postgresql-8.1.22-1.1.0.1.AXS3
エラータID: AXSA:2010-459:02
リリース日:
2010/10/14 Thursday - 15:23
題名:
postgresql-8.1.22-1.1.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQL の PL/perl と PL/Tcl 実装は同じセッション内での他の SQL ユーザ ID でのスクリプトの実行を適切に保護しておらず, SECURITY DEFINER 関数で巧妙に細工されたスクリプトコードが実行されることによって, リモートの認証されたユーザが権限を得る脆弱性があります。
なお CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, CVE-2010-1447 とは異なる脆弱性です。(CVE-2010-3433)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2010-3433
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
追加情報:
N/A
ダウンロード:
SRPMS
- postgresql-8.1.22-1.1.0.1.AXS3.src.rpm
MD5: d3c870f2c1d88c6d4435901013ab486c
SHA-256: 3bbc6db0426ed439c7b69e030c35c3193b97f87b523476dd8385d29a676264fe
Size: 16.80 MB
Asianux Server 3 for x86
- postgresql-8.1.22-1.1.0.1.AXS3.i386.rpm
MD5: c543c020927752357f52c30e580153c0
SHA-256: 6949d1a0f15f996eba11a18a39ea46916d2bbd21cfc92e180785346c3260f96d
Size: 2.94 MB - postgresql-contrib-8.1.22-1.1.0.1.AXS3.i386.rpm
MD5: 87fd447e63d18f548e0d335622f67daf
SHA-256: 1c53aeef1fe28fde53d4f967d975da49fb88063f12f666aed895a4a16bbc2b13
Size: 455.04 kB - postgresql-devel-8.1.22-1.1.0.1.AXS3.i386.rpm
MD5: 190b8300a5fa8bb4ff0b430934d1b6f7
SHA-256: e345c490ab0daa8536f0893f8504e4d69e2b76947a75ba0441296ea2abbdb2ef
Size: 1.17 MB - postgresql-docs-8.1.22-1.1.0.1.AXS3.i386.rpm
MD5: 15d29b5f880f174b6d1f3bd745270007
SHA-256: 034093c2a85894c456c8b6ed9e1e461e3a5c1574cf5178519df546b2f9a07200
Size: 5.58 MB - postgresql-libs-8.1.22-1.1.0.1.AXS3.i386.rpm
MD5: 962bb6e50c416b802e7253c25df82319
SHA-256: 87f54c209e3dea958c6ac3104d58085c785a36c52604d27f27088dcd1943d580
Size: 200.64 kB - postgresql-pl-8.1.22-1.1.0.1.AXS3.i386.rpm
MD5: 49c180341c3537f3fae564262df41d77
SHA-256: faf67cfd4d347fe369e909885f93d457c6ad5b73c6858b5d353a5c5961a47bac
Size: 72.75 kB - postgresql-python-8.1.22-1.1.0.1.AXS3.i386.rpm
MD5: 85abe9293829f4654831536515f47174
SHA-256: 4733cb5bd75fc0164808363148eb8da63caedad25daa9e34b55205db08a2e03c
Size: 55.09 kB - postgresql-server-8.1.22-1.1.0.1.AXS3.i386.rpm
MD5: 0518a7f7c6d484256bebd9111f376b65
SHA-256: 2ef8bb9b6e5bcfaf008312b3beee69560175f9ae33f2e56a2d3c9d2a2ca69d36
Size: 3.93 MB - postgresql-tcl-8.1.22-1.1.0.1.AXS3.i386.rpm
MD5: 4321e73e2a5c7089ea87e29785d95928
SHA-256: c56b950fab13cc192ada6f52db627f8926d3f1f869e358be649cdeee2032a1bc
Size: 83.32 kB
Asianux Server 3 for x86_64
- postgresql-8.1.22-1.1.0.1.AXS3.x86_64.rpm
MD5: b7778185e3e5c9d7903dfd09598300e0
SHA-256: 4afcfb79c17531289ec6179b3acea923b0093be2d866a059621eae7040edc3c9
Size: 2.97 MB - postgresql-contrib-8.1.22-1.1.0.1.AXS3.x86_64.rpm
MD5: 8505404a2d56e162010b11740bedb89e
SHA-256: 12d5810c2f25b9c643019bdf55464e95eb2968f3e5cc23c9e7fe28b9901237fe
Size: 460.80 kB - postgresql-devel-8.1.22-1.1.0.1.AXS3.x86_64.rpm
MD5: 970d0a45785c7ce5638b964ae4e49ba7
SHA-256: 60ce0981222a01c04c1cb2baa86b52d1325e09888e9ecce009a20bcac6001b7a
Size: 1.21 MB - postgresql-docs-8.1.22-1.1.0.1.AXS3.x86_64.rpm
MD5: 5ecba96d404d87d20c7ba6d05cdef118
SHA-256: 9dfe1abe16ec7f1a5fbac8811c093133e619ca5a9a78cc423810f04c29f8095d
Size: 5.58 MB - postgresql-libs-8.1.22-1.1.0.1.AXS3.x86_64.rpm
MD5: 5a8fee0dc363327b005bbf4f80666488
SHA-256: 012ee012fdffecda4c795b5f53987fa32e0d7d611c860ca2b265f30b7ceb847a
Size: 200.38 kB - postgresql-pl-8.1.22-1.1.0.1.AXS3.x86_64.rpm
MD5: 0901865d133946624e11153daf1ea50a
SHA-256: 14c16630db8e076562eb016f2c8507192e0bd8d8af851bacd0d4ea977343ec89
Size: 74.98 kB - postgresql-python-8.1.22-1.1.0.1.AXS3.x86_64.rpm
MD5: af1e44189c99b6638357b053ea555087
SHA-256: f9605b474eed432af55b570bff058b75f6810ef289a5bda9bc101aa5214f18c7
Size: 56.55 kB - postgresql-server-8.1.22-1.1.0.1.AXS3.x86_64.rpm
MD5: 5570fba15e0cc62228207060b183e209
SHA-256: 959adc6cc3dd74d72401b579f07bc0a771ef6d356e7650913cd693ce72aa12db
Size: 3.98 MB - postgresql-tcl-8.1.22-1.1.0.1.AXS3.x86_64.rpm
MD5: 67835089b918530a04ad21ad61b2790c
SHA-256: 22f291ffcdc7d0dbc632786585bfa16a47e28797e4a85f0158fc0eab11f0e339
Size: 84.58 kB