postgresql-8.4.12-1.0.1.AXS4
エラータID: AXSA:2012-661:02
リリース日:
2012/08/13 Monday - 19:06
題名:
postgresql-8.4.12-1.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PHP, PostgreSQL, その他の製品で使用されている crypt_des 関数にはパスワードが 0x80 キャラクタを含んでいる場合,完全なクリアテキストのパスワードを処理せずに,意図したパスワードの最初の部分文字列で認証を試みることによって,攻撃者がアクセスしやすくなる脆弱性があります。(CVE-2012-2143)
- PostgreSQL は, (1) SECURITY DEFINER あるいは (2) SET 属性を手続き型言語のコールハンドラに追加することによって,リモートの認証されたユーザがサービス拒否 (サーバのクラッシュ) を引き起こす脆弱性があります。(CVE-2012-2655)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2012-0866
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.
CVE-2012-0867
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
CVE-2012-0868
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
追加情報:
N/A
ダウンロード:
SRPMS
- postgresql-8.4.12-1.0.1.AXS4.src.rpm
MD5: d0bdd58cf2a83fa67c92fe6eac7689f8
SHA-256: e2c1acefeda2c0759299bd21f94e7df0d529c6f0d8453998cf819dea1e4cbf89
Size: 20.35 MB
Asianux Server 4 for x86
- postgresql-8.4.12-1.0.1.AXS4.i686.rpm
MD5: e578ec21551573694e6b70ff5b28ec2c
SHA-256: 7e60de49927f47affe58aaab0a9ea06c18b915e6461318206a6f5f000287da4c
Size: 2.73 MB - postgresql-contrib-8.4.12-1.0.1.AXS4.i686.rpm
MD5: 9ef29f546c12b766242f114135cdcd48
SHA-256: 2bac9d6c26dd824e5244dd2e50dc2317da9857235a0ba65b134aa54558af3e37
Size: 346.97 kB - postgresql-devel-8.4.12-1.0.1.AXS4.i686.rpm
MD5: c6dcb08379186b6270b0b16425fb05f7
SHA-256: a05ed1fa0786f93a7210788d4e99ef640d15f92e569475ce8c5e857369749b1e
Size: 803.59 kB - postgresql-docs-8.4.12-1.0.1.AXS4.i686.rpm
MD5: fbf72963118a11ea503ac391a138ca59
SHA-256: 0100c27281d91a4ebcf618012d6990020564a8bb3b536e6310afe09f7cc389c1
Size: 6.09 MB - postgresql-libs-8.4.12-1.0.1.AXS4.i686.rpm
MD5: c098d4e55c3dce829c51c83f7af53d91
SHA-256: d2fa6effd19fcbfa6aaeb863e5e0e12492c022f1fc9aa8b182b988e0186fbfbc
Size: 201.74 kB - postgresql-plperl-8.4.12-1.0.1.AXS4.i686.rpm
MD5: d1f9ad8c90a17c0841aba24c86dbc2c8
SHA-256: d3840cdff0b6dac632180124da77dc709b9a2180a4294c365ab437cbf593aa8c
Size: 54.19 kB - postgresql-plpython-8.4.12-1.0.1.AXS4.i686.rpm
MD5: b5f1b6538a4559f0763044a1f031c3bd
SHA-256: b6485ea93ae3e1f1ab8cba58bf6e7203ae5e8954deb3172370fc42fa8b964b49
Size: 54.49 kB - postgresql-pltcl-8.4.12-1.0.1.AXS4.i686.rpm
MD5: 61afb24a3d00a14e42e4e56a8debfadc
SHA-256: 71ab9a8a269d4c33f797b1cc8bb82444a08b8c34ec85260a4fe70d09ee1f9e5a
Size: 43.96 kB - postgresql-server-8.4.12-1.0.1.AXS4.i686.rpm
MD5: b27678eda16d7c71b930f382488a3e63
SHA-256: 881f1d832cf5c0550a69352bf34ef686438c556588427ab4541d77acadb109e8
Size: 3.30 MB - postgresql-test-8.4.12-1.0.1.AXS4.i686.rpm
MD5: 3962fa1b8f87abd1e56210f3cc40871c
SHA-256: 7b8bcc767e719ba9f316e357e9e4ecb9c762605fe9ef7762cc4d7f03ecb96716
Size: 1.10 MB
Asianux Server 4 for x86_64
- postgresql-8.4.12-1.0.1.AXS4.x86_64.rpm
MD5: 984199e8fb4c45b7b59ac4a2fa6605cd
SHA-256: 0695c0880363373a5f3ce7201ee82d4f94193f558209bae28ea7a417e5f9d3af
Size: 2.73 MB - postgresql-contrib-8.4.12-1.0.1.AXS4.x86_64.rpm
MD5: 0ac28920e4064f9ba55203f49f1435dd
SHA-256: 5235361cb22a5fb3944a159030597b2bab74170f93618a72dfc9e22cefd73557
Size: 351.32 kB - postgresql-devel-8.4.12-1.0.1.AXS4.x86_64.rpm
MD5: 2e482fe272738933d3696ce44f763417
SHA-256: bcf927426d940ef9380668fae3a7c11e17567b22bb21ba59edabe92af32bd786
Size: 808.23 kB - postgresql-docs-8.4.12-1.0.1.AXS4.x86_64.rpm
MD5: adb5ebf7bf73a750db3cc7ce278c0d9e
SHA-256: 7e3bbe94ec7559dada102947907dacd615063ea4e74aed6aa41bf68468b0ae79
Size: 6.09 MB - postgresql-libs-8.4.12-1.0.1.AXS4.x86_64.rpm
MD5: 6463f2f4280db479357541fa61807e94
SHA-256: f9a4996fb25fe235b156a5f01111ad7759d4b0a284344405e0ab4c14ef9d9faf
Size: 197.80 kB - postgresql-plperl-8.4.12-1.0.1.AXS4.x86_64.rpm
MD5: c4489e30cb27a804dbea5710a37946ae
SHA-256: f4abee31e45352ed5af104b217c279115e96b37fc3e123b78bceaeedc08d8020
Size: 54.02 kB - postgresql-plpython-8.4.12-1.0.1.AXS4.x86_64.rpm
MD5: 37d2761aecda80b303ef6e6192668adc
SHA-256: b8a5b1887a46b17661f963620d3cd35dcbf57be5b1d494acba29221a772a3de9
Size: 55.22 kB - postgresql-pltcl-8.4.12-1.0.1.AXS4.x86_64.rpm
MD5: 0acb9c4802a6bd29b57068f2f7716198
SHA-256: 5558f21c06183f780f3728510fcda70a4804cc10937500cd30dd707f29fa80a3
Size: 43.71 kB - postgresql-server-8.4.12-1.0.1.AXS4.x86_64.rpm
MD5: c7be9c353108682b4b0ca60afe81e642
SHA-256: 22c2ffa51476cfd807fad74a5001b9e1c5aee26298e8004033d6467d05dfc551
Size: 3.34 MB - postgresql-test-8.4.12-1.0.1.AXS4.x86_64.rpm
MD5: 00c453f05da6a36af53202936e801208
SHA-256: cc26065c2c6c46a085fee7a8eef14cf2c15994360d7c540ecea7558a176aa3c6
Size: 1.10 MB - postgresql-8.4.12-1.0.1.AXS4.i686.rpm
MD5: e578ec21551573694e6b70ff5b28ec2c
SHA-256: 7e60de49927f47affe58aaab0a9ea06c18b915e6461318206a6f5f000287da4c
Size: 2.73 MB - postgresql-devel-8.4.12-1.0.1.AXS4.i686.rpm
MD5: c6dcb08379186b6270b0b16425fb05f7
SHA-256: a05ed1fa0786f93a7210788d4e99ef640d15f92e569475ce8c5e857369749b1e
Size: 803.59 kB - postgresql-libs-8.4.12-1.0.1.AXS4.i686.rpm
MD5: c098d4e55c3dce829c51c83f7af53d91
SHA-256: d2fa6effd19fcbfa6aaeb863e5e0e12492c022f1fc9aa8b182b988e0186fbfbc
Size: 201.74 kB