English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75096 CVE descriptions
and 39644 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2010-2
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 18 Jan 2010
 Last revised: 18 Jan 2010

 Package: postgresql

 Summary: Two vulnerabilities discovered in postgresql

 More information:
    PostgreSQL is an advanced Object-Relational database management system
    (DBMS) that supports almost all SQL constructs.

    PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19,
    8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not
    properly handle a '\0' character in a domain name in the subject's Common Name (CN)
    field of an X.509 certificate, which (1) allows man-in-the-middle attackers to
    spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate
    issued by a legitimate Certification Authority, and (2) allows remote attackers
    to bypass intended client-hostname restrictions via a crafted client certificate
    issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. (CVE-2009-4034)

    PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x
    before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage
    session-local state during execution of an index function by a database superuser,
    which allows remote authenticated users to gain privileges via a table with crafted
    index functions, as demonstrated by functions that modify (1) search_path or (2)
    a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230. (CVE-2009-4136)

 Affected Products:
    - Turbolinux Client 2008
    - Turbolinux Appliance Server 3.0 x64 Edition
    - Turbolinux Appliance Server 3.0
    - Turbolinux 11 Server x64 Edition
    - Turbolinux 11 Server
    - Turbolinux Appliance Server 2.0
    - Turbolinux 10 Server x64 Edition
    - Turbolinux 10 Server


 <Turbolinux Client 2008>

   Source Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-source/postgresql-8.2.15-1.src.rpm
     18907322 c24bfebb737ab172d451818219648713

   Binary Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/postgresql-8.2.15-1.i586.rpm
      3221343 38eb8c67a2fd735939f8b498cc6c469c
   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/postgresql-devel-8.2.15-1.i586.rpm
      1285667 1785f1131da3976a4ce130a6c2da530d
   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/postgresql-libs-8.2.15-1.i586.rpm
       214639 87d5a3ea1ec58f972d88c2c249e23f06

 <Turbolinux Appliance Server 3.0 x64 Edition>

   Source Packages
   Size: MD5

   postgresql-8.2.15-1.src.rpm
     18994619 2f5e676450a30d51badd480b1c02a0e4

   Binary Packages
   Size: MD5

   postgresql-8.2.15-1.x86_64.rpm
      3870974 78cb7a014ce7ef151bf2fcac6a7d8fd9
   postgresql-contrib-8.2.15-1.x86_64.rpm
      1454095 4816cd86061ac5d039cc1b223ddf8159
   postgresql-devel-8.2.15-1.x86_64.rpm
      1426943 003563ac7dfd4f9e74ea6bd7d5e834b8
   postgresql-libs-8.2.15-1.x86_64.rpm
       451083 f1cb28ada3aef1107b5e2807698b9567
   postgresql-plperl-8.2.15-1.x86_64.rpm
       747276 17ca68c1b985952ad7d82541e7eb303c
   postgresql-plpython-8.2.15-1.x86_64.rpm
        83060 4e0d9921b4df99ce57d9dfe0c153e7de
   postgresql-python-8.2.15-1.x86_64.rpm
       106145 dbe969bce825998c9f24863cc082bf45
   postgresql-server-8.2.15-1.x86_64.rpm
      7922040 9daa7e3c72c058be7f9b4c9f55a8d3c3
   postgresql-test-8.2.15-1.x86_64.rpm
      1257308 f8061c37334e68439f8da9cbbbb7dcf1

 <Turbolinux Appliance Server 3.0>

   Source Packages
   Size: MD5

   postgresql-8.2.15-1.src.rpm
     18994619 2f5e676450a30d51badd480b1c02a0e4

   Binary Packages
   Size: MD5

   postgresql-8.2.15-1.i686.rpm
      3253022 da34d2fe8b2b1a041b968ac812a9d927
   postgresql-contrib-8.2.15-1.i686.rpm
       501369 b791141b354fab6fd33d3b6abc10a04a
   postgresql-devel-8.2.15-1.i686.rpm
      1275341 6fa69ffb57cd4033aad27b96f41d893f
   postgresql-libs-8.2.15-1.i686.rpm
       201940 5a359434b2df69745564ef806f2b9355
   postgresql-plperl-8.2.15-1.i686.rpm
       607388 800c332cd9a1c613581a069f08d40bbb
   postgresql-plpython-8.2.15-1.i686.rpm
        41382 2978c357b14fe7ceaaac6079c662f990
   postgresql-python-8.2.15-1.i686.rpm
        76204 7409ead71794cf42487c9d8cb37d8edc
   postgresql-server-8.2.15-1.i686.rpm
      4272055 72ea0d0aeb667b9d6dad2723ada2070b
   postgresql-test-8.2.15-1.i686.rpm
      1231273 374f4a1a13c8b9823484dd26e66f3bb9

 <Turbolinux 11 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/postgresql-8.2.15-1.src.rpm
     18994619 2f5e676450a30d51badd480b1c02a0e4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/postgresql-libs-32bit-8.2.15-1.src.rpm
       187796 267129931ccc997fc26a9f71676f9ad6

   Binary Packages
   Size: MD5

   postgresql-8.2.15-1.x86_64.rpm
      3870974 78cb7a014ce7ef151bf2fcac6a7d8fd9
   postgresql-contrib-8.2.15-1.x86_64.rpm
      1454095 4816cd86061ac5d039cc1b223ddf8159
   postgresql-devel-8.2.15-1.x86_64.rpm
      1426943 003563ac7dfd4f9e74ea6bd7d5e834b8
   postgresql-libs-32bit-8.2.15-1.x86_64.rpm
       118482 3e6532801e7ff4a468fa0cb47e67bca6
   postgresql-libs-8.2.15-1.x86_64.rpm
       451083 f1cb28ada3aef1107b5e2807698b9567
   postgresql-plperl-8.2.15-1.x86_64.rpm
       747276 17ca68c1b985952ad7d82541e7eb303c
   postgresql-plpython-8.2.15-1.x86_64.rpm
        83060 4e0d9921b4df99ce57d9dfe0c153e7de
   postgresql-python-8.2.15-1.x86_64.rpm
       106145 dbe969bce825998c9f24863cc082bf45
   postgresql-server-8.2.15-1.x86_64.rpm
      7922040 9daa7e3c72c058be7f9b4c9f55a8d3c3
   postgresql-test-8.2.15-1.x86_64.rpm
      1257308 f8061c37334e68439f8da9cbbbb7dcf1

 <Turbolinux 11 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/postgresql-8.2.15-1.src.rpm
     18994619 2f5e676450a30d51badd480b1c02a0e4

   Binary Packages
   Size: MD5

   postgresql-8.2.15-1.i686.rpm
      3253022 da34d2fe8b2b1a041b968ac812a9d927
   postgresql-contrib-8.2.15-1.i686.rpm
       501369 b791141b354fab6fd33d3b6abc10a04a
   postgresql-devel-8.2.15-1.i686.rpm
      1275341 6fa69ffb57cd4033aad27b96f41d893f
   postgresql-libs-8.2.15-1.i686.rpm
       201940 5a359434b2df69745564ef806f2b9355
   postgresql-plperl-8.2.15-1.i686.rpm
       607388 800c332cd9a1c613581a069f08d40bbb
   postgresql-plpython-8.2.15-1.i686.rpm
        41382 2978c357b14fe7ceaaac6079c662f990
   postgresql-python-8.2.15-1.i686.rpm
        76204 7409ead71794cf42487c9d8cb37d8edc
   postgresql-server-8.2.15-1.i686.rpm
      4272055 72ea0d0aeb667b9d6dad2723ada2070b
   postgresql-test-8.2.15-1.i686.rpm
      1231273 374f4a1a13c8b9823484dd26e66f3bb9

 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   postgresql-7.4.27-1.src.rpm
     12417601 5bd1ab6a4aa80f8191e63798337157aa

   Binary Packages
   Size: MD5

   postgresql-7.4.27-1.i586.rpm
      1366003 0a13f2c3415549c861733d2fa27b5fd3
   postgresql-contrib-7.4.27-1.i586.rpm
      4086102 6a6836ffda9a0746fdcde1bca46c1726
   postgresql-devel-7.4.27-1.i586.rpm
       862184 1f4c824a0a543a718a7741d71ba87229
   postgresql-jdbc-7.4.27-1.i586.rpm
       696412 904379290da76a7918f29ab9c8e09bfe
   postgresql-libs-7.4.27-1.i586.rpm
       124197 17863779101159483b69e90ee96fe4d8
   postgresql-odbc-7.4.27-1.i586.rpm
       138500 c43f27e0b2185a6abfbe081dd9b14dd0
   postgresql-perl-7.4.27-1.i586.rpm
       611720 b4a43b496459a97cdab7914a422198f8
   postgresql-python-7.4.27-1.i586.rpm
       414049 7d3fd23b6df490ecfe76e93f4d5d557f
   postgresql-server-7.4.27-1.i586.rpm
      2451821 4f5aa472acce02d441d67513723a926d
   postgresql-tcl-7.4.27-1.i586.rpm
        53307 6d38d7b9648e9df75d0154bd7077f20f
   postgresql-tk-7.4.27-1.i586.rpm
        24643 2f8007ed56df05c81c503433a69e886d

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/postgresql-8.0.23-1.src.rpm
     13447131 b49cd2442ac612607e09d6374f7952a4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/postgresql-libs-32bit-8.0.23-1.src.rpm
      2542988 3f8a03622a0d70db72f710e6145975a9

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postgresql-8.0.23-1.x86_64.rpm
       632154 4d3330c32795932994a124557e2721be
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postgresql-contrib-8.0.23-1.x86_64.rpm
      4504001 1e6fb307ac5762da16b0980e2f6aa0d7
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postgresql-devel-8.0.23-1.x86_64.rpm
       678892 dfa8c1c361a065f78a346a3eefb230aa
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postgresql-docs-8.0.23-1.x86_64.rpm
      1270369 dea649ba29a6892a4f6a9396baafba63
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postgresql-jdbc-8.0.23-1.x86_64.rpm
       870197 b93519426cd3b788bcbe616f45f7d0c7
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postgresql-libs-32bit-8.0.23-1.x86_64.rpm
      2676189 ee6afe6f06c2c91d179bc41b4950c12f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postgresql-libs-8.0.23-1.x86_64.rpm
      2828603 80a5b8ca4814e3ec0feb59a5ec0f83d1
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postgresql-odbc-8.0.23-1.x86_64.rpm
       171308 755fff641d1e3c183e341747ffd14413
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postgresql-perl-8.0.23-1.x86_64.rpm
       625757 56f341a51cc4a5a2ea932b1ac2b2f48b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postgresql-python-8.0.23-1.x86_64.rpm
       470089 9f3c2f59a88bf6de0207cbc60f8e9758
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postgresql-server-8.0.23-1.x86_64.rpm
      2925090 9d9717e780c1a727627815fcbf84f94e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postgresql-tcl-8.0.23-1.x86_64.rpm
        40070 18f3d3a99b297054339ea7c8141b9cfa
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postgresql-test-8.0.23-1.x86_64.rpm
      1002994 e05a3d7fb337adec26a1e6bda253dba6
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postgresql-tk-8.0.23-1.x86_64.rpm
        21002 0b5ca9af4c1770129663253b32f52195

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/postgresql-7.4.27-1.src.rpm
     12417601 5bd1ab6a4aa80f8191e63798337157aa

   Binary Packages
   Size: MD5

   postgresql-7.4.27-1.i586.rpm
      1366003 0a13f2c3415549c861733d2fa27b5fd3
   postgresql-contrib-7.4.27-1.i586.rpm
      4086102 6a6836ffda9a0746fdcde1bca46c1726
   postgresql-docs-7.4.27-1.i586.rpm
      1116073 c06166d01c2f8e71ab6bf31565ff3a15
   postgresql-devel-7.4.27-1.i586.rpm
       862184 1f4c824a0a543a718a7741d71ba87229
   postgresql-jdbc-7.4.27-1.i586.rpm
       696412 904379290da76a7918f29ab9c8e09bfe
   postgresql-libs-7.4.27-1.i586.rpm
       124197 17863779101159483b69e90ee96fe4d8
   postgresql-odbc-7.4.27-1.i586.rpm
       138500 c43f27e0b2185a6abfbe081dd9b14dd0
   postgresql-perl-7.4.27-1.i586.rpm
       611720 b4a43b496459a97cdab7914a422198f8
   postgresql-python-7.4.27-1.i586.rpm
       414049 7d3fd23b6df490ecfe76e93f4d5d557f
   postgresql-server-7.4.27-1.i586.rpm
      2451821 4f5aa472acce02d441d67513723a926d
   postgresql-tcl-7.4.27-1.i586.rpm
        53307 6d38d7b9648e9df75d0154bd7077f20f
   postgresql-test-7.4.27-1.i586.rpm
       928535 4d3ed4f57346352f39993feda3e3f3bf
   postgresql-tk-7.4.27-1.i586.rpm
        24643 2f8007ed56df05c81c503433a69e886d


 References:

 CVE
   [CVE-2009-4034]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4034
   [CVE-2009-4136]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4136

 --------------------------------------------------------------------------
 Revision History
    18 Jan 2010 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2010 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (GNU/Linux)

iEYEARECAAYFAktUBysACgkQK0LzjOqIJMx9swCfQfQGqVe6OmdgxKfwtcCN3W1i
GBAAn2l3/mEdlEk/raNj2d/u2QncHkBC
=+U3x
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.