Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1900-1] New PostgreSQL packages fix various problems (1

From Florian Weimer@1:229/2 to All on Fri Oct 2 21:20:07 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1900-1 [email protected] http://www.debian.org/security/ Florian Weimer
October 02, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4 Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-3229 CVE-2009-3230 CVE-2009-3231

Several vulnerabilities have been discovered in PostgreSQL, an SQL
database system. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2009-3229

Authenticated users can shut down the backend server by re-LOAD-ing
libraries in $libdir/plugins, if any libraries are present there.
(The old stable distribution (etch) is not affected by this issue.)

CVE-2009-3230

Authenticated non-superusers can gain database superuser privileges if
they can create functions and tables due to incorrect execution of
functions in functional indexes.

CVE-2009-3231

If PostgreSQL is configured with LDAP authentication, and the LDAP configuration allows anonymous binds, it is possible for a user to
authenticate themselves with an empty password. (The old stable
distribution (etch) is not affected by this issue.)

In addition, this update contains reliability improvements which do
not target security issues.

For the old stable distribution (etch), these problems have been fixed
in version 7.4.26-0etch1 of the postgresql-7.4 source package, and
version 8.1.18-0etch1 of the postgresql-8.1 source package.

For the stable distribution (lenny), these problems have been fixed in
version 8.3.8-0lenny1 of the postgresql-8.3 source package.

For the unstable distribution (sid), these problems have been fixed in
version 8.3.8-1 of the postgresql-8.3 source package, and version
8.4.1-1 of the postgresql-8.4 source package.

We recommend that you upgrade your PostgreSQL packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.26-0etch1.dsc
Size/MD5 checksum: 1134 0c5ec3d8c4af34cf555a3206ac8410f9
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0etch1.diff.gz
Size/MD5 checksum: 40114 e1aa8128f80b1437f296c6e0a0772c9c
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.26-0etch1.diff.gz
Size/MD5 checksum: 36185 adb9c4e73892f87981641ce2649c04f4
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0etch1.dsc
Size/MD5 checksum: 1179 5c24c7277756756a8da4756523032bca
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18.orig.tar.gz
Size/MD5 checksum: 11515037 34911f0a3e8ef5d1bd46f67cf96692fb
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.26.orig.tar.gz
Size/MD5 checksum: 10052172 fd007d094fdc8ac0ea850c7a38ae1c21

Architecture independent packages:

http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-server-dev-7.4_7.4.26-0etch1_all.deb
Size/MD5 checksum: 530802 2883dbdc70ad88eaebc064af9ba2f5d9
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.18-0etch1_all.deb
Size/MD5 checksum: 1514890 bf0d556c38afc0c87da2ac16579be0a8
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-doc-7.4_7.4.26-0etch1_all.deb
Size/MD5 checksum: 1190930 b19cd49dca6d612da83a2e734c54ba66

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.26-0etch1_alpha.deb
Size/MD5 checksum: 641986 ea28011b561feb0c9538a4f1339d968e
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.26-0etch1_alpha.deb
Size/MD5 checksum: 129692 6bd567dc8fbb10e5468556909b2b2969
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.18-0etch1_alpha.deb
Size/MD5 checksum: 304662 40fb809d990925087642326ba8464ff8
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0etch1_alpha.deb
Size/MD5 checksum: 4505554 811fd44ebba518563bb216f82dac703e
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.18-0etch1_alpha.deb
Size/MD5 checksum: 393434 3a5d80a781f4581fa5875576ad5b0f22
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0etch1_alpha.deb
Size/MD5 checksum: 198580 39acf52627f293699f61616e254939ea
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.18-0etch1_alpha.deb
Size/MD5 checksum: 211260 036c6f2f27942238e22a43f2176e7bd0
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0etch1_alpha.deb
Size/MD5 checksum: 188474 3d49b1b9305b5fe5e0f01adeec234ca5
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0etch1_alpha.deb
Size/MD5 checksum: 205186 e6379ede607185457848b87c61ec8a57
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0etch1_alpha.deb
Size/MD5 checksum: 690404 ab7312df0861f348dd41406383f45c31
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.18-0etch1_alpha.deb
Size/MD5 checksum: 406760 4d0cb024dee5028e8eb6c0fae199f7c4
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.26-0etch1_alpha.deb
Size/MD5 checksum: 133050 e0da7f304a1687b2355a3a29b310e028
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.18-0etch1_alpha.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet
- Michal Wronka
  Thu Jun 4 23:19:58 2026
  from Wroclaw, Poland via Telnet
- Michal Wronka
  Thu Jun 4 23:17:20 2026
  from Wroclaw, Poland via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	145:08:35
Calls:	12,089
Calls today:	2
Files:	15,000
Messages:	6,517,496

[SECURITY] [DSA 1900-1] New PostgreSQL packages fix various problems (1

Who's Online

Recent Visitors

System Info