The postgresql packages have been updated to latest versions of current series, to fix multiple security vulnerabilities: CVE-2012-2143: Passwords containing the byte 0x80 passed to the crypt() function in pgcrypto are incorrectly truncated if DES encryption was used. CVE-2012-2655: SECURITY DEFINER and SET attributes on procedural call handlers are not ignored and can be used to crash the server. List of packages: Mageia 1: postgresql8.4-8.4.12-1.mga1 postgresql9.0-9.0.8-1.mga1 Mageia 2: postgresql8.4-8.4.12-1.mga2 postgresql9.0-9.0.8-1.mga2 postgresql9.1-9.1.4-1.mga2
I couldn't find any poc for the bugs, so just testing that the servers work. Currently testing postgresql9.0 on i586 Mageia 1.
CC: (none) => davidwhodgins
Testing complete on i586/Mageia 1 for the srpm postgresql9.0-9.0.8-1.mga1.src.rpm I used webmin to run the sql from http://pgfoundry.org/frs/download.php/527/world-1.0.tar.gz to create the tables, and view the data. I'll now be testing postgresql8.4 on Mageia 1 i586.
Testing complete on i586/Mageia 1 for the srpm postgresql8.4-8.4.12-1.mga1.src.rpm After uninstalling postgresql9.0, deleting /var/lib/pgsql, installing postgresql8.4-server, repeated the test using the world sql, using webmin to run the sql from a file. I'll test postgresql8.4 on Mageia 2 i586 shortly.
Testing complete on i586/Mageia 2 for the srpms postgresql8.4-8.4.12-1.mga2 postgresql9.0-9.0.8-1.mga2 postgresql9.1-9.1.4-1.mga2 Note that in webmin, the postgresql shows up in the unused modules, until the config for the module is edited, to correct the paths for the various commands and the database directory. Don't forget to delete /var/lib/pgsql before starting the next version for testing.
testing mga1 x86_64
Whiteboard: (none) => mga1-i586-OK, mga2-i586-OK
Testing complete mga1 x86_64 for srpms postgresql8.4-8.4.12-1.mga1 postgresql9.0-9.0.8-1.mga1 Used webmin after altering a number of paths in the webmin postgresql module and the world.sql file same as Dave. Verified by viewing tables and data afterwards.
Whiteboard: mga1-i586-OK, mga2-i586-OK => mga1-i586-OK, mga2-i586-OK, mga1-64-OK
Testing complete mga2 x86_64 postgresql8.4-8.4.12-1.mga2 postgresql9.0-9.0.8-1.mga2 postgresql9.1-9.1.4-1.mga2 Validating This contains updates for both mga1 and mga2 which should be pushed at the same time. Please see comment 0 for advisory and srpms. Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: mga1-i586-OK, mga2-i586-OK, mga1-64-OK => mga1-i586-OK, mga2-i586-OK, mga1-64-OK, mga2-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0113
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED