| Summary: | [Update Request] Postgresql packages to fix CVE-2013-0255 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Funda Wang <fundawang> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | luigiwalser, sysadmin-bugs, tmb |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/537358/ | ||
| Whiteboard: | has_procedure mga2-64-ok mga2-32-ok | ||
| Source RPM: | postgresql9.1-9.1.8-1.mga2, postgresql9.0-9.0.12-1.mga2, postgresql8.4-8.4.16-1.mga2 | CVE: | |
| Status comment: | |||
|
Description
Funda Wang
2013-02-08 09:36:25 CET
Testing procedure here, once webmin is configured. https://bugs.mageia.org/show_bug.cgi?id=6334#c2 Use webmin to run the sql from http://pgfoundry.org/frs/download.php/527/world-1.0.tar.gz to create the tables, and view the data. Delete /var/lib/pgsql before starting the next version for testing. postgresql8.4-8.4.16-1.mga2 postgresql9.0-9.0.12-1.mga2 postgresql9.1-9.1.8-1.mga2 SRPM: postgresql8.4-8.4.16-1.mga2.src.rpm ----------------------------------------- lib64ecpg8.4_6 lib64pq8.4_5 postgresql8.4-contrib postgresql8.4-devel postgresql8.4-docs postgresql8.4-plperl postgresql8.4-plpgsql postgresql8.4-pl postgresql8.4-plpython postgresql8.4-pltcl postgresql8.4 postgresql8.4-server SRPM: postgresql9.0-9.0.12-1.mga2.src.rpm ----------------------------------------- lib64ecpg9.0_6 lib64pq9.0_5 postgresql9.0-contrib postgresql9.0-devel postgresql9.0-docs postgresql9.0-plperl postgresql9.0-plpgsql postgresql9.0-pl postgresql9.0-plpython postgresql9.0-pltcl postgresql9.0 postgresql9.0-server SRPM: postgresql9.1-9.1.8-1.mga2.src.rpm ---------------------------------------- lib64ecpg9.1_6 lib64pq9.1_5 postgresql9.1-contrib postgresql9.1-devel postgresql9.1-docs postgresql9.1-plperl postgresql9.1-plpgsql postgresql9.1-pl postgresql9.1-plpython postgresql9.1-pltcl postgresql9.1 postgresql9.1-server Adding David in case he wants to add to the advisory. CC:
(none) =>
luigiwalser
claire robinson
2013-02-08 11:16:09 CET
Whiteboard:
(none) =>
has_procedure Fedora has issued an advisory for this on February 8: http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html If you want to use the slightly more condensed advisory from their bugzilla, here it is. Advisory: ======================== Updated postgresql packages fix security vulnerability: An array index error, leading to out of heap-based buffer bounds read flaw was found in the way PostgreSQL, an advanced Object-Relational database management system (DBMS), performed retrieval of textual form of error message representation when processing certain enumeration types. An unprivileged database user could issue a specially-crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to denial of service (daemon crash) or disclosure (of certain portions of) server memory (CVE-2013-0255). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255 http://www.postgresql.org/about/news/1446/ http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html URL:
http://www.postgresql.org/about/news/1446/ =>
http://lwn.net/Vulnerabilities/537358/ Testing complete mga2 64 Postgresql8.4, 9.0 & 9.1 Whiteboard:
has_procedure =>
has_procedure mga2-64-ok Testing mga2 32 also Testing complete mga2 32 Validating SRPMs: postgresql8.4-8.4.16-1.mga2 postgresql9.0-9.0.12-1.mga2 postgresql9.1-9.1.8-1.mga2 Advisory in comment 2 Could sysadmin please push from core/updates_testing to core/updates Thanks! Keywords:
(none) =>
validated_update Update pushed; https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0049 Status:
NEW =>
RESOLVED |