Описание
ELSA-2012-1037: postgresql and postgresql84 security update (MODERATE)
[8.4.12-1]
- Update to PostgreSQL 8.4.12, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-12.html including the fixes for CVE-2012-2143, CVE-2012-2655 Resolves: #830723
[8.4.11-2]
- Add patches for CVE-2012-2143, CVE-2012-2655 Resolves: #830723
[8.4.11-1]
- Update to PostgreSQL 8.4.11, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-11.html http://www.postgresql.org/docs/8.4/static/release-8-4-10.html including the fixes for CVE-2012-0866, CVE-2012-0867, CVE-2012-0868 Resolves: #812077
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
postgresql
8.4.12-1.el6_2
postgresql-contrib
8.4.12-1.el6_2
postgresql-devel
8.4.12-1.el6_2
postgresql-docs
8.4.12-1.el6_2
postgresql-libs
8.4.12-1.el6_2
postgresql-plperl
8.4.12-1.el6_2
postgresql-plpython
8.4.12-1.el6_2
postgresql-pltcl
8.4.12-1.el6_2
postgresql-server
8.4.12-1.el6_2
postgresql-test
8.4.12-1.el6_2
Oracle Linux i686
postgresql
8.4.12-1.el6_2
postgresql-contrib
8.4.12-1.el6_2
postgresql-devel
8.4.12-1.el6_2
postgresql-docs
8.4.12-1.el6_2
postgresql-libs
8.4.12-1.el6_2
postgresql-plperl
8.4.12-1.el6_2
postgresql-plpython
8.4.12-1.el6_2
postgresql-pltcl
8.4.12-1.el6_2
postgresql-server
8.4.12-1.el6_2
postgresql-test
8.4.12-1.el6_2
Oracle Linux 5
Oracle Linux ia64
postgresql84
8.4.12-1.el5_8
postgresql84-contrib
8.4.12-1.el5_8
postgresql84-devel
8.4.12-1.el5_8
postgresql84-docs
8.4.12-1.el5_8
postgresql84-libs
8.4.12-1.el5_8
postgresql84-plperl
8.4.12-1.el5_8
postgresql84-plpython
8.4.12-1.el5_8
postgresql84-pltcl
8.4.12-1.el5_8
postgresql84-python
8.4.12-1.el5_8
postgresql84-server
8.4.12-1.el5_8
postgresql84-tcl
8.4.12-1.el5_8
postgresql84-test
8.4.12-1.el5_8
Oracle Linux x86_64
postgresql84
8.4.12-1.el5_8
postgresql84-contrib
8.4.12-1.el5_8
postgresql84-devel
8.4.12-1.el5_8
postgresql84-docs
8.4.12-1.el5_8
postgresql84-libs
8.4.12-1.el5_8
postgresql84-plperl
8.4.12-1.el5_8
postgresql84-plpython
8.4.12-1.el5_8
postgresql84-pltcl
8.4.12-1.el5_8
postgresql84-python
8.4.12-1.el5_8
postgresql84-server
8.4.12-1.el5_8
postgresql84-tcl
8.4.12-1.el5_8
postgresql84-test
8.4.12-1.el5_8
Oracle Linux i386
postgresql84
8.4.12-1.el5_8
postgresql84-contrib
8.4.12-1.el5_8
postgresql84-devel
8.4.12-1.el5_8
postgresql84-docs
8.4.12-1.el5_8
postgresql84-libs
8.4.12-1.el5_8
postgresql84-plperl
8.4.12-1.el5_8
postgresql84-plpython
8.4.12-1.el5_8
postgresql84-pltcl
8.4.12-1.el5_8
postgresql84-python
8.4.12-1.el5_8
postgresql84-server
8.4.12-1.el5_8
postgresql84-tcl
8.4.12-1.el5_8
postgresql84-test
8.4.12-1.el5_8
Связанные CVE
Связанные уязвимости
PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.
PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.
PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.
PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0. ...
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.