
postgresql8.4-contrib-8.4.17-1.mga2.x86_64.rpm
postgresql8.4-devel-8.4.17-1.mga2.x86_64.rpm
postgresql8.4-docs-8.4.17-1.mga2.x86_64.rpm
postgresql8.4-pl-8.4.17-1.mga2.x86_64.rpm
postgresql8.4-plperl-8.4.17-1.mga2.x86_64.rpm
postgresql8.4-plpgsql-8.4.17-1.mga2.x86_64.rpm
postgresql8.4-plpython-8.4.17-1.mga2.x86_64.rpm
postgresql8.4-pltcl-8.4.17-1.mga2.x86_64.rpm
postgresql8.4-server-8.4.17-1.mga2.x86_64.rpm
postgresql8.4-debug-8.4.17-1.mga2.x86_64.rpm
lib64ecpg9.0_6-9.0.13-1.mga2.x86_64.rpm
lib64pq9.0_5-9.0.13-1.mga2.x86_64.rpm
postgresql9.0-9.0.13-1.mga2.x86_64.rpm
postgresql9.0-contrib-9.0.13-1.mga2.x86_64.rpm
postgresql9.0-devel-9.0.13-1.mga2.x86_64.rpm
postgresql9.0-docs-9.0.13-1.mga2.x86_64.rpm
postgresql9.0-pl-9.0.13-1.mga2.x86_64.rpm
postgresql9.0-plperl-9.0.13-1.mga2.x86_64.rpm
postgresql9.0-plpgsql-9.0.13-1.mga2.x86_64.rpm
postgresql9.0-plpython-9.0.13-1.mga2.x86_64.rpm
postgresql9.0-pltcl-9.0.13-1.mga2.x86_64.rpm
postgresql9.0-server-9.0.13-1.mga2.x86_64.rpm
postgresql9.0-debug-9.0.13-1.mga2.x86_64.rpm
lib64ecpg9.1_6-9.1.9-1.mga2.x86_64.rpm
lib64pq9.1_5-9.1.9-1.mga2.x86_64.rpm
postgresql9.1-9.1.9-1.mga2.x86_64.rpm
postgresql9.1-contrib-9.1.9-1.mga2.x86_64.rpm
postgresql9.1-devel-9.1.9-1.mga2.x86_64.rpm
postgresql9.1-docs-9.1.9-1.mga2.x86_64.rpm
postgresql9.1-pl-9.1.9-1.mga2.x86_64.rpm
postgresql9.1-plperl-9.1.9-1.mga2.x86_64.rpm
postgresql9.1-plpgsql-9.1.9-1.mga2.x86_64.rpm
postgresql9.1-plpython-9.1.9-1.mga2.x86_64.rpm
postgresql9.1-pltcl-9.1.9-1.mga2.x86_64.rpm
postgresql9.1-server-9.1.9-1.mga2.x86_64.rpm
postgresql9.1-debug-9.1.9-1.mga2.x86_64.rpm

SRPMS:
postgresql8.4-8.4.17-1.mga2.src.rpm
postgresql9.0-9.0.13-1.mga2.src.rpm
postgresql9.1-9.1.9-1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901
http://www.postgresql.org/about/news/1456/
http://www.ubuntu.com/usn/usn-1789-1/
https://bugs.mageia.org/show_bug.cgi?id=9617

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2013-0112&oldid=16012"