From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1964-1 [email protected] http://www.debian.org/security/ Florian Weimer December 31, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : postgresql-7.4, postgresql-8.1, postgresql-8.3
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-4034 CVE-2009-4136

Several vulnerabilities have been discovered in PostgreSQL, a database
server. The Common Vulnerabilities and Exposures project identifies
the following problems:

It was discovered that PostgreSQL did not properly verify the Common
Name attribute in X.509 certificates, enabling attackers to bypass the (optional) TLS protection on client-server connections, by relying on
a certificate from a trusted CA which contains an embedded NUL byte in
the Common Name (CVE-2009-4034).

Authenticated database users could elevate their privileges by
creating specially-crafted index functions (CVE-2009-4136).

The following table shows fixed source package versions for the
respective distributions.

oldstable/etch stable/lenny testing/unstable
postgresql-7.4 7.4.27-0etch1
postgresql-8.1 8.1.19-0etch1
postgresql-8.3 8.3.9-0lenny1 8.3.9-1
postgresql-8.4 8.4.2-1

In addition to these security fixes, the updates contain reliability improvements and fix other defects.

We recommend that you upgrade your PostgreSQL packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1.diff.gz
Size/MD5 checksum: 40781 7e87c7dba806e8f17527ecd44f3b21ad
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19.orig.tar.gz
Size/MD5 checksum: 11535709 64185bcc279f0787017d89596ad519a0
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27.orig.tar.gz
Size/MD5 checksum: 10060890 ec501383ae38f79397c50ecf62e4eda5
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1.dsc
Size/MD5 checksum: 1179 9a2edb5a2dfe632748f7ad720c7c9ea2
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1.diff.gz
Size/MD5 checksum: 36672 7d7f09f39c682a1d618e3c1e82615410
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1.dsc
Size/MD5 checksum: 1134 b7487381adfbf4dbbf4972c66cbe6c85

Architecture independent packages:

http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-server-dev-7.4_7.4.27-0etch1_all.deb
Size/MD5 checksum: 531632 739cdd7ee12a7ebd4b8becceba7ff010
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.19-0etch1_all.deb
Size/MD5 checksum: 1521982 29989a9668481d64a22906e8a8cb39e6
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-doc-7.4_7.4.27-0etch1_all.deb
Size/MD5 checksum: 1193124 542a60916e16ac48b7b6651602c44891

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_alpha.deb
Size/MD5 checksum: 4502226 e2dfd3a9f3f2a5a75c79928365ab9909
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_alpha.deb
Size/MD5 checksum: 190990 89c0b64ed243f6700565d5bd9180b546
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_alpha.deb
Size/MD5 checksum: 208112 db08e4d3ec3fd6cf9004aaf27af768cc
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_alpha.deb
Size/MD5 checksum: 309566 d43ff3e642a9f5a8cf152c53e6eb0180
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_alpha.deb
Size/MD5 checksum: 3564690 161bb786e8346cd468f7e34d1ab58163
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_alpha.deb
Size/MD5 checksum: 408774 0808d56612830c11d0ec885f781e314c
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_alpha.deb
Size/MD5 checksum: 202052 c3e002b2147c915eb931c2ca3f1f1586
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_alpha.deb
Size/MD5 checksum: 130734 89c3fe836c139046efab77a24c40c863
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_alpha.deb
Size/MD5 checksum: 135176 3d0354c8d4a60861454aa1b4aea815bd
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_alpha.deb
Size/MD5 checksum: 636558 217e48ee927f9f6d04f15f090b749c33
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_alpha.deb
Size/MD5 checksum: 395264 365955de78195ae80bdb71fdfc6f7866
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_alpha.deb
Size/MD5 checksum: 201444 dcc95b6d02765eed0f62958ff07a816e
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_alpha.deb
Size/MD5 checksum: 642668 8024d7e71c4d0c6ceeb7fd24250f5d3d
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_alpha.deb
Size/MD5 checksum: 1178810 558adcd31507ecc690ab5898b6fc65f6
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_alpha.deb
Size/MD5 checksum: 1531260 ab0f570730af883785c645d8a8b3d341

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)