From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-2051-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff
May 24, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : postgresql-8.3
Vulnerability : several
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2010-0442 CVE-2010-1169 CVE-2010-1170 CVE-2010-1975
Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2010-1169
Tim Bunce discovered that the implementation of the procedural
language PL/Perl insufficiently restricts the subset of allowed
code, which allows authenticated users the execution of arbitrary
Perl code.
CVE-2010-1170
Tom Lane discovered that the implementation of the procedural
language PL/Tcl insufficiently restricts the subset of allowed
code, which allows authenticated users the execution of arbitrary
Tcl code.
CVE-2010-1975
It was discovered that an unprivileged user could reset
superuser-only parameter settings.
For the stable distribution (lenny), these problems have been fixed in
version 8.3.11-0lenny1. This update also introduces a fix for
CVE-2010-0442, which was originally scheduled for the next Lenny point
update.
For the unstable distribution (sid), these problems have been fixed in
version 8.4.4-1 of postgresql-8.4.
We recommend that you upgrade your postgresql-8.3 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11.orig.tar.gz
Size/MD5 checksum: 13913683 02472af037929fe30405d1497f07421d
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1.diff.gz
Size/MD5 checksum: 50334 717569100b751cfc3c18ca82b70fd0f4
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1.dsc
Size/MD5 checksum: 1673 725fcd67e1b92cc9bd9f78c9aefa1d83
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql_8.3.11-0lenny1_all.deb
Size/MD5 checksum: 263636 9dd154ff43d8dd67cbc9e92a91156362
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client_8.3.11-0lenny1_all.deb
Size/MD5 checksum: 263608 ef90b5f536cff943601e3b12f42f18c7
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib_8.3.11-0lenny1_all.deb
Size/MD5 checksum: 263506 f5c5e8f917b6275b9a25d5c4abf5a1f7
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.11-0lenny1_all.deb
Size/MD5 checksum: 2194706 0cf86f435601423485565bc69e53c837
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc_8.3.11-0lenny1_all.deb
Size/MD5 checksum: 263450 1605ce58c660805db2cf8856ec416d2d
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_alpha.deb
Size/MD5 checksum: 833060 cf22e01a9227a279be3d5338328d9f4e
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_alpha.deb
Size/MD5 checksum: 485598 ba9abe30da3eac9f42e927314c010633
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_alpha.deb
Size/MD5 checksum: 292830 fc0a66d65d86b50de0f1fa9dc1964e6b
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_alpha.deb
Size/MD5 checksum: 282624 839273128e95d0687daaf569abcef024
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_alpha.deb
Size/MD5 checksum: 292710 906574dc9d5dc2b64e5bcb4b2f81d841
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_alpha.deb
Size/MD5 checksum: 292084 315ceae207f68f94b2afcf48c618de7c
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_alpha.deb
Size/MD5 checksum: 629712 1f67c09851d817774a381d97bc7e090a
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_alpha.deb
Size/MD5 checksum: 1711018 5849a68db84cebb4b844912009b2a0df
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_alpha.deb
Size/MD5 checksum: 271898 a0d1c8b15ad1363a64535d3e92dee535
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_alpha.deb
Size/MD5 checksum: 283656 660d866b958c59aa543796bd1b2dc06b
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_alpha.deb
Size/MD5 checksum: 5279124 00d62d1c50ceb8563bc24f5388e6618a
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_alpha.deb
Size/MD5 checksum: 488256 20ae4d402afc3e1be9738bc62c8ea4d2
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_alpha.deb
Size/MD5 checksum: 400546 26b31f133f90081bfaac9a1642f3a100
amd64 architecture (AMD x86_64 (AMD64))
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)