BugTraq
[USN-1002-2] PostgreSQL vulnerability Oct 07 2010 06:33PM
Marc Deslauriers (marc deslauriers canonical com)
===========================================================
Ubuntu Security Notice USN-1002-2 October 07, 2010
postgresql-8.4 vulnerability
CVE-2010-3433
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
postgresql-plperl-8.4 8.4.5-0ubuntu10.10
postgresql-pltcl-8.4 8.4.5-0ubuntu10.10

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

Details follow:

USN-1002-1 fixed vulnerabilities in PostgreSQL. This update provides the
corresponding update for Ubuntu 10.10.

Original advisory details:

It was discovered that PostgreSQL did not properly enforce permissions
within sessions when PL/Perl and PL/Tcl functions or operators were
redefined. A remote authenticated attacker could exploit this to execute
arbitrary code with permissions of a different user, possibly leading to
privilege escalation.

Updated packages for Ubuntu 10.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-
8.4_8.4.5-0ubuntu10.10.diff.gz
Size/MD5: 39535 23f8b3a352178737bb56ead8312c86ce
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-
8.4_8.4.5-0ubuntu10.10.dsc
Size/MD5: 2618 ed2b36e5dae9278e12d57c3d5c12d41c
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-
8.4_8.4.5.orig.tar.gz
Size/MD5: 17590296 8ddea33493bf5cf6f5ea62212bb079df

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-
client_8.4.5-0ubuntu10.10_all.deb
Size/MD5: 18046 1c384292787a8d1a5dd42f17e2a7efc8
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-
contrib_8.4.5-0ubuntu10.10_all.deb
Size/MD5: 17944 bd565d773cf1f570cfe8f90bbebac5dc
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-
doc-8.4_8.4.5-0ubuntu10.10_all.deb
Size/MD5: 2118952 1c0163b0b9458c91cee4f8f0f9a4cfe4
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-
doc_8.4.5-0ubuntu10.10_all.deb
Size/MD5: 3450 26111ec43a687d13ce3fa44f9664fe6a
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql_
8.4.5-0ubuntu10.10_all.deb
Size/MD5: 18084 848a9af8970f015693af8ae73fe0a2cb

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-com
pat3_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 11340 130564cc4628ceafc3921713ab2e4dcc
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-dev
_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 240990 e3f6824a873520f17e230a62ad05ac80
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg6_8.
4.5-0ubuntu10.10_amd64.deb
Size/MD5: 33164 308b7aaa612e6c680f5583590e62986e
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpgtypes3
_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 49340 f24763b931ba512742dd6d03f86d62c5
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq-dev_8
.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 201420 36249bf7794d77cfb7c05ff4901c0317
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq5_8.4.
5-0ubuntu10.10_amd64.deb
Size/MD5: 88556 20c083d536a138cc44bfa460b93d1eb3
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-
8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 4030288 6384be605d8d3597b9d34be34fafaa03
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-
client-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 822908 055d780c681d443e7d31a0b36d7d5ed8
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-
contrib-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 406728 3230bf51c73075032ac03f65770ad976
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-
server-dev-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 630842 fb7866cb18076664c304d81e0b8cb021
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgre
sql-plperl-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 46686 f8834eb50b0298b2e09f44ce3dde5946
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgre
sql-plpython-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 39898 53066a883e73930773d282bf302e9fdb
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgre
sql-pltcl-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 37482 73ed6ddaf822a4fb9a5d4ad990e9adbb

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-com
pat3_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 10310 7c4f24a65407a0b9ff04e7d8b47b994a
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-dev
_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 226046 419eb5e75f5d6c7864fd0c0bef7d1afd
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg6_8.
4.5-0ubuntu10.10_i386.deb
Size/MD5: 32056 1319f823acea5395a7d85887486def9d
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpgtypes3
_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 48064 2e7044fcb4a110609eb22abaed4e72c8
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq-dev_8
.4.5-0ubuntu10.10_i386.deb
Size/MD5: 193026 80f3d8d52adb51ac873755fa28dd5bca
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq5_8.4.
5-0ubuntu10.10_i386.deb
Size/MD5: 83006 2fe4cf19bf4fab85621b09f397bf99a1
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-
8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 3883064 f1e96cb6c5338ef0c0d3ed565d02fba4
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-
client-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 776358 f2b56866bd98a688fa76504e4b36647b
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-
contrib-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 363476 21f6d13a2d2b7f7b8a2d9a1e53130684
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-
server-dev-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 633542 351ba2390d1ba28b8ff623cdf3839fd9
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgre
sql-plperl-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 45058 192433c49f49f994149c7b6e5624348b
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgre
sql-plpython-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 37484 e0af027de047269a78024c65d45396ef
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgre
sql-pltcl-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 36514 ed256af80099b8bd118dab3299ce0549

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.5
-0ubuntu10.10_powerpc.deb
Size/MD5: 10728 2038e12c84261eb4d5b4334e9b341163
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg-dev_8.4.5-0ub
untu10.10_powerpc.deb
Size/MD5: 241180 b55e26e2973cf5d7b359c382f3399dd7
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg6_8.4.5-0ubunt
u10.10_powerpc.deb
Size/MD5: 34290 0572b2444e501ec930a167a86722450b
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpgtypes3_8.4.5-0ub
untu10.10_powerpc.deb
Size/MD5: 51950 5ac477b5e3b958cbcd7402e6a5bcd9a6
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpq-dev_8.4.5-0ubun
tu10.10_powerpc.deb
Size/MD5: 199520 413218cd3db4eac23f69b3aa1ffb2dc3
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpq5_8.4.5-0ubuntu1
0.10_powerpc.deb
Size/MD5: 86118 99303c47040f76c0a759877668c3e41d
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-
0ubuntu10.10_powerpc.deb
Size/MD5: 4332980 ff598d1c98e57ae87d0a825869ea84af
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-client-8.4
_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 823870 c4dd1c0be504e1204d0bea21cd85d01b
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-contrib-8.
4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 390012 b678b43d6814d4aa625f6d9b6c232d30
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-server-dev
-8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 632088 d518262b6c78c1de5be3a21629b28456
http://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-plperl
-8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 45952 583c39e67e37c14a937e2a08655a96ae
http://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-plpyth
on-8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 39004 b70e2b185875c7cdcb14e3a361589c0e
http://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-pltcl-
8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 37188 66e750905a43b134ed13e79106412e52

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAABAgAGBQJMrhKBAAoJEGVp2FWnRL6T9JoP/Av4qx3zZUyiov/+WKk3LIm+
/5DhvvPhe6PzHsQVf2qfXxtsz0ZJ1k/sNoL+NbJkZz6hNq3dxOjOXt6oHlDyE/S9
GcVahlqEMVIgIk1wH8nCvbpfrNRm1CMi5kaEQ0up/YviIxMDdHjIG88X/i6TcW4m
YXBLRY7AtIlUagj9AIT25Xb8P/zKJqW4T2TWkg4y8BbGLcYXN03b0H9QgVbCLeJm
IotHGUfD80J22OGfe82kyx0r8rNLzeEv4CikzFrQbGlBNE9RV6y17AqNalqZ1liD
5xdaupEXFA3MhBCGF7X1JnaG5Rc8Jic6wi/d/Bew0oTF7WlKEtpyfIodtaPTI7VE
6qqRFBIXyyf/9ZCSASwCfLe796ClA0ApY1ylUWgZG8Z+cEvtQZfZcBcRqbNV599j
PA1l9jMij0LdGIvXmc/RooQnWj0CPawo5tVvGq6dCM0tfhtQfZipGupZfatAUAyD
qI0JCZHVkrBeX50mnfQpqKH7fdVvmqMRBi0zV3XkSB0kWpKiP3VZX8ChENt5TiTg
SKGCZzTrsHPSQLrB/L1ejl8zThYSS2a02AFF9wp8DRSxZ1OAa5yyS/vZaYm1wWoy
QaXlNEi773VOEHpWrbSgh/alpQ4hBbccpfB2Ybnm/b4WSFyQ1a4QbxKl5Fr/ZWls
8UCMtnkxnRnkiwLsda2J
=1lvA
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus