LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 19th, 2014
Linux Security Week: September 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: 1002-2: PostgreSQL vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu USN-1002-1 fixed vulnerabilities in PostgreSQL. This update provides thecorresponding update for Ubuntu 10.10. [More...]
===========================================================
Ubuntu Security Notice USN-1002-2           October 07, 2010
postgresql-8.4 vulnerability
CVE-2010-3433
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
  postgresql-plperl-8.4           8.4.5-0ubuntu10.10
  postgresql-pltcl-8.4            8.4.5-0ubuntu10.10

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

Details follow:

USN-1002-1 fixed vulnerabilities in PostgreSQL. This update provides the
corresponding update for Ubuntu 10.10.

Original advisory details:

 It was discovered that PostgreSQL did not properly enforce permissions
 within sessions when PL/Perl and PL/Tcl functions or operators were
 redefined. A remote authenticated attacker could exploit this to execute
 arbitrary code with permissions of a different user, possibly leading to
 privilege escalation.


Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10.diff.gz
      Size/MD5:    39535 23f8b3a352178737bb56ead8312c86ce
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10.dsc
      Size/MD5:     2618 ed2b36e5dae9278e12d57c3d5c12d41c
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5.orig.tar.gz
      Size/MD5: 17590296 8ddea33493bf5cf6f5ea62212bb079df

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-client_8.4.5-0ubuntu10.10_all.deb
      Size/MD5:    18046 1c384292787a8d1a5dd42f17e2a7efc8
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-contrib_8.4.5-0ubuntu10.10_all.deb
      Size/MD5:    17944 bd565d773cf1f570cfe8f90bbebac5dc
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-doc-8.4_8.4.5-0ubuntu10.10_all.deb
      Size/MD5:  2118952 1c0163b0b9458c91cee4f8f0f9a4cfe4
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-doc_8.4.5-0ubuntu10.10_all.deb
      Size/MD5:     3450 26111ec43a687d13ce3fa44f9664fe6a
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql_8.4.5-0ubuntu10.10_all.deb
      Size/MD5:    18084 848a9af8970f015693af8ae73fe0a2cb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:    11340 130564cc4628ceafc3921713ab2e4dcc
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-dev_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:   240990 e3f6824a873520f17e230a62ad05ac80
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg6_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:    33164 308b7aaa612e6c680f5583590e62986e
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpgtypes3_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:    49340 f24763b931ba512742dd6d03f86d62c5
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq-dev_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:   201420 36249bf7794d77cfb7c05ff4901c0317
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq5_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:    88556 20c083d536a138cc44bfa460b93d1eb3
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:  4030288 6384be605d8d3597b9d34be34fafaa03
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:   822908 055d780c681d443e7d31a0b36d7d5ed8
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:   406728 3230bf51c73075032ac03f65770ad976
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:   630842 fb7866cb18076664c304d81e0b8cb021
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:    46686 f8834eb50b0298b2e09f44ce3dde5946
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:    39898 53066a883e73930773d282bf302e9fdb
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.5-0ubuntu10.10_amd64.deb
      Size/MD5:    37482 73ed6ddaf822a4fb9a5d4ad990e9adbb

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:    10310 7c4f24a65407a0b9ff04e7d8b47b994a
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-dev_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:   226046 419eb5e75f5d6c7864fd0c0bef7d1afd
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg6_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:    32056 1319f823acea5395a7d85887486def9d
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpgtypes3_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:    48064 2e7044fcb4a110609eb22abaed4e72c8
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq-dev_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:   193026 80f3d8d52adb51ac873755fa28dd5bca
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq5_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:    83006 2fe4cf19bf4fab85621b09f397bf99a1
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:  3883064 f1e96cb6c5338ef0c0d3ed565d02fba4
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:   776358 f2b56866bd98a688fa76504e4b36647b
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:   363476 21f6d13a2d2b7f7b8a2d9a1e53130684
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:   633542 351ba2390d1ba28b8ff623cdf3839fd9
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:    45058 192433c49f49f994149c7b6e5624348b
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:    37484 e0af027de047269a78024c65d45396ef
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.5-0ubuntu10.10_i386.deb
      Size/MD5:    36514 ed256af80099b8bd118dab3299ce0549

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:    10728 2038e12c84261eb4d5b4334e9b341163
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg-dev_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:   241180 b55e26e2973cf5d7b359c382f3399dd7
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg6_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:    34290 0572b2444e501ec930a167a86722450b
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpgtypes3_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:    51950 5ac477b5e3b958cbcd7402e6a5bcd9a6
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpq-dev_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:   199520 413218cd3db4eac23f69b3aa1ffb2dc3
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpq5_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:    86118 99303c47040f76c0a759877668c3e41d
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:  4332980 ff598d1c98e57ae87d0a825869ea84af
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:   823870 c4dd1c0be504e1204d0bea21cd85d01b
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:   390012 b678b43d6814d4aa625f6d9b6c232d30
    http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:   632088 d518262b6c78c1de5be3a21629b28456
    http://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:    45952 583c39e67e37c14a937e2a08655a96ae
    http://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:    39004 b70e2b185875c7cdcb14e3a361589c0e
    http://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.5-0ubuntu10.10_powerpc.deb
      Size/MD5:    37188 66e750905a43b134ed13e79106412e52




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Encryption goof fixed in TorrentLocker file-locking malware
Qubes: The Open Source OS Built for Security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.