ELSA-2013-1475

Опубликовано: 29 окт. 2013

Источник: oracle-oval

Платформа: Oracle Linux 6

Платформа: Oracle Linux 5

Описание

ELSA-2013-1475: postgresql and postgresql84 security update (MODERATE)

[8.4.18-1]

Update to PostgreSQL 8.4.18, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-14.html http://www.postgresql.org/docs/8.4/static/release-8-4-15.html http://www.postgresql.org/docs/8.4/static/release-8-4-16.html http://www.postgresql.org/docs/8.4/static/release-8-4-17.html http://www.postgresql.org/docs/8.4/static/release-8-4-18.html including fixes for CVE-2013-0255, CVE-2013-1900 (#1017837)

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

postgresql

8.4.18-1.el6_4

postgresql-contrib

8.4.18-1.el6_4

postgresql-devel

8.4.18-1.el6_4

postgresql-docs

8.4.18-1.el6_4

postgresql-libs

8.4.18-1.el6_4

postgresql-plperl

8.4.18-1.el6_4

postgresql-plpython

8.4.18-1.el6_4

postgresql-pltcl

8.4.18-1.el6_4

postgresql-server

8.4.18-1.el6_4

postgresql-test

8.4.18-1.el6_4

Oracle Linux i686

postgresql

8.4.18-1.el6_4

postgresql-contrib

8.4.18-1.el6_4

postgresql-devel

8.4.18-1.el6_4

postgresql-docs

8.4.18-1.el6_4

postgresql-libs

8.4.18-1.el6_4

postgresql-plperl

8.4.18-1.el6_4

postgresql-plpython

8.4.18-1.el6_4

postgresql-pltcl

8.4.18-1.el6_4

postgresql-server

8.4.18-1.el6_4

postgresql-test

8.4.18-1.el6_4

Oracle Linux 5

Oracle Linux ia64

postgresql84

8.4.18-1.el5_10

postgresql84-contrib

8.4.18-1.el5_10

postgresql84-devel

8.4.18-1.el5_10

postgresql84-docs

8.4.18-1.el5_10

postgresql84-libs

8.4.18-1.el5_10

postgresql84-plperl

8.4.18-1.el5_10

postgresql84-plpython

8.4.18-1.el5_10

postgresql84-pltcl

8.4.18-1.el5_10

postgresql84-python

8.4.18-1.el5_10

postgresql84-server

8.4.18-1.el5_10

postgresql84-tcl

8.4.18-1.el5_10

postgresql84-test

8.4.18-1.el5_10

Oracle Linux x86_64

postgresql84

8.4.18-1.el5_10

postgresql84-contrib

8.4.18-1.el5_10

postgresql84-devel

8.4.18-1.el5_10

postgresql84-docs

8.4.18-1.el5_10

postgresql84-libs

8.4.18-1.el5_10

postgresql84-plperl

8.4.18-1.el5_10

postgresql84-plpython

8.4.18-1.el5_10

postgresql84-pltcl

8.4.18-1.el5_10

postgresql84-python

8.4.18-1.el5_10

postgresql84-server

8.4.18-1.el5_10

postgresql84-tcl

8.4.18-1.el5_10

postgresql84-test

8.4.18-1.el5_10

Oracle Linux i386

postgresql84

8.4.18-1.el5_10

postgresql84-contrib

8.4.18-1.el5_10

postgresql84-devel

8.4.18-1.el5_10

postgresql84-docs

8.4.18-1.el5_10

postgresql84-libs

8.4.18-1.el5_10

postgresql84-plperl

8.4.18-1.el5_10

postgresql84-plpython

8.4.18-1.el5_10

postgresql84-pltcl

8.4.18-1.el5_10

postgresql84-python

8.4.18-1.el5_10

postgresql84-server

8.4.18-1.el5_10

postgresql84-tcl

8.4.18-1.el5_10

postgresql84-test

8.4.18-1.el5_10

Связанные CVE

CVE-2013-0255

CVE-2013-1900

Ссылки на источники

Связанные уязвимости

CVE-2013-0255

ubuntu

больше 12 лет назад

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.

CVE-2013-0255

redhat

больше 12 лет назад

CVE-2013-0255

nvd

больше 12 лет назад

CVE-2013-0255

debian

больше 12 лет назад

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12 ...

CVE-2013-1900

ubuntu

около 12 лет назад

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."