postgresql-8.4.12-1.0.1.AXS4

エラータID: AXSA:2012-661:02

Release date: 
Monday, August 13, 2012 - 19:06
Subject: 
postgresql-8.4.12-1.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the docs in HTML for the whole package, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server.

If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package.

Security issues fixed with this release:

• CVE-2012-0866
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.

• CVE-2012-0867
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

• CVE-2012-0868
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.

Solution: 

Update packages.

CVEs: 
CVE-2012-0866
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.
CVE-2012-0867
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
CVE-2012-0868
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.




Additional Info: 

N/A

Download: 

SRPMS
  1. postgresql-8.4.12-1.0.1.AXS4.src.rpm
    MD5: d0bdd58cf2a83fa67c92fe6eac7689f8
    SHA-256: e2c1acefeda2c0759299bd21f94e7df0d529c6f0d8453998cf819dea1e4cbf89
    Size: 20.35 MB

Asianux Server 4 for x86
  1. postgresql-8.4.12-1.0.1.AXS4.i686.rpm
    MD5: e578ec21551573694e6b70ff5b28ec2c
    SHA-256: 7e60de49927f47affe58aaab0a9ea06c18b915e6461318206a6f5f000287da4c
    Size: 2.73 MB
  2. postgresql-contrib-8.4.12-1.0.1.AXS4.i686.rpm
    MD5: 9ef29f546c12b766242f114135cdcd48
    SHA-256: 2bac9d6c26dd824e5244dd2e50dc2317da9857235a0ba65b134aa54558af3e37
    Size: 346.97 kB
  3. postgresql-devel-8.4.12-1.0.1.AXS4.i686.rpm
    MD5: c6dcb08379186b6270b0b16425fb05f7
    SHA-256: a05ed1fa0786f93a7210788d4e99ef640d15f92e569475ce8c5e857369749b1e
    Size: 803.59 kB
  4. postgresql-docs-8.4.12-1.0.1.AXS4.i686.rpm
    MD5: fbf72963118a11ea503ac391a138ca59
    SHA-256: 0100c27281d91a4ebcf618012d6990020564a8bb3b536e6310afe09f7cc389c1
    Size: 6.09 MB
  5. postgresql-libs-8.4.12-1.0.1.AXS4.i686.rpm
    MD5: c098d4e55c3dce829c51c83f7af53d91
    SHA-256: d2fa6effd19fcbfa6aaeb863e5e0e12492c022f1fc9aa8b182b988e0186fbfbc
    Size: 201.74 kB
  6. postgresql-plperl-8.4.12-1.0.1.AXS4.i686.rpm
    MD5: d1f9ad8c90a17c0841aba24c86dbc2c8
    SHA-256: d3840cdff0b6dac632180124da77dc709b9a2180a4294c365ab437cbf593aa8c
    Size: 54.19 kB
  7. postgresql-plpython-8.4.12-1.0.1.AXS4.i686.rpm
    MD5: b5f1b6538a4559f0763044a1f031c3bd
    SHA-256: b6485ea93ae3e1f1ab8cba58bf6e7203ae5e8954deb3172370fc42fa8b964b49
    Size: 54.49 kB
  8. postgresql-pltcl-8.4.12-1.0.1.AXS4.i686.rpm
    MD5: 61afb24a3d00a14e42e4e56a8debfadc
    SHA-256: 71ab9a8a269d4c33f797b1cc8bb82444a08b8c34ec85260a4fe70d09ee1f9e5a
    Size: 43.96 kB
  9. postgresql-server-8.4.12-1.0.1.AXS4.i686.rpm
    MD5: b27678eda16d7c71b930f382488a3e63
    SHA-256: 881f1d832cf5c0550a69352bf34ef686438c556588427ab4541d77acadb109e8
    Size: 3.30 MB
  10. postgresql-test-8.4.12-1.0.1.AXS4.i686.rpm
    MD5: 3962fa1b8f87abd1e56210f3cc40871c
    SHA-256: 7b8bcc767e719ba9f316e357e9e4ecb9c762605fe9ef7762cc4d7f03ecb96716
    Size: 1.10 MB

Asianux Server 4 for x86_64
  1. postgresql-8.4.12-1.0.1.AXS4.x86_64.rpm
    MD5: 984199e8fb4c45b7b59ac4a2fa6605cd
    SHA-256: 0695c0880363373a5f3ce7201ee82d4f94193f558209bae28ea7a417e5f9d3af
    Size: 2.73 MB
  2. postgresql-contrib-8.4.12-1.0.1.AXS4.x86_64.rpm
    MD5: 0ac28920e4064f9ba55203f49f1435dd
    SHA-256: 5235361cb22a5fb3944a159030597b2bab74170f93618a72dfc9e22cefd73557
    Size: 351.32 kB
  3. postgresql-devel-8.4.12-1.0.1.AXS4.x86_64.rpm
    MD5: 2e482fe272738933d3696ce44f763417
    SHA-256: bcf927426d940ef9380668fae3a7c11e17567b22bb21ba59edabe92af32bd786
    Size: 808.23 kB
  4. postgresql-docs-8.4.12-1.0.1.AXS4.x86_64.rpm
    MD5: adb5ebf7bf73a750db3cc7ce278c0d9e
    SHA-256: 7e3bbe94ec7559dada102947907dacd615063ea4e74aed6aa41bf68468b0ae79
    Size: 6.09 MB
  5. postgresql-libs-8.4.12-1.0.1.AXS4.x86_64.rpm
    MD5: 6463f2f4280db479357541fa61807e94
    SHA-256: f9a4996fb25fe235b156a5f01111ad7759d4b0a284344405e0ab4c14ef9d9faf
    Size: 197.80 kB
  6. postgresql-plperl-8.4.12-1.0.1.AXS4.x86_64.rpm
    MD5: c4489e30cb27a804dbea5710a37946ae
    SHA-256: f4abee31e45352ed5af104b217c279115e96b37fc3e123b78bceaeedc08d8020
    Size: 54.02 kB
  7. postgresql-plpython-8.4.12-1.0.1.AXS4.x86_64.rpm
    MD5: 37d2761aecda80b303ef6e6192668adc
    SHA-256: b8a5b1887a46b17661f963620d3cd35dcbf57be5b1d494acba29221a772a3de9
    Size: 55.22 kB
  8. postgresql-pltcl-8.4.12-1.0.1.AXS4.x86_64.rpm
    MD5: 0acb9c4802a6bd29b57068f2f7716198
    SHA-256: 5558f21c06183f780f3728510fcda70a4804cc10937500cd30dd707f29fa80a3
    Size: 43.71 kB
  9. postgresql-server-8.4.12-1.0.1.AXS4.x86_64.rpm
    MD5: c7be9c353108682b4b0ca60afe81e642
    SHA-256: 22c2ffa51476cfd807fad74a5001b9e1c5aee26298e8004033d6467d05dfc551
    Size: 3.34 MB
  10. postgresql-test-8.4.12-1.0.1.AXS4.x86_64.rpm
    MD5: 00c453f05da6a36af53202936e801208
    SHA-256: cc26065c2c6c46a085fee7a8eef14cf2c15994360d7c540ecea7558a176aa3c6
    Size: 1.10 MB
  11. postgresql-8.4.12-1.0.1.AXS4.i686.rpm
    MD5: e578ec21551573694e6b70ff5b28ec2c
    SHA-256: 7e60de49927f47affe58aaab0a9ea06c18b915e6461318206a6f5f000287da4c
    Size: 2.73 MB
  12. postgresql-devel-8.4.12-1.0.1.AXS4.i686.rpm
    MD5: c6dcb08379186b6270b0b16425fb05f7
    SHA-256: a05ed1fa0786f93a7210788d4e99ef640d15f92e569475ce8c5e857369749b1e
    Size: 803.59 kB
  13. postgresql-libs-8.4.12-1.0.1.AXS4.i686.rpm
    MD5: c098d4e55c3dce829c51c83f7af53d91
    SHA-256: d2fa6effd19fcbfa6aaeb863e5e0e12492c022f1fc9aa8b182b988e0186fbfbc
    Size: 201.74 kB