postgresql-8.1.18-2.1.1AXS3
エラータID: AXSA:2009-415:01
リリース日:
2009/10/22 Thursday - 13:37
題名:
postgresql-8.1.18-2.1.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQL には、エラーメッセージの変換処理に失敗することにより、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。(CVE-2009-0922)
- Postgresql には (1) RESET ROLE (2) RESET SESSION AUTHORIZATION 操作で適切な権限を使用していない問題があり、リモートの認証されたユーザが特権を得る脆弱性があります。(CVE-2009-3230)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-0922
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.
CVE-2009-3230
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
追加情報:
N/A
ダウンロード:
SRPMS
- postgresql-8.1.18-2.1.1AXS3.src.rpm
MD5: 65e09ad70980798b9437598c158865d2
SHA-256: 67360f35c64eb3280e1915866d632b30b04800465da8a410395c1280aa72a166
Size: 16.71 MB
Asianux Server 3 for x86
- postgresql-8.1.18-2.1.1AXS3.i386.rpm
MD5: a7236adf1ecd73ce085bbc6d3a2c0660
SHA-256: f01746aa3650a2b5347178d998d98958f9da83cce56df61fc51ff29a3080f599
Size: 2.90 MB - postgresql-contrib-8.1.18-2.1.1AXS3.i386.rpm
MD5: fe89946f9dd518f19fb672f287eb2962
SHA-256: a24d476e431f6f2d4d519082d587d08ad42ac4f562721046ce3332a30b726322
Size: 455.59 kB - postgresql-devel-8.1.18-2.1.1AXS3.i386.rpm
MD5: ee57813832ca8a33c1794c7516e0f1fe
SHA-256: b031ed1d7ba0da234f6182efc7654932f61863dad6056da9733a410ce64f1f71
Size: 1.17 MB - postgresql-docs-8.1.18-2.1.1AXS3.i386.rpm
MD5: 01f475930dba11a56dfd5e7116f02388
SHA-256: 780b5af209acdbd4fe0cfc19d1496db8b50036e67a821b228bfcb823b2d8954e
Size: 5.58 MB - postgresql-libs-8.1.18-2.1.1AXS3.i386.rpm
MD5: bb7821e32486038e7a3e0281ee0bb240
SHA-256: 137eae0bfb9ffdcb256a93378c1b2a06ae7c6ca817261838b742e95829f00996
Size: 200.87 kB - postgresql-pl-8.1.18-2.1.1AXS3.i386.rpm
MD5: 328dd122b988f004349f59af705b4554
SHA-256: 3cdf894ef09c107609b70a60f97e88dc0891412cba16117c7f00e03177ec1203
Size: 69.67 kB - postgresql-python-8.1.18-2.1.1AXS3.i386.rpm
MD5: 1e3c5e7cc476f479dbc5e0e5e24e1667
SHA-256: 6fcb285d07db79d90feec9602a98b15e5bc6d3aa4622b2031f35ce3ed7bfa970
Size: 54.59 kB - postgresql-server-8.1.18-2.1.1AXS3.i386.rpm
MD5: 2e32dc8f7a1eedd38d6174c01a0ca37b
SHA-256: 2194bd55f0a2d473b985929cc65dbf924f9fe24774f5e2e53121ba013b04db2b
Size: 3.92 MB - postgresql-tcl-8.1.18-2.1.1AXS3.i386.rpm
MD5: c1e3798ee5c7a38a6e460fc4f3fe1124
SHA-256: e68e6dd46d48954c8ccf1988116f2f6215943c0ef41175f992210f57d08cac1a
Size: 82.82 kB
Asianux Server 3 for x86_64
- postgresql-8.1.18-2.1.1AXS3.x86_64.rpm
MD5: dde886497afd1a38beb52c5e630f86e5
SHA-256: d85c16e0a986d1215d127e0ddb1ce9fa1d30da38fc316f48878b8545da8afe7a
Size: 2.93 MB - postgresql-contrib-8.1.18-2.1.1AXS3.x86_64.rpm
MD5: 85e2bbabeffac60dfe0c1b20054517f3
SHA-256: de951c6097809d71a442fe3c584f126e3d1279dd2dae134be210851557942b3e
Size: 461.57 kB - postgresql-devel-8.1.18-2.1.1AXS3.x86_64.rpm
MD5: 9cd5272915608478123ecfa67000689c
SHA-256: 6eb299e5cb8b250339c872485b7b0ddd079a5af29db9fd07ce0777c96e0efc9b
Size: 1.21 MB - postgresql-docs-8.1.18-2.1.1AXS3.x86_64.rpm
MD5: 20af30c476c2ed1d9a8594df6f1e8fa2
SHA-256: a9716d353ea9ef486f3d1821d08d302a2f8003c18f1f52744050ffd519006a3c
Size: 5.58 MB - postgresql-libs-8.1.18-2.1.1AXS3.x86_64.rpm
MD5: b2dfb1d4fd84b0755a6c3f16e467412a
SHA-256: 36f160665ddf0e858a95e84ab66b821b86dfa4378b8cc6d20b7d256391fa7e5c
Size: 200.71 kB - postgresql-pl-8.1.18-2.1.1AXS3.x86_64.rpm
MD5: cd26451462ebfaa125fa90b3a98fee29
SHA-256: 647d5ee7a54a9560c3dabfabe33cd5aebd1142912dce952a2c1168234d6b69ef
Size: 71.87 kB - postgresql-python-8.1.18-2.1.1AXS3.x86_64.rpm
MD5: f8f4262d06e1b9174f9af142391e4d0d
SHA-256: b2a1a3ba95803ef77c5df997eaa4f6067dfebe2fafdc170648c151b194507a94
Size: 56.05 kB - postgresql-server-8.1.18-2.1.1AXS3.x86_64.rpm
MD5: 0d5357b432ade711bc6dffea2d42a8a9
SHA-256: ae25be23d8304f19671f559f98903473bdb700f163424f05461284c5beba8123
Size: 3.98 MB - postgresql-tcl-8.1.18-2.1.1AXS3.x86_64.rpm
MD5: 7eb925dac064ca5ae929e6762cc5e3e1
SHA-256: 8352c87716a71a23e3a99297ad72ad61fc8a7a5fd0bf62221bedac62de7faf85
Size: 84.08 kB