what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 1002-2

Ubuntu Security Notice 1002-2
Posted Oct 8, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1002-2 - USN-1002-1 fixed vulnerabilities in PostgreSQL. This update provides the corresponding update for Ubuntu 10.10. It was discovered that PostgreSQL did not properly enforce permissions within sessions when PL/Perl and PL/Tcl functions or operators were redefined. A remote authenticated attacker could exploit this to execute arbitrary code with permissions of a different user, possibly leading to privilege escalation.

tags | advisory, remote, arbitrary, perl, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-3433
SHA-256 | 085a6581138140094c3a3e7e5218e13c206bda65a3d3ed3d068b202fda63e0ba

Ubuntu Security Notice 1002-2

Change Mirror Download
===========================================================
Ubuntu Security Notice USN-1002-2 October 07, 2010
postgresql-8.4 vulnerability
CVE-2010-3433
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
postgresql-plperl-8.4 8.4.5-0ubuntu10.10
postgresql-pltcl-8.4 8.4.5-0ubuntu10.10

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

Details follow:

USN-1002-1 fixed vulnerabilities in PostgreSQL. This update provides the
corresponding update for Ubuntu 10.10.

Original advisory details:

It was discovered that PostgreSQL did not properly enforce permissions
within sessions when PL/Perl and PL/Tcl functions or operators were
redefined. A remote authenticated attacker could exploit this to execute
arbitrary code with permissions of a different user, possibly leading to
privilege escalation.


Updated packages for Ubuntu 10.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10.diff.gz
Size/MD5: 39535 23f8b3a352178737bb56ead8312c86ce
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10.dsc
Size/MD5: 2618 ed2b36e5dae9278e12d57c3d5c12d41c
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5.orig.tar.gz
Size/MD5: 17590296 8ddea33493bf5cf6f5ea62212bb079df

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-client_8.4.5-0ubuntu10.10_all.deb
Size/MD5: 18046 1c384292787a8d1a5dd42f17e2a7efc8
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-contrib_8.4.5-0ubuntu10.10_all.deb
Size/MD5: 17944 bd565d773cf1f570cfe8f90bbebac5dc
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-doc-8.4_8.4.5-0ubuntu10.10_all.deb
Size/MD5: 2118952 1c0163b0b9458c91cee4f8f0f9a4cfe4
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-doc_8.4.5-0ubuntu10.10_all.deb
Size/MD5: 3450 26111ec43a687d13ce3fa44f9664fe6a
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql_8.4.5-0ubuntu10.10_all.deb
Size/MD5: 18084 848a9af8970f015693af8ae73fe0a2cb

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 11340 130564cc4628ceafc3921713ab2e4dcc
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-dev_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 240990 e3f6824a873520f17e230a62ad05ac80
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg6_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 33164 308b7aaa612e6c680f5583590e62986e
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpgtypes3_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 49340 f24763b931ba512742dd6d03f86d62c5
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq-dev_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 201420 36249bf7794d77cfb7c05ff4901c0317
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq5_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 88556 20c083d536a138cc44bfa460b93d1eb3
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 4030288 6384be605d8d3597b9d34be34fafaa03
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 822908 055d780c681d443e7d31a0b36d7d5ed8
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 406728 3230bf51c73075032ac03f65770ad976
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 630842 fb7866cb18076664c304d81e0b8cb021
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 46686 f8834eb50b0298b2e09f44ce3dde5946
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 39898 53066a883e73930773d282bf302e9fdb
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.5-0ubuntu10.10_amd64.deb
Size/MD5: 37482 73ed6ddaf822a4fb9a5d4ad990e9adbb

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 10310 7c4f24a65407a0b9ff04e7d8b47b994a
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-dev_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 226046 419eb5e75f5d6c7864fd0c0bef7d1afd
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg6_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 32056 1319f823acea5395a7d85887486def9d
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpgtypes3_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 48064 2e7044fcb4a110609eb22abaed4e72c8
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq-dev_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 193026 80f3d8d52adb51ac873755fa28dd5bca
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq5_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 83006 2fe4cf19bf4fab85621b09f397bf99a1
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 3883064 f1e96cb6c5338ef0c0d3ed565d02fba4
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 776358 f2b56866bd98a688fa76504e4b36647b
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 363476 21f6d13a2d2b7f7b8a2d9a1e53130684
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 633542 351ba2390d1ba28b8ff623cdf3839fd9
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 45058 192433c49f49f994149c7b6e5624348b
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 37484 e0af027de047269a78024c65d45396ef
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.5-0ubuntu10.10_i386.deb
Size/MD5: 36514 ed256af80099b8bd118dab3299ce0549

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 10728 2038e12c84261eb4d5b4334e9b341163
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg-dev_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 241180 b55e26e2973cf5d7b359c382f3399dd7
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg6_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 34290 0572b2444e501ec930a167a86722450b
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpgtypes3_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 51950 5ac477b5e3b958cbcd7402e6a5bcd9a6
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpq-dev_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 199520 413218cd3db4eac23f69b3aa1ffb2dc3
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpq5_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 86118 99303c47040f76c0a759877668c3e41d
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 4332980 ff598d1c98e57ae87d0a825869ea84af
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 823870 c4dd1c0be504e1204d0bea21cd85d01b
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 390012 b678b43d6814d4aa625f6d9b6c232d30
http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 632088 d518262b6c78c1de5be3a21629b28456
http://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 45952 583c39e67e37c14a937e2a08655a96ae
http://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 39004 b70e2b185875c7cdcb14e3a361589c0e
http://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.5-0ubuntu10.10_powerpc.deb
Size/MD5: 37188 66e750905a43b134ed13e79106412e52



Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close