-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:161 http://www.mandriva.com/security/ _______________________________________________________________________ Package : postgresql Date : October 24, 2011 Affected: 2010.1, 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered and corrected in postgresql: contrib/pg_crypto's blowfish encryption code could give wrong results on platforms where char is signed (which is most), leading to encrypted passwords being weaker than they should be (CVE-2011-2483). Additionally corrected ossp-uuid packages as well as corrected support in postgresql 9.0.x are being provided for Mandriva Linux 2011. This update provides a solution to this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483 http://www.postgresql.org/docs/8.3/static/release-8-3-15.html http://www.postgresql.org/docs/8.3/static/release-8-3-16.html http://www.postgresql.org/docs/8.4/static/release-8-4-8.html http://www.postgresql.org/docs/8.4/static/release-8-4-9.html http://www.postgresql.org/docs/9.0/static/release-9-0-5.html http://www.postgresql.org/support/security _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 6ad49497750e5b80e804aa82e9eab97c 2010.1/i586/libecpg8.4_6-8.4.9-0.1mdv2010.2.i586.rpm 08d09e6c12d81d1acadc0fc88d3ccf7c 2010.1/i586/libpq8.4_5-8.4.9-0.1mdv2010.2.i586.rpm 66fdbfea66319e06651637314614b4e0 2010.1/i586/postgresql8.4-8.4.9-0.1mdv2010.2.i586.rpm 3d985bb93b57ff99149269bd33396d50 2010.1/i586/postgresql8.4-contrib-8.4.9-0.1mdv2010.2.i586.rpm a2dbf648844152e72c4ad669ce2b332d 2010.1/i586/postgresql8.4-devel-8.4.9-0.1mdv2010.2.i586.rpm 214a0de8e359ca33b726fab8105c56a4 2010.1/i586/postgresql8.4-docs-8.4.9-0.1mdv2010.2.i586.rpm 3ecb6019615f630e8ad0ca3eaaaf1d1f 2010.1/i586/postgresql8.4-pl-8.4.9-0.1mdv2010.2.i586.rpm 0fdbe008296608f94fdc9273f9c4b67e 2010.1/i586/postgresql8.4-plperl-8.4.9-0.1mdv2010.2.i586.rpm 631b7a5e3279a999f263d131a11ac8c5 2010.1/i586/postgresql8.4-plpgsql-8.4.9-0.1mdv2010.2.i586.rpm 35d0163259485dd28d8ec7daba41a55d 2010.1/i586/postgresql8.4-plpython-8.4.9-0.1mdv2010.2.i586.rpm 5e1f0f2c87e32ca249fdbf04addb2730 2010.1/i586/postgresql8.4-pltcl-8.4.9-0.1mdv2010.2.i586.rpm b4671c7e9513b36b218054f02bca32e1 2010.1/i586/postgresql8.4-server-8.4.9-0.1mdv2010.2.i586.rpm e36b9aea370f4ea290931fbd869cf6ba 2010.1/SRPMS/postgresql8.4-8.4.9-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: bd613061738f1e4b148a1d624873b4cd 2010.1/x86_64/lib64ecpg8.4_6-8.4.9-0.1mdv2010.2.x86_64.rpm 2aca59f2cf01cdabf415597e2208b77f 2010.1/x86_64/lib64pq8.4_5-8.4.9-0.1mdv2010.2.x86_64.rpm 0a3c853b35cb2f78ce213d58d3465bad 2010.1/x86_64/postgresql8.4-8.4.9-0.1mdv2010.2.x86_64.rpm 54aec7056b8d65ca7c8cb75b6c9897b6 2010.1/x86_64/postgresql8.4-contrib-8.4.9-0.1mdv2010.2.x86_64.rpm b23e350067f4f61e3ae7dc3d7607d7be 2010.1/x86_64/postgresql8.4-devel-8.4.9-0.1mdv2010.2.x86_64.rpm 6de72c3350ab4e0e81da997ca9b71fff 2010.1/x86_64/postgresql8.4-docs-8.4.9-0.1mdv2010.2.x86_64.rpm 56710e2f33740317dac0d94539025e8c 2010.1/x86_64/postgresql8.4-pl-8.4.9-0.1mdv2010.2.x86_64.rpm d989b63b53a72f1ad8f767ce95ad1361 2010.1/x86_64/postgresql8.4-plperl-8.4.9-0.1mdv2010.2.x86_64.rpm f646795ef43957063cd9013c5c203082 2010.1/x86_64/postgresql8.4-plpgsql-8.4.9-0.1mdv2010.2.x86_64.rpm 440c81835562deff1f19e8f654a3ccb4 2010.1/x86_64/postgresql8.4-plpython-8.4.9-0.1mdv2010.2.x86_64.rpm c92a47b8b176224ad73ec684872c0496 2010.1/x86_64/postgresql8.4-pltcl-8.4.9-0.1mdv2010.2.x86_64.rpm c9f6b92267657709ea389da9794714d7 2010.1/x86_64/postgresql8.4-server-8.4.9-0.1mdv2010.2.x86_64.rpm e36b9aea370f4ea290931fbd869cf6ba 2010.1/SRPMS/postgresql8.4-8.4.9-0.1mdv2010.2.src.rpm Mandriva Linux 2011: 8c9e4fdccd986663a222b38d078e9438 2011/i586/libecpg9.0_6-9.0.5-0.1-mdv2011.0.i586.rpm 4732b43b1d220ebdbcb9235e3c7ef164 2011/i586/libossp-uuid++16-1.6.2-8.1-mdv2011.0.i586.rpm 6eb0f7a6505e5f80eccc6259c12e6ccc 2011/i586/libossp-uuid16-1.6.2-8.1-mdv2011.0.i586.rpm b73f283d5dbcf211def9c182b90491d7 2011/i586/libossp-uuid_dce16-1.6.2-8.1-mdv2011.0.i586.rpm 7d425f754975b8d99ae0262296d95955 2011/i586/libossp-uuid-devel-1.6.2-8.1-mdv2011.0.i586.rpm d11a60a5e372ba1cd4b2e89e1bf1b530 2011/i586/libpq9.0_5-9.0.5-0.1-mdv2011.0.i586.rpm 4034835679a544e4e1bbc3638ba68c8e 2011/i586/ossp-uuid-1.6.2-8.1-mdv2011.0.i586.rpm 09d4b532351c71a6fab9ed626b88b1e9 2011/i586/perl-OSSP-uuid-1.6.2-8.1-mdv2011.0.i586.rpm f562fe764feb4b8fa4669ab5fe5badeb 2011/i586/php-OSSP-uuid-1.6.2-8.1-mdv2011.0.i586.rpm affb7a08e31f88652c8736b327b2e896 2011/i586/postgresql9.0-9.0.5-0.1-mdv2011.0.i586.rpm 7c9179398937b9b736f2a8bc1eaa9d45 2011/i586/postgresql9.0-contrib-9.0.5-0.1-mdv2011.0.i586.rpm 1022893536c9c9f4bf3017f6ac774388 2011/i586/postgresql9.0-devel-9.0.5-0.1-mdv2011.0.i586.rpm 40bd6639ec2ef40f323de7142f524e6e 2011/i586/postgresql9.0-docs-9.0.5-0.1-mdv2011.0.i586.rpm e93d2c029729b01fea75812cdd6f1617 2011/i586/postgresql9.0-pl-9.0.5-0.1-mdv2011.0.i586.rpm d8aa2b49c9e4526a35582e1494735a48 2011/i586/postgresql9.0-plperl-9.0.5-0.1-mdv2011.0.i586.rpm 6ee50d0e461985e200767a7cc6f3b90a 2011/i586/postgresql9.0-plpgsql-9.0.5-0.1-mdv2011.0.i586.rpm 88818f42ae3bd567af12a64b41cfda2c 2011/i586/postgresql9.0-plpython-9.0.5-0.1-mdv2011.0.i586.rpm a045777446dd3beb495748ee7b50f85a 2011/i586/postgresql9.0-pltcl-9.0.5-0.1-mdv2011.0.i586.rpm 05144c91f8c7f4a6af12c6c8845c6216 2011/i586/postgresql9.0-server-9.0.5-0.1-mdv2011.0.i586.rpm db7f0521eb6e4a674def8654c39ed544 2011/i586/postgresql-OSSP-uuid-1.6.2-5.1-mdv2011.0.i586.rpm 56b573310edc54120394bf151b8bf654 2011/i586/postgresql-OSSP-uuid-1.6.2-8.1-mdv2011.0.i586.rpm 332948be973bfa26d5e1a54082394ae8 2011/SRPMS/ossp-uuid-1.6.2-8.1.src.rpm 269bb81b0c82c2193c802e57b2e32066 2011/SRPMS/postgresql9.0-9.0.5-0.1.src.rpm Mandriva Linux 2011/X86_64: e3351db3cc03bfbc5b86402452a1c5c6 2011/x86_64/lib64ecpg9.0_6-9.0.5-0.1-mdv2011.0.x86_64.rpm 28faf6bddecb1401ca6f0ae3ca390c4e 2011/x86_64/lib64ossp-uuid++16-1.6.2-8.1-mdv2011.0.x86_64.rpm 9d98dbd5efba1c23d7d1dc0683076a1d 2011/x86_64/lib64ossp-uuid16-1.6.2-8.1-mdv2011.0.x86_64.rpm b8d204efd9f37a1bdef8bb49a7d730b7 2011/x86_64/lib64ossp-uuid_dce16-1.6.2-8.1-mdv2011.0.x86_64.rpm 27af2ea7faa2f3632c0454009a51f783 2011/x86_64/lib64ossp-uuid-devel-1.6.2-8.1-mdv2011.0.x86_64.rpm 1b5af2a30aac53f2d2cae9a9901daaf9 2011/x86_64/lib64pq9.0_5-9.0.5-0.1-mdv2011.0.x86_64.rpm b7d48734ed5176eb4b9d9496e161ee41 2011/x86_64/ossp-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm 1ac5de522646c67703bdaa712b0ec8b9 2011/x86_64/perl-OSSP-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm 0d81de7becc15a6baca9f62607b196f3 2011/x86_64/php-OSSP-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm af3d5a5a7b42bf9f805a407563bcd57d 2011/x86_64/postgresql9.0-9.0.5-0.1-mdv2011.0.x86_64.rpm e00be67b93a181dad3f7648498e08f52 2011/x86_64/postgresql9.0-contrib-9.0.5-0.1-mdv2011.0.x86_64.rpm 0f91b1e53750bcbe2b28b5a45f0949b7 2011/x86_64/postgresql9.0-devel-9.0.5-0.1-mdv2011.0.x86_64.rpm 5e7b7b58c09d004d3f62ac3c63ee3519 2011/x86_64/postgresql9.0-docs-9.0.5-0.1-mdv2011.0.x86_64.rpm 840077d3b88258aa07de31a7fe5117f7 2011/x86_64/postgresql9.0-pl-9.0.5-0.1-mdv2011.0.x86_64.rpm c6c16faff77878077e99a7690dd9bd9a 2011/x86_64/postgresql9.0-plperl-9.0.5-0.1-mdv2011.0.x86_64.rpm d74eebcd883d4a82a251dca65a76339f 2011/x86_64/postgresql9.0-plpgsql-9.0.5-0.1-mdv2011.0.x86_64.rpm 04a2ba1fc72676ef03248fa6aaf5e965 2011/x86_64/postgresql9.0-plpython-9.0.5-0.1-mdv2011.0.x86_64.rpm 17a1bb0f6961e312eb7ca66c18584c3f 2011/x86_64/postgresql9.0-pltcl-9.0.5-0.1-mdv2011.0.x86_64.rpm 7ab85a1a8ee66442cd5b213be477f7a1 2011/x86_64/postgresql9.0-server-9.0.5-0.1-mdv2011.0.x86_64.rpm aaa307bda249a09d4da02d7b3b98dd24 2011/x86_64/postgresql-OSSP-uuid-1.6.2-5.1-mdv2011.0.x86_64.rpm 11b6f9dc3595d152b37c1f49fa618634 2011/x86_64/postgresql-OSSP-uuid-1.6.2-8.1-mdv2011.0.x86_64.rpm 332948be973bfa26d5e1a54082394ae8 2011/SRPMS/ossp-uuid-1.6.2-8.1.src.rpm 269bb81b0c82c2193c802e57b2e32066 2011/SRPMS/postgresql9.0-9.0.5-0.1.src.rpm Mandriva Enterprise Server 5: ce8f0d1d9ab515cb4a64a32a793f110c mes5/i586/libecpg8.3_6-8.3.16-0.1mdvmes5.2.i586.rpm a898795abc544fd0676eba3e2729a4cb mes5/i586/libpq8.3_5-8.3.16-0.1mdvmes5.2.i586.rpm e366d05130dc24feda61ddd84105dadb mes5/i586/postgresql8.3-8.3.16-0.1mdvmes5.2.i586.rpm 1759b159fb4b17ce51af94e5e214a5bb mes5/i586/postgresql8.3-contrib-8.3.16-0.1mdvmes5.2.i586.rpm 4052f4f111c5eec7a712170b0c1be169 mes5/i586/postgresql8.3-devel-8.3.16-0.1mdvmes5.2.i586.rpm d977cf1098bf9c970e0179e30c4e487c mes5/i586/postgresql8.3-docs-8.3.16-0.1mdvmes5.2.i586.rpm 245b66b478d044c08d066afb9f04388a mes5/i586/postgresql8.3-pl-8.3.16-0.1mdvmes5.2.i586.rpm 385b2128cea82fd736aff3b450f087d5 mes5/i586/postgresql8.3-plperl-8.3.16-0.1mdvmes5.2.i586.rpm 8d8d4797c66c4849bcba33db497c8e7a mes5/i586/postgresql8.3-plpgsql-8.3.16-0.1mdvmes5.2.i586.rpm 2903c6b08c9e82f1447a94ad724955e2 mes5/i586/postgresql8.3-plpython-8.3.16-0.1mdvmes5.2.i586.rpm 3c55656825609c1337fff2843d19907c mes5/i586/postgresql8.3-pltcl-8.3.16-0.1mdvmes5.2.i586.rpm 9537477a620c7f81342c7bb123939320 mes5/i586/postgresql8.3-server-8.3.16-0.1mdvmes5.2.i586.rpm 4d59b736bb0a8876ea27fb550ba5fa72 mes5/SRPMS/postgresql8.3-8.3.16-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 778733aee5b4c91fbd2f31b162aaab00 mes5/x86_64/lib64ecpg8.3_6-8.3.16-0.1mdvmes5.2.x86_64.rpm 414fd0859d6637c99ecbe85d168f4c3d mes5/x86_64/lib64pq8.3_5-8.3.16-0.1mdvmes5.2.x86_64.rpm d8b54b7ff437422a0823ec1cf1bdcbb7 mes5/x86_64/postgresql8.3-8.3.16-0.1mdvmes5.2.x86_64.rpm 30d57cc0444d933b8de3f1a77d015a19 mes5/x86_64/postgresql8.3-contrib-8.3.16-0.1mdvmes5.2.x86_64.rpm d957bfd1364abf7b87b1d12a77213274 mes5/x86_64/postgresql8.3-devel-8.3.16-0.1mdvmes5.2.x86_64.rpm e04d80db207e6b7cd31d69cf06f5a117 mes5/x86_64/postgresql8.3-docs-8.3.16-0.1mdvmes5.2.x86_64.rpm 1a5c7bbc1c236402469ceb2325ff8006 mes5/x86_64/postgresql8.3-pl-8.3.16-0.1mdvmes5.2.x86_64.rpm a4b4249760177eed26dbdf185ec5c75d mes5/x86_64/postgresql8.3-plperl-8.3.16-0.1mdvmes5.2.x86_64.rpm e55e7aadcd9b498710979918f5f0aeb8 mes5/x86_64/postgresql8.3-plpgsql-8.3.16-0.1mdvmes5.2.x86_64.rpm d51d51412134eb2dfe4ec67d7da05176 mes5/x86_64/postgresql8.3-plpython-8.3.16-0.1mdvmes5.2.x86_64.rpm 89df472fb88dc6c54f5f8108697191e4 mes5/x86_64/postgresql8.3-pltcl-8.3.16-0.1mdvmes5.2.x86_64.rpm b76c2785108d14496b50153c93be57bf mes5/x86_64/postgresql8.3-server-8.3.16-0.1mdvmes5.2.x86_64.rpm 4d59b736bb0a8876ea27fb550ba5fa72 mes5/SRPMS/postgresql8.3-8.3.16-0.1mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFOpYvXmqjQ0CJFipgRAq8+AKCwGOYsCwr705ZgSF60ZUCKkUOzLACbBCWq Q5etHSuqmAVNBbDE4v0cAQU= =ZCT4 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/