PostgreSQL 7.2, 7.3 ve 7.4 için güvenlik açığı ve yeni sürümler

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Merhaba,

iDefence'den bildirilen bir güvenlik raporu nedeniyle, 7.2, 7.3 ve 7.4
sürümlerinin yeni alt sürümleri duyuruldu: 7.2.6, 7.3.8 and 7.4.6

Bu açık "Orta seviyede" olarak tanımlanıyor.

Ayrıca potansiyel olarak veri kaybına yol açabilecek bir hada da bu
sürümlerde düzeltildi.

Yeni sürümü tüm yansılardan indirebilirsiniz. Türkiye'deki FTP yansısı:

ftp6.tr.PostgreSQL.org

Tüm FTP yansılarının listesi için:

http://www5.tr.postgresql.org/mirrors-ftp.html

Red Hat Enterprise Linux 3.0, Red Hat Linux 9, Fedora Core 1 ve Fedora
Core 1 için RPM'lerini şu anda yapıyorum; 7.4.6 için hepsi bitti. 1 saat
içinde ana FTP sitesinde, ardından da yansılarda olacak.

Tüm kullanıcıların bu yeni sürüme geçmeleri gerekiyor.

Saygılar,

- ----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: scrappy(at)hub(dot)org Yahoo!: yscrappy ICQ: 7615664

- ---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBemuytl86P3SPfQ4RAi3LAJ47HebpkyNFhNk2kNYzz485f1vzEwCgg91M
/JUUqZfnA3aryYuhHDoKXSI=
=Z42k
-----END PGP SIGNATURE-----
>From pgsql-tr-genel-owner(at)postgresql(dot)org Thu Oct 28 07:18:24 2004
X-Original-To: pgsql-tr-genel-postgresql(dot)org(at)localhost(dot)postgresql(dot)org
Received: from localhost (unknown [200.46.204.144])
by svr1.postgresql.org (Postfix) with ESMTP id D01913A4847
for <pgsql-tr-genel-postgresql(dot)org(at)localhost(dot)postgresql(dot)org>; Thu, 28 Oct 2004 07:18:22 +0100 (BST)
Received: from svr1.postgresql.org ([200.46.204.71])
by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024)
with ESMTP id 51488-07
for <pgsql-tr-genel-postgresql(dot)org(at)localhost(dot)postgresql(dot)org>;
Thu, 28 Oct 2004 06:18:20 +0000 (GMT)
Received: from emo.org.tr (emo.org.tr [195.142.105.9])
by svr1.postgresql.org (Postfix) with ESMTP id CF7553A483F
for <pgsql-tr-genel(at)PostgreSQL(dot)org>; Thu, 28 Oct 2004 07:18:19 +0100 (BST)
Received: by emo.org.tr (Postfix, from userid 41643)
id 0F5072FFBB; Thu, 28 Oct 2004 09:18:14 +0300 (EEST)
Received: from localhost (localhost [127.0.0.1])
by emo.org.tr (Postfix) with ESMTP id 07424112196
for <pgsql-tr-genel(at)PostgreSQL(dot)org>; Thu, 28 Oct 2004 09:18:13 +0300 (EEST)
Date: Thu, 28 Oct 2004 09:18:11 +0300 (EEST)
From: Devrim GUNDUZ <devrim(at)gunduz(dot)org>
X-X-Sender: devrim2(at)emo(dot)org(dot)tr
To: PostgreSQL Turkiye <pgsql-tr-genel(at)PostgreSQL(dot)org>
Subject: [ANNOUNCE] [SECURITY] New set of PostgreSQL RPMS are available for
download (fwd)
Message-ID: <Pine(dot)LNX(dot)4(dot)61(dot)0410280917300(dot)9317(at)emo(dot)org(dot)tr>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Virus-Scanned: by amavisd-new at hub.org
X-Spam-Status: No, hits=0.0 tagged_above=0.0 required=5.0 tests=
X-Spam-Level:
X-Archive-Number: 2004104/2
X-Sequence-Number: 175

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------- Forwarded message ----------
Date: Tue, 26 Oct 2004 20:18:20 +0300 (EEST)
From: Devrim GUNDUZ <devrim(at)gunduz(dot)org>
To: pgsql-announce(at)PostgreSQL(dot)org, pgsql-general(at)PostgreSQL(dot)org
Subject: [ANNOUNCE] [SECURITY] New set of PostgreSQL RPMS are available for
download

- ---------------------------------------------------------------------
PostgreSQL RPM Set Update
2004-10-26

Version(s): 7.3.8, 7.4.6

New set labels: 7.3.8-2PGDG, 7.4.6-2PGDG
- ---------------------------------------------------------------------

- ---------------------------------------------------------------------
Update Info:

Due to a security bug in RPM sets, new RPM sets for 7.4.6 and 7.3.8 have
been released. They are available in FTP site and synched mirrors. Due to
the seriousness of the bug, it is strongly recommended that administrators
upgrade their database servers at their earliest convenience.

Also, some minor changes have been applied to the spec files.

It should be noted that, for those looking to upgrade from a 7.4.0/7.4.1
server to 7.4.6, that there a dump-n-reload is *recommended* (but not
required) to address a fix introduced between 7.4.1 and 7.4.2. Please
refer to the 7.4.6 HISTORY file for information on how this can be
accomplished without a dump-n-reload, as there are steps that can be
followed for this.

7.4.6-2 set also includes RPMs for RHAS 2.1, thanks to Gaetano Mendola for
the effort.

These sets include RPMs and SRPMs for Fedora Core 1, Fedora Core 2, Red
Hat Enterprise Linux 3.0, Red Hat Linux 9 and Red Hat Advanced Server 2.1.
md5sums are also provided with the packages.
- ---------------------------------------------------------------------

- ---------------------------------------------------------------------
Changes since 7.4.6-1PGDG and 7.3.8-1PGDG RPMs:

* Updated init script to preventa nefarious postgres user from obtaining
root privileges.(per Red Hat Bugzilla #136947, #136949)
* Updated kerbdir
* Updated PyGreSQL from 3.4 to 3.5 (only for 7.4.6-2PGDG)
* Updated spec file to correct permissions for PyGreSQL permissions (per
Red Hat RPMS) (for only 7.4.6-2PGDG)
* Updated doc files for PyGreSQL (only for 7.4.6-2PGDG)
* Modified if-endif lines for tcl&tcldevel prereq lines (per Red Hat RPMS)
* Applied getppid.patch as patch #4 (per Red Hat RPMS)
- - Updated preun and postun server scripts, per Red Hat RPMS
- ----------------------------------------------------------------------

Please download these from one of our FTP mirror sites:

http://www.PostgreSQL.org/mirrors-ftp.html

or from Bittorrent (Thanks to David Fetter) :

http://bt.PostgreSQL.org

As always, please report any bugs to pgsql-bugs(at)postgresql(dot)org

Regards,
- --
Devrim GUNDUZ
devrim~gunduz.org devrim.gunduz~linux.org.tr
http://www.tdmsoft.com
http://www.gunduz.org

- ----------------------------------------------------------------------
gpg: Signature made Tue Oct 26 20:18:22 2004 EEST using DSA key ID 748F7D0E
gpg: Good signature from "Devrim Gunduz <devrim(at)gunduz(dot)org>"
- ----------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBgI8ltl86P3SPfQ4RAvNeAJ9TopJYq5KNEMRrLDDNaSdhgj6wSgCg1III
3XYv/jkMZEKcu49JKSgiW+Y=
=lGJu
-----END PGP SIGNATURE-----