what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2013-012

Mandriva Linux Security Advisory 2013-012
Posted Feb 15, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-012 - PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-0255
SHA-256 | 5e7b763b923fbc657bfb299e3e938c6d69a17a32d35606eafad3c063c4ed763c

Mandriva Linux Security Advisory 2013-012

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:012
http://www.mandriva.com/security/
_______________________________________________________________________

Package : postgresql
Date : February 15, 2013
Affected: 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been discovered and corrected in postgresql:

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12,
8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare
the enum_recv function in backend/utils/adt/enum.c, which causes it to
be invoked with incorrect arguments and allows remote authenticated
users to cause a denial of service (server crash) or read sensitive
process memory via a crafted SQL command, which triggers an array
index error and an out-of-bounds read (CVE-2013-0255).

This advisory provides the latest versions of PostgreSQL that is not
vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255
http://www.postgresql.org/docs/8.3/static/release-8-3-23.html
http://www.postgresql.org/docs/9.0/static/release-9-0-12.html
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2011:
e9506dea9a59005668b046e7c3c6d968 2011/i586/libecpg9.0_6-9.0.12-0.1-mdv2011.0.i586.rpm
1c4d6b43ff4540bf4e9cd9fcb23ad824 2011/i586/libpq9.0_5-9.0.12-0.1-mdv2011.0.i586.rpm
2b608e6cc6bfc0d784d4f6a3fd85957f 2011/i586/postgresql9.0-9.0.12-0.1-mdv2011.0.i586.rpm
8fcb75ea83b5bdb62c10e8a4453cfb89 2011/i586/postgresql9.0-contrib-9.0.12-0.1-mdv2011.0.i586.rpm
9e4bc0f9b22e0cf75db12042aa0dceb0 2011/i586/postgresql9.0-devel-9.0.12-0.1-mdv2011.0.i586.rpm
61cbfe086e73750a4c22a6dcc29da48f 2011/i586/postgresql9.0-docs-9.0.12-0.1-mdv2011.0.i586.rpm
17a11d0af51d26b2dffe0ea532998c82 2011/i586/postgresql9.0-pl-9.0.12-0.1-mdv2011.0.i586.rpm
f5e09c159529185531ab3703471dd716 2011/i586/postgresql9.0-plperl-9.0.12-0.1-mdv2011.0.i586.rpm
385989a88a2148262c9c49024881172c 2011/i586/postgresql9.0-plpgsql-9.0.12-0.1-mdv2011.0.i586.rpm
f16eb4df34dd76b8884ac5f0c9544f8d 2011/i586/postgresql9.0-plpython-9.0.12-0.1-mdv2011.0.i586.rpm
879576e48d24429a442cc85c003df9da 2011/i586/postgresql9.0-pltcl-9.0.12-0.1-mdv2011.0.i586.rpm
e993961bf136ed48f01afa28e96ddcd4 2011/i586/postgresql9.0-server-9.0.12-0.1-mdv2011.0.i586.rpm
b9ef06eaa866a89f10ce2e024abf918d 2011/SRPMS/postgresql9.0-9.0.12-0.1.src.rpm

Mandriva Linux 2011/X86_64:
ca0af0581b132c4691a32ac0bb47fd0d 2011/x86_64/lib64ecpg9.0_6-9.0.12-0.1-mdv2011.0.x86_64.rpm
be2b6313b2033cefc7968bae266f3d4e 2011/x86_64/lib64pq9.0_5-9.0.12-0.1-mdv2011.0.x86_64.rpm
79e5ae78046382652d74f8bce6cdcf16 2011/x86_64/postgresql9.0-9.0.12-0.1-mdv2011.0.x86_64.rpm
d723b8db972c8504d6605a16b6055599 2011/x86_64/postgresql9.0-contrib-9.0.12-0.1-mdv2011.0.x86_64.rpm
f40e55d14e94f8a891a42903da88ef6c 2011/x86_64/postgresql9.0-devel-9.0.12-0.1-mdv2011.0.x86_64.rpm
6f90705211bea4469e5c77c3d58b931e 2011/x86_64/postgresql9.0-docs-9.0.12-0.1-mdv2011.0.x86_64.rpm
22da99fcfe271c77dea055339a1d3aa7 2011/x86_64/postgresql9.0-pl-9.0.12-0.1-mdv2011.0.x86_64.rpm
2528326a3d1dfa634da7550423e5861d 2011/x86_64/postgresql9.0-plperl-9.0.12-0.1-mdv2011.0.x86_64.rpm
63e22a5bdb299e69f24ece9a4d71db97 2011/x86_64/postgresql9.0-plpgsql-9.0.12-0.1-mdv2011.0.x86_64.rpm
89b11a80ea205b87367ad32a592a963b 2011/x86_64/postgresql9.0-plpython-9.0.12-0.1-mdv2011.0.x86_64.rpm
fbee7bc2f1294375556c3103f1d2f323 2011/x86_64/postgresql9.0-pltcl-9.0.12-0.1-mdv2011.0.x86_64.rpm
e012bbda94bccb33ff07fdebcc3ac2b9 2011/x86_64/postgresql9.0-server-9.0.12-0.1-mdv2011.0.x86_64.rpm
b9ef06eaa866a89f10ce2e024abf918d 2011/SRPMS/postgresql9.0-9.0.12-0.1.src.rpm

Mandriva Enterprise Server 5:
0d0ae7925e9cb4592010ab8313967a5b mes5/i586/libecpg8.3_6-8.3.23-0.1mdvmes5.2.i586.rpm
11721dc056dfbf642629add846786cab mes5/i586/libpq8.3_5-8.3.23-0.1mdvmes5.2.i586.rpm
a0d000548a79ca36d012a7a7f6ad384f mes5/i586/postgresql8.3-8.3.23-0.1mdvmes5.2.i586.rpm
2c4b3c6d59580f3b77ffc2d7f8148b6c mes5/i586/postgresql8.3-contrib-8.3.23-0.1mdvmes5.2.i586.rpm
de2bb7047ff7efac2a1d9d2e193fbb93 mes5/i586/postgresql8.3-devel-8.3.23-0.1mdvmes5.2.i586.rpm
8810231bfd92b3a0382257b4e9eb28ce mes5/i586/postgresql8.3-docs-8.3.23-0.1mdvmes5.2.i586.rpm
3ec9f82ed5b6abce6ce8dce6de5f0520 mes5/i586/postgresql8.3-pl-8.3.23-0.1mdvmes5.2.i586.rpm
2eb29d15970865abd9d2c1bd4921ecc5 mes5/i586/postgresql8.3-plperl-8.3.23-0.1mdvmes5.2.i586.rpm
ac22abd2cbbf8da7e328c0d2b3c9b172 mes5/i586/postgresql8.3-plpgsql-8.3.23-0.1mdvmes5.2.i586.rpm
ddb37f2e2b8c45eb4babc54a10a51aa2 mes5/i586/postgresql8.3-plpython-8.3.23-0.1mdvmes5.2.i586.rpm
bd46f094a102f2f5fbdddf8983adc7b7 mes5/i586/postgresql8.3-pltcl-8.3.23-0.1mdvmes5.2.i586.rpm
afff75170750ad5d4d4d7d653f3aa9fd mes5/i586/postgresql8.3-server-8.3.23-0.1mdvmes5.2.i586.rpm
f7f7ba7bc6e6de514280ed87dd25fb33 mes5/SRPMS/postgresql8.3-8.3.23-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
9ad2ad9c6b5ef758f8be28759f77284f mes5/x86_64/lib64ecpg8.3_6-8.3.23-0.1mdvmes5.2.x86_64.rpm
e9e0bc69eb089860410c9022b145287e mes5/x86_64/lib64pq8.3_5-8.3.23-0.1mdvmes5.2.x86_64.rpm
7f8a87531adf93e9aca1ad05e600c7ee mes5/x86_64/postgresql8.3-8.3.23-0.1mdvmes5.2.x86_64.rpm
020840745639ac403d05032b4d30e517 mes5/x86_64/postgresql8.3-contrib-8.3.23-0.1mdvmes5.2.x86_64.rpm
5c52b266413eccb8506c20cbdb15acd0 mes5/x86_64/postgresql8.3-devel-8.3.23-0.1mdvmes5.2.x86_64.rpm
131bfa3a306b757513facfc4c2e6be54 mes5/x86_64/postgresql8.3-docs-8.3.23-0.1mdvmes5.2.x86_64.rpm
d41254775b0aa0f005b89ed4a53226bc mes5/x86_64/postgresql8.3-pl-8.3.23-0.1mdvmes5.2.x86_64.rpm
e6bf627454d9fa729f96c1f10514b371 mes5/x86_64/postgresql8.3-plperl-8.3.23-0.1mdvmes5.2.x86_64.rpm
5e348fcaed39416e70787b5784d9fa92 mes5/x86_64/postgresql8.3-plpgsql-8.3.23-0.1mdvmes5.2.x86_64.rpm
f6a506888404e022274e87501819c7c7 mes5/x86_64/postgresql8.3-plpython-8.3.23-0.1mdvmes5.2.x86_64.rpm
5f6492800978d59a991ca17fe32d24a1 mes5/x86_64/postgresql8.3-pltcl-8.3.23-0.1mdvmes5.2.x86_64.rpm
1e38fc1af606117aaced611e789eafb9 mes5/x86_64/postgresql8.3-server-8.3.23-0.1mdvmes5.2.x86_64.rpm
f7f7ba7bc6e6de514280ed87dd25fb33 mes5/SRPMS/postgresql8.3-8.3.23-0.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFRHj6ZmqjQ0CJFipgRApCZAJ4+Maek8G1FbQdIM1f00kcd6pRWVwCgh8Rq
3EonFrrA6WenmuKsmOOQxdI=
=Egth
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close