[Technik] [SECURITY] [DSA 1460-1] New postgresql-8.1 packages fix several vulnerabilities
Noèl Köthe
noel at debian.org
Sun Jan 13 20:56:00 CET 2008
Am Sonntag, den 13.01.2008, 16:45 +0100 schrieb Moritz Muehlenhoff:
> Debian Security Advisory DSA-1460-1 security at debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> January 13, 2008 http://www.debian.org/security/faq
>
> Package : postgresql-8.1
> Vulnerability : several
> Problem type : local
> Debian-specific: no
> CVE Id(s) : CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601
postgresql-8.1 auf h01, h02, h03, h04, h51, cree und wasco aktualisiert.
> For the stable distribution (etch), these problems have been fixed in version
> postgresql-8.1 8.1.11-0etch1.
postgresql-8.1 (8.1.11-0etch1) stable-security; urgency=low
* New upstream security/bugfix release:
- Prevent functions in indexes from executing with the privileges of
the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden
within a SECURITY DEFINER context. [CVE-2007-6600]
- Suitably crafted regular-expression patterns could cause crashes,
infinite or near-infinite looping, and/or massive memory
consumption, all of which pose denial-of-service hazards for
applications that accept regex search patterns from untrustworthy
sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]
- Require non-superusers who use "/contrib/dblink" to use only
password authentication, as a security measure.
The fix that appeared for this in 8.2.5 was incomplete, as it
plugged the hole for only some "dblink" functions. [CVE-2007-6601,
CVE-2007-3278]
- Fix bugs in WAL replay for GIN indexes.
- Fix GIN index build to work properly when maintenance_work_mem is
4GB or more.
- Improve planner's handling of LIKE/regex estimation in non-C
locales.
- Fix planning-speed problem for deep outer-join nests, as well as
possible poor choice of join order.
- Fix planner failure in some cases of WHERE false AND var IN (SELECT
...).
- Make "CREATE TABLE ... SERIAL" and "ALTER SEQUENCE ... OWNED BY"
not change the currval() state of the sequence.
- Preserve the tablespace and storage parameters of indexes that are
rebuilt by "ALTER TABLE ... ALTER COLUMN TYPE".
- Make archive recovery always start a new WAL timeline, rather than
only when a recovery stop time was used. This avoids a corner-case risk
of trying to overwrite an existing archived copy of the last WAL
segment, and seems simpler and cleaner than the original definition.
- Make "VACUUM" not use all of maintenance_work_mem when the table is
too small for it to be useful.
- Fix potential crash in translate() when using a multibyte database
encoding.
- Make corr() return the correct result for negative correlation
values.
- Fix overflow in extract(epoch from interval) for intervals
exceeding 68 years.
- Fix PL/Perl to not fail when a UTF-8 regular expression is used in
a trusted function.
- Fix PL/Python to work correctly with Python 2.5 on 64-bit machines
(Marko Kreen)
- Fix PL/Python to not crash on long exception messages.
- Fix pg_dump to correctly handle inheritance child tables that have
default expressions different from their parent's.
- Fix libpq crash when PGPASSFILE refers to a file that is not a
plain file.
- ecpg parser fixes.
- Make "contrib/tablefunc"'s crosstab() handle NULL rowid as a
category in its own right, rather than crashing.
- Fix tsvector and tsquery output routines to escape backslashes
correctly.
- Fix crash of to_tsvector() on huge input strings.
-- Martin Pitt <mpitt at debian.org> Fri, 11 Jan 2008 16:56:28 +0100
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20080113/492d4f1f/attachment.pgp
More information about the Technik
mailing list