Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Enterprise Watch List (http://www.linux-archive.org/enterprise-watch-list/)
-   -   Moderate: postgresql security update (http://www.linux-archive.org/enterprise-watch-list/34706-moderate-postgresql-security-update.html)

01-11-2008 11:39 AM

Moderate: postgresql security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: postgresql security update
Advisory ID: RHSA-2008:0038-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0038.html
Issue date: 2008-01-11
CVE Names: CVE-2007-3278 CVE-2007-4769 CVE-2007-4772
CVE-2007-6067 CVE-2007-6600 CVE-2007-6601
================================================== ===================

1. Summary:

Updated postgresql packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

PostgreSQL is an advanced Object-Relational database management system
(DBMS). The postgresql packages include the client programs and libraries
needed to access a PostgreSQL DBMS server.

Will Drewry discovered multiple flaws in PostgreSQL's regular expression
engine. An authenticated attacker could use these flaws to cause a denial
of service by causing the PostgreSQL server to crash, enter an infinite
loop, or use extensive CPU and memory resources while processing queries
containing specially crafted regular expressions. Applications that accept
regular expressions from untrusted sources may expose this problem to
unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)

A privilege escalation flaw was discovered in PostgreSQL. An authenticated
attacker could create an index function that would be executed with
administrator privileges during database maintenance tasks, such as
database vacuuming. (CVE-2007-6600)

A privilege escalation flaw was discovered in PostgreSQL's Database Link
library (dblink). An authenticated attacker could use dblink to possibly
escalate privileges on systems with "trust" or "ident" authentication
configured. Please note that dblink functionality is not enabled by
default, and can only by enabled by a database administrator on systems
with the postgresql-contrib package installed. (CVE-2007-3278,
CVE-2007-6601)

All postgresql users should upgrade to these updated packages, which
include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

309141 - CVE-2007-3278 dblink allows proxying of database connections via 127.0.0.1
315231 - CVE-2007-4769 postgresql integer overflow in regex code
316511 - CVE-2007-4772 postgresql DoS via infinite loop in regex NFA optimization code
400931 - CVE-2007-6067 postgresql: tempory DoS caused by slow regex NFA cleanup
427127 - CVE-2007-6600 PostgreSQL privilege escalation
427128 - CVE-2007-6601 PostgreSQL privilege escalation via dblink

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/postgresql-7.4.19-1.el4_6.1.src.rpm

i386:
postgresql-7.4.19-1.el4_6.1.i386.rpm
postgresql-contrib-7.4.19-1.el4_6.1.i386.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.i386.rpm
postgresql-devel-7.4.19-1.el4_6.1.i386.rpm
postgresql-docs-7.4.19-1.el4_6.1.i386.rpm
postgresql-jdbc-7.4.19-1.el4_6.1.i386.rpm
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm
postgresql-pl-7.4.19-1.el4_6.1.i386.rpm
postgresql-python-7.4.19-1.el4_6.1.i386.rpm
postgresql-server-7.4.19-1.el4_6.1.i386.rpm
postgresql-tcl-7.4.19-1.el4_6.1.i386.rpm
postgresql-test-7.4.19-1.el4_6.1.i386.rpm

ia64:
postgresql-7.4.19-1.el4_6.1.ia64.rpm
postgresql-contrib-7.4.19-1.el4_6.1.ia64.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.i386.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.ia64.rpm
postgresql-devel-7.4.19-1.el4_6.1.ia64.rpm
postgresql-docs-7.4.19-1.el4_6.1.ia64.rpm
postgresql-jdbc-7.4.19-1.el4_6.1.ia64.rpm
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm
postgresql-libs-7.4.19-1.el4_6.1.ia64.rpm
postgresql-pl-7.4.19-1.el4_6.1.ia64.rpm
postgresql-python-7.4.19-1.el4_6.1.ia64.rpm
postgresql-server-7.4.19-1.el4_6.1.ia64.rpm
postgresql-tcl-7.4.19-1.el4_6.1.ia64.rpm
postgresql-test-7.4.19-1.el4_6.1.ia64.rpm

ppc:
postgresql-7.4.19-1.el4_6.1.ppc.rpm
postgresql-contrib-7.4.19-1.el4_6.1.ppc.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.ppc.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.ppc64.rpm
postgresql-devel-7.4.19-1.el4_6.1.ppc.rpm
postgresql-docs-7.4.19-1.el4_6.1.ppc.rpm
postgresql-jdbc-7.4.19-1.el4_6.1.ppc.rpm
postgresql-libs-7.4.19-1.el4_6.1.ppc.rpm
postgresql-libs-7.4.19-1.el4_6.1.ppc64.rpm
postgresql-pl-7.4.19-1.el4_6.1.ppc.rpm
postgresql-python-7.4.19-1.el4_6.1.ppc.rpm
postgresql-server-7.4.19-1.el4_6.1.ppc.rpm
postgresql-tcl-7.4.19-1.el4_6.1.ppc.rpm
postgresql-test-7.4.19-1.el4_6.1.ppc.rpm

s390:
postgresql-7.4.19-1.el4_6.1.s390.rpm
postgresql-contrib-7.4.19-1.el4_6.1.s390.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.s390.rpm
postgresql-devel-7.4.19-1.el4_6.1.s390.rpm
postgresql-docs-7.4.19-1.el4_6.1.s390.rpm
postgresql-jdbc-7.4.19-1.el4_6.1.s390.rpm
postgresql-libs-7.4.19-1.el4_6.1.s390.rpm
postgresql-pl-7.4.19-1.el4_6.1.s390.rpm
postgresql-python-7.4.19-1.el4_6.1.s390.rpm
postgresql-server-7.4.19-1.el4_6.1.s390.rpm
postgresql-tcl-7.4.19-1.el4_6.1.s390.rpm
postgresql-test-7.4.19-1.el4_6.1.s390.rpm

s390x:
postgresql-7.4.19-1.el4_6.1.s390x.rpm
postgresql-contrib-7.4.19-1.el4_6.1.s390x.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.s390.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.s390x.rpm
postgresql-devel-7.4.19-1.el4_6.1.s390x.rpm
postgresql-docs-7.4.19-1.el4_6.1.s390x.rpm
postgresql-jdbc-7.4.19-1.el4_6.1.s390x.rpm
postgresql-libs-7.4.19-1.el4_6.1.s390.rpm
postgresql-libs-7.4.19-1.el4_6.1.s390x.rpm
postgresql-pl-7.4.19-1.el4_6.1.s390x.rpm
postgresql-python-7.4.19-1.el4_6.1.s390x.rpm
postgresql-server-7.4.19-1.el4_6.1.s390x.rpm
postgresql-tcl-7.4.19-1.el4_6.1.s390x.rpm
postgresql-test-7.4.19-1.el4_6.1.s390x.rpm

x86_64:
postgresql-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-contrib-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.i386.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-devel-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-docs-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-jdbc-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm
postgresql-libs-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-pl-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-python-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-server-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-tcl-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-test-7.4.19-1.el4_6.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/postgresql-7.4.19-1.el4_6.1.src.rpm

i386:
postgresql-7.4.19-1.el4_6.1.i386.rpm
postgresql-contrib-7.4.19-1.el4_6.1.i386.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.i386.rpm
postgresql-devel-7.4.19-1.el4_6.1.i386.rpm
postgresql-docs-7.4.19-1.el4_6.1.i386.rpm
postgresql-jdbc-7.4.19-1.el4_6.1.i386.rpm
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm
postgresql-pl-7.4.19-1.el4_6.1.i386.rpm
postgresql-python-7.4.19-1.el4_6.1.i386.rpm
postgresql-server-7.4.19-1.el4_6.1.i386.rpm
postgresql-tcl-7.4.19-1.el4_6.1.i386.rpm
postgresql-test-7.4.19-1.el4_6.1.i386.rpm

x86_64:
postgresql-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-contrib-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.i386.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-devel-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-docs-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-jdbc-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm
postgresql-libs-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-pl-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-python-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-server-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-tcl-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-test-7.4.19-1.el4_6.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/postgresql-7.4.19-1.el4_6.1.src.rpm

i386:
postgresql-7.4.19-1.el4_6.1.i386.rpm
postgresql-contrib-7.4.19-1.el4_6.1.i386.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.i386.rpm
postgresql-devel-7.4.19-1.el4_6.1.i386.rpm
postgresql-docs-7.4.19-1.el4_6.1.i386.rpm
postgresql-jdbc-7.4.19-1.el4_6.1.i386.rpm
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm
postgresql-pl-7.4.19-1.el4_6.1.i386.rpm
postgresql-python-7.4.19-1.el4_6.1.i386.rpm
postgresql-server-7.4.19-1.el4_6.1.i386.rpm
postgresql-tcl-7.4.19-1.el4_6.1.i386.rpm
postgresql-test-7.4.19-1.el4_6.1.i386.rpm

ia64:
postgresql-7.4.19-1.el4_6.1.ia64.rpm
postgresql-contrib-7.4.19-1.el4_6.1.ia64.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.i386.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.ia64.rpm
postgresql-devel-7.4.19-1.el4_6.1.ia64.rpm
postgresql-docs-7.4.19-1.el4_6.1.ia64.rpm
postgresql-jdbc-7.4.19-1.el4_6.1.ia64.rpm
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm
postgresql-libs-7.4.19-1.el4_6.1.ia64.rpm
postgresql-pl-7.4.19-1.el4_6.1.ia64.rpm
postgresql-python-7.4.19-1.el4_6.1.ia64.rpm
postgresql-server-7.4.19-1.el4_6.1.ia64.rpm
postgresql-tcl-7.4.19-1.el4_6.1.ia64.rpm
postgresql-test-7.4.19-1.el4_6.1.ia64.rpm

x86_64:
postgresql-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-contrib-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.i386.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-devel-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-docs-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-jdbc-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm
postgresql-libs-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-pl-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-python-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-server-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-tcl-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-test-7.4.19-1.el4_6.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/postgresql-7.4.19-1.el4_6.1.src.rpm

i386:
postgresql-7.4.19-1.el4_6.1.i386.rpm
postgresql-contrib-7.4.19-1.el4_6.1.i386.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.i386.rpm
postgresql-devel-7.4.19-1.el4_6.1.i386.rpm
postgresql-docs-7.4.19-1.el4_6.1.i386.rpm
postgresql-jdbc-7.4.19-1.el4_6.1.i386.rpm
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm
postgresql-pl-7.4.19-1.el4_6.1.i386.rpm
postgresql-python-7.4.19-1.el4_6.1.i386.rpm
postgresql-server-7.4.19-1.el4_6.1.i386.rpm
postgresql-tcl-7.4.19-1.el4_6.1.i386.rpm
postgresql-test-7.4.19-1.el4_6.1.i386.rpm

ia64:
postgresql-7.4.19-1.el4_6.1.ia64.rpm
postgresql-contrib-7.4.19-1.el4_6.1.ia64.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.i386.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.ia64.rpm
postgresql-devel-7.4.19-1.el4_6.1.ia64.rpm
postgresql-docs-7.4.19-1.el4_6.1.ia64.rpm
postgresql-jdbc-7.4.19-1.el4_6.1.ia64.rpm
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm
postgresql-libs-7.4.19-1.el4_6.1.ia64.rpm
postgresql-pl-7.4.19-1.el4_6.1.ia64.rpm
postgresql-python-7.4.19-1.el4_6.1.ia64.rpm
postgresql-server-7.4.19-1.el4_6.1.ia64.rpm
postgresql-tcl-7.4.19-1.el4_6.1.ia64.rpm
postgresql-test-7.4.19-1.el4_6.1.ia64.rpm

x86_64:
postgresql-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-contrib-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.i386.rpm
postgresql-debuginfo-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-devel-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-docs-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-jdbc-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm
postgresql-libs-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-pl-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-python-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-server-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-tcl-7.4.19-1.el4_6.1.x86_64.rpm
postgresql-test-7.4.19-1.el4_6.1.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.11-1.el5_1.1.src.rpm

i386:
postgresql-8.1.11-1.el5_1.1.i386.rpm
postgresql-contrib-8.1.11-1.el5_1.1.i386.rpm
postgresql-debuginfo-8.1.11-1.el5_1.1.i386.rpm
postgresql-docs-8.1.11-1.el5_1.1.i386.rpm
postgresql-libs-8.1.11-1.el5_1.1.i386.rpm
postgresql-python-8.1.11-1.el5_1.1.i386.rpm
postgresql-tcl-8.1.11-1.el5_1.1.i386.rpm

x86_64:
postgresql-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-contrib-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-debuginfo-8.1.11-1.el5_1.1.i386.rpm
postgresql-debuginfo-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-docs-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-libs-8.1.11-1.el5_1.1.i386.rpm
postgresql-libs-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-python-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-tcl-8.1.11-1.el5_1.1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.11-1.el5_1.1.src.rpm

i386:
postgresql-debuginfo-8.1.11-1.el5_1.1.i386.rpm
postgresql-devel-8.1.11-1.el5_1.1.i386.rpm
postgresql-pl-8.1.11-1.el5_1.1.i386.rpm
postgresql-server-8.1.11-1.el5_1.1.i386.rpm
postgresql-test-8.1.11-1.el5_1.1.i386.rpm

x86_64:
postgresql-debuginfo-8.1.11-1.el5_1.1.i386.rpm
postgresql-debuginfo-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-devel-8.1.11-1.el5_1.1.i386.rpm
postgresql-devel-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-pl-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-server-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-test-8.1.11-1.el5_1.1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postgresql-8.1.11-1.el5_1.1.src.rpm

i386:
postgresql-8.1.11-1.el5_1.1.i386.rpm
postgresql-contrib-8.1.11-1.el5_1.1.i386.rpm
postgresql-debuginfo-8.1.11-1.el5_1.1.i386.rpm
postgresql-devel-8.1.11-1.el5_1.1.i386.rpm
postgresql-docs-8.1.11-1.el5_1.1.i386.rpm
postgresql-libs-8.1.11-1.el5_1.1.i386.rpm
postgresql-pl-8.1.11-1.el5_1.1.i386.rpm
postgresql-python-8.1.11-1.el5_1.1.i386.rpm
postgresql-server-8.1.11-1.el5_1.1.i386.rpm
postgresql-tcl-8.1.11-1.el5_1.1.i386.rpm
postgresql-test-8.1.11-1.el5_1.1.i386.rpm

ia64:
postgresql-8.1.11-1.el5_1.1.ia64.rpm
postgresql-contrib-8.1.11-1.el5_1.1.ia64.rpm
postgresql-debuginfo-8.1.11-1.el5_1.1.i386.rpm
postgresql-debuginfo-8.1.11-1.el5_1.1.ia64.rpm
postgresql-devel-8.1.11-1.el5_1.1.ia64.rpm
postgresql-docs-8.1.11-1.el5_1.1.ia64.rpm
postgresql-libs-8.1.11-1.el5_1.1.i386.rpm
postgresql-libs-8.1.11-1.el5_1.1.ia64.rpm
postgresql-pl-8.1.11-1.el5_1.1.ia64.rpm
postgresql-python-8.1.11-1.el5_1.1.ia64.rpm
postgresql-server-8.1.11-1.el5_1.1.ia64.rpm
postgresql-tcl-8.1.11-1.el5_1.1.ia64.rpm
postgresql-test-8.1.11-1.el5_1.1.ia64.rpm

ppc:
postgresql-8.1.11-1.el5_1.1.ppc.rpm
postgresql-contrib-8.1.11-1.el5_1.1.ppc.rpm
postgresql-debuginfo-8.1.11-1.el5_1.1.ppc.rpm
postgresql-debuginfo-8.1.11-1.el5_1.1.ppc64.rpm
postgresql-devel-8.1.11-1.el5_1.1.ppc.rpm
postgresql-devel-8.1.11-1.el5_1.1.ppc64.rpm
postgresql-docs-8.1.11-1.el5_1.1.ppc.rpm
postgresql-libs-8.1.11-1.el5_1.1.ppc.rpm
postgresql-libs-8.1.11-1.el5_1.1.ppc64.rpm
postgresql-pl-8.1.11-1.el5_1.1.ppc.rpm
postgresql-python-8.1.11-1.el5_1.1.ppc.rpm
postgresql-server-8.1.11-1.el5_1.1.ppc.rpm
postgresql-tcl-8.1.11-1.el5_1.1.ppc.rpm
postgresql-test-8.1.11-1.el5_1.1.ppc.rpm

s390x:
postgresql-8.1.11-1.el5_1.1.s390x.rpm
postgresql-contrib-8.1.11-1.el5_1.1.s390x.rpm
postgresql-debuginfo-8.1.11-1.el5_1.1.s390.rpm
postgresql-debuginfo-8.1.11-1.el5_1.1.s390x.rpm
postgresql-devel-8.1.11-1.el5_1.1.s390.rpm
postgresql-devel-8.1.11-1.el5_1.1.s390x.rpm
postgresql-docs-8.1.11-1.el5_1.1.s390x.rpm
postgresql-libs-8.1.11-1.el5_1.1.s390.rpm
postgresql-libs-8.1.11-1.el5_1.1.s390x.rpm
postgresql-pl-8.1.11-1.el5_1.1.s390x.rpm
postgresql-python-8.1.11-1.el5_1.1.s390x.rpm
postgresql-server-8.1.11-1.el5_1.1.s390x.rpm
postgresql-tcl-8.1.11-1.el5_1.1.s390x.rpm
postgresql-test-8.1.11-1.el5_1.1.s390x.rpm

x86_64:
postgresql-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-contrib-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-debuginfo-8.1.11-1.el5_1.1.i386.rpm
postgresql-debuginfo-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-devel-8.1.11-1.el5_1.1.i386.rpm
postgresql-devel-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-docs-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-libs-8.1.11-1.el5_1.1.i386.rpm
postgresql-libs-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-pl-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-python-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-server-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-tcl-8.1.11-1.el5_1.1.x86_64.rpm
postgresql-test-8.1.11-1.el5_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHh2N3XlSAg2UNWIIRAr/KAKCozeiMd7cAd8eCNJRPRtuS96MrpwCgpTro
tau8aqhrW5973eWxp+PLL4Q=
=Ar3r
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

01-11-2008 11:45 AM

Moderate: postgresql security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: postgresql security update
Advisory ID: RHSA-2008:0039-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0039.html
Issue date: 2008-01-11
CVE Names: CVE-2007-3278 CVE-2007-6600 CVE-2007-6601
================================================== ===================

1. Summary:

Updated postgresql packages that fix several security issues are now
available for Red Hat Enterprise Linux 3.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Description:

PostgreSQL is an advanced Object-Relational database management system
(DBMS). The postgresql packages include the client programs and libraries
needed to access a PostgreSQL DBMS server.

A privilege escalation flaw was discovered in PostgreSQL. An authenticated
attacker could create an index function that would be executed with
administrator privileges during database maintenance tasks, such as
database vacuuming. (CVE-2007-6600)

A privilege escalation flaw was discovered in PostgreSQL's Database Link
library (dblink). An authenticated attacker could use dblink to possibly
escalate privileges on systems with "trust" or "ident" authentication
configured. Please note that dblink functionality is not enabled by
default, and can only by enabled by a database administrator on systems
with the postgresql-contrib package installed.
(CVE-2007-3278, CVE-2007-6601)

All postgresql users should upgrade to these updated packages, which
include PostgreSQL 7.3.21 and resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

309141 - CVE-2007-3278 dblink allows proxying of database connections via 127.0.0.1
427127 - CVE-2007-6600 PostgreSQL privilege escalation
427128 - CVE-2007-6601 PostgreSQL privilege escalation via dblink

6. Package List:

Red Hat Enterprise Linux AS version 3:

Source:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/rh-postgresql-7.3.21-1.src.rpm

i386:
rh-postgresql-7.3.21-1.i386.rpm
rh-postgresql-contrib-7.3.21-1.i386.rpm
rh-postgresql-debuginfo-7.3.21-1.i386.rpm
rh-postgresql-devel-7.3.21-1.i386.rpm
rh-postgresql-docs-7.3.21-1.i386.rpm
rh-postgresql-jdbc-7.3.21-1.i386.rpm
rh-postgresql-libs-7.3.21-1.i386.rpm
rh-postgresql-pl-7.3.21-1.i386.rpm
rh-postgresql-python-7.3.21-1.i386.rpm
rh-postgresql-server-7.3.21-1.i386.rpm
rh-postgresql-tcl-7.3.21-1.i386.rpm
rh-postgresql-test-7.3.21-1.i386.rpm

ia64:
rh-postgresql-7.3.21-1.ia64.rpm
rh-postgresql-contrib-7.3.21-1.ia64.rpm
rh-postgresql-debuginfo-7.3.21-1.i386.rpm
rh-postgresql-debuginfo-7.3.21-1.ia64.rpm
rh-postgresql-devel-7.3.21-1.ia64.rpm
rh-postgresql-docs-7.3.21-1.ia64.rpm
rh-postgresql-jdbc-7.3.21-1.ia64.rpm
rh-postgresql-libs-7.3.21-1.i386.rpm
rh-postgresql-libs-7.3.21-1.ia64.rpm
rh-postgresql-pl-7.3.21-1.ia64.rpm
rh-postgresql-python-7.3.21-1.ia64.rpm
rh-postgresql-server-7.3.21-1.ia64.rpm
rh-postgresql-tcl-7.3.21-1.ia64.rpm
rh-postgresql-test-7.3.21-1.ia64.rpm

ppc:
rh-postgresql-7.3.21-1.ppc.rpm
rh-postgresql-contrib-7.3.21-1.ppc.rpm
rh-postgresql-debuginfo-7.3.21-1.ppc.rpm
rh-postgresql-debuginfo-7.3.21-1.ppc64.rpm
rh-postgresql-devel-7.3.21-1.ppc.rpm
rh-postgresql-docs-7.3.21-1.ppc.rpm
rh-postgresql-jdbc-7.3.21-1.ppc.rpm
rh-postgresql-libs-7.3.21-1.ppc.rpm
rh-postgresql-libs-7.3.21-1.ppc64.rpm
rh-postgresql-pl-7.3.21-1.ppc.rpm
rh-postgresql-python-7.3.21-1.ppc.rpm
rh-postgresql-server-7.3.21-1.ppc.rpm
rh-postgresql-tcl-7.3.21-1.ppc.rpm
rh-postgresql-test-7.3.21-1.ppc.rpm

s390:
rh-postgresql-7.3.21-1.s390.rpm
rh-postgresql-contrib-7.3.21-1.s390.rpm
rh-postgresql-debuginfo-7.3.21-1.s390.rpm
rh-postgresql-devel-7.3.21-1.s390.rpm
rh-postgresql-docs-7.3.21-1.s390.rpm
rh-postgresql-jdbc-7.3.21-1.s390.rpm
rh-postgresql-libs-7.3.21-1.s390.rpm
rh-postgresql-pl-7.3.21-1.s390.rpm
rh-postgresql-python-7.3.21-1.s390.rpm
rh-postgresql-server-7.3.21-1.s390.rpm
rh-postgresql-tcl-7.3.21-1.s390.rpm
rh-postgresql-test-7.3.21-1.s390.rpm

s390x:
rh-postgresql-7.3.21-1.s390x.rpm
rh-postgresql-contrib-7.3.21-1.s390x.rpm
rh-postgresql-debuginfo-7.3.21-1.s390.rpm
rh-postgresql-debuginfo-7.3.21-1.s390x.rpm
rh-postgresql-devel-7.3.21-1.s390x.rpm
rh-postgresql-docs-7.3.21-1.s390x.rpm
rh-postgresql-jdbc-7.3.21-1.s390x.rpm
rh-postgresql-libs-7.3.21-1.s390.rpm
rh-postgresql-libs-7.3.21-1.s390x.rpm
rh-postgresql-pl-7.3.21-1.s390x.rpm
rh-postgresql-python-7.3.21-1.s390x.rpm
rh-postgresql-server-7.3.21-1.s390x.rpm
rh-postgresql-tcl-7.3.21-1.s390x.rpm
rh-postgresql-test-7.3.21-1.s390x.rpm

x86_64:
rh-postgresql-7.3.21-1.x86_64.rpm
rh-postgresql-contrib-7.3.21-1.x86_64.rpm
rh-postgresql-debuginfo-7.3.21-1.i386.rpm
rh-postgresql-debuginfo-7.3.21-1.x86_64.rpm
rh-postgresql-devel-7.3.21-1.x86_64.rpm
rh-postgresql-docs-7.3.21-1.x86_64.rpm
rh-postgresql-jdbc-7.3.21-1.x86_64.rpm
rh-postgresql-libs-7.3.21-1.i386.rpm
rh-postgresql-libs-7.3.21-1.x86_64.rpm
rh-postgresql-pl-7.3.21-1.x86_64.rpm
rh-postgresql-python-7.3.21-1.x86_64.rpm
rh-postgresql-server-7.3.21-1.x86_64.rpm
rh-postgresql-tcl-7.3.21-1.x86_64.rpm
rh-postgresql-test-7.3.21-1.x86_64.rpm

Red Hat Desktop version 3:

Source:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/rh-postgresql-7.3.21-1.src.rpm

i386:
rh-postgresql-7.3.21-1.i386.rpm
rh-postgresql-contrib-7.3.21-1.i386.rpm
rh-postgresql-debuginfo-7.3.21-1.i386.rpm
rh-postgresql-devel-7.3.21-1.i386.rpm
rh-postgresql-docs-7.3.21-1.i386.rpm
rh-postgresql-jdbc-7.3.21-1.i386.rpm
rh-postgresql-libs-7.3.21-1.i386.rpm
rh-postgresql-pl-7.3.21-1.i386.rpm
rh-postgresql-python-7.3.21-1.i386.rpm
rh-postgresql-server-7.3.21-1.i386.rpm
rh-postgresql-tcl-7.3.21-1.i386.rpm
rh-postgresql-test-7.3.21-1.i386.rpm

x86_64:
rh-postgresql-7.3.21-1.x86_64.rpm
rh-postgresql-contrib-7.3.21-1.x86_64.rpm
rh-postgresql-debuginfo-7.3.21-1.i386.rpm
rh-postgresql-debuginfo-7.3.21-1.x86_64.rpm
rh-postgresql-devel-7.3.21-1.x86_64.rpm
rh-postgresql-docs-7.3.21-1.x86_64.rpm
rh-postgresql-jdbc-7.3.21-1.x86_64.rpm
rh-postgresql-libs-7.3.21-1.i386.rpm
rh-postgresql-libs-7.3.21-1.x86_64.rpm
rh-postgresql-pl-7.3.21-1.x86_64.rpm
rh-postgresql-python-7.3.21-1.x86_64.rpm
rh-postgresql-server-7.3.21-1.x86_64.rpm
rh-postgresql-tcl-7.3.21-1.x86_64.rpm
rh-postgresql-test-7.3.21-1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

Source:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/rh-postgresql-7.3.21-1.src.rpm

i386:
rh-postgresql-7.3.21-1.i386.rpm
rh-postgresql-contrib-7.3.21-1.i386.rpm
rh-postgresql-debuginfo-7.3.21-1.i386.rpm
rh-postgresql-devel-7.3.21-1.i386.rpm
rh-postgresql-docs-7.3.21-1.i386.rpm
rh-postgresql-jdbc-7.3.21-1.i386.rpm
rh-postgresql-libs-7.3.21-1.i386.rpm
rh-postgresql-pl-7.3.21-1.i386.rpm
rh-postgresql-python-7.3.21-1.i386.rpm
rh-postgresql-server-7.3.21-1.i386.rpm
rh-postgresql-tcl-7.3.21-1.i386.rpm
rh-postgresql-test-7.3.21-1.i386.rpm

ia64:
rh-postgresql-7.3.21-1.ia64.rpm
rh-postgresql-contrib-7.3.21-1.ia64.rpm
rh-postgresql-debuginfo-7.3.21-1.i386.rpm
rh-postgresql-debuginfo-7.3.21-1.ia64.rpm
rh-postgresql-devel-7.3.21-1.ia64.rpm
rh-postgresql-docs-7.3.21-1.ia64.rpm
rh-postgresql-jdbc-7.3.21-1.ia64.rpm
rh-postgresql-libs-7.3.21-1.i386.rpm
rh-postgresql-libs-7.3.21-1.ia64.rpm
rh-postgresql-pl-7.3.21-1.ia64.rpm
rh-postgresql-python-7.3.21-1.ia64.rpm
rh-postgresql-server-7.3.21-1.ia64.rpm
rh-postgresql-tcl-7.3.21-1.ia64.rpm
rh-postgresql-test-7.3.21-1.ia64.rpm

x86_64:
rh-postgresql-7.3.21-1.x86_64.rpm
rh-postgresql-contrib-7.3.21-1.x86_64.rpm
rh-postgresql-debuginfo-7.3.21-1.i386.rpm
rh-postgresql-debuginfo-7.3.21-1.x86_64.rpm
rh-postgresql-devel-7.3.21-1.x86_64.rpm
rh-postgresql-docs-7.3.21-1.x86_64.rpm
rh-postgresql-jdbc-7.3.21-1.x86_64.rpm
rh-postgresql-libs-7.3.21-1.i386.rpm
rh-postgresql-libs-7.3.21-1.x86_64.rpm
rh-postgresql-pl-7.3.21-1.x86_64.rpm
rh-postgresql-python-7.3.21-1.x86_64.rpm
rh-postgresql-server-7.3.21-1.x86_64.rpm
rh-postgresql-tcl-7.3.21-1.x86_64.rpm
rh-postgresql-test-7.3.21-1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

Source:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/rh-postgresql-7.3.21-1.src.rpm

i386:
rh-postgresql-7.3.21-1.i386.rpm
rh-postgresql-contrib-7.3.21-1.i386.rpm
rh-postgresql-debuginfo-7.3.21-1.i386.rpm
rh-postgresql-devel-7.3.21-1.i386.rpm
rh-postgresql-docs-7.3.21-1.i386.rpm
rh-postgresql-jdbc-7.3.21-1.i386.rpm
rh-postgresql-libs-7.3.21-1.i386.rpm
rh-postgresql-pl-7.3.21-1.i386.rpm
rh-postgresql-python-7.3.21-1.i386.rpm
rh-postgresql-server-7.3.21-1.i386.rpm
rh-postgresql-tcl-7.3.21-1.i386.rpm
rh-postgresql-test-7.3.21-1.i386.rpm

ia64:
rh-postgresql-7.3.21-1.ia64.rpm
rh-postgresql-contrib-7.3.21-1.ia64.rpm
rh-postgresql-debuginfo-7.3.21-1.i386.rpm
rh-postgresql-debuginfo-7.3.21-1.ia64.rpm
rh-postgresql-devel-7.3.21-1.ia64.rpm
rh-postgresql-docs-7.3.21-1.ia64.rpm
rh-postgresql-jdbc-7.3.21-1.ia64.rpm
rh-postgresql-libs-7.3.21-1.i386.rpm
rh-postgresql-libs-7.3.21-1.ia64.rpm
rh-postgresql-pl-7.3.21-1.ia64.rpm
rh-postgresql-python-7.3.21-1.ia64.rpm
rh-postgresql-server-7.3.21-1.ia64.rpm
rh-postgresql-tcl-7.3.21-1.ia64.rpm
rh-postgresql-test-7.3.21-1.ia64.rpm

x86_64:
rh-postgresql-7.3.21-1.x86_64.rpm
rh-postgresql-contrib-7.3.21-1.x86_64.rpm
rh-postgresql-debuginfo-7.3.21-1.i386.rpm
rh-postgresql-debuginfo-7.3.21-1.x86_64.rpm
rh-postgresql-devel-7.3.21-1.x86_64.rpm
rh-postgresql-docs-7.3.21-1.x86_64.rpm
rh-postgresql-jdbc-7.3.21-1.x86_64.rpm
rh-postgresql-libs-7.3.21-1.i386.rpm
rh-postgresql-libs-7.3.21-1.x86_64.rpm
rh-postgresql-pl-7.3.21-1.x86_64.rpm
rh-postgresql-python-7.3.21-1.x86_64.rpm
rh-postgresql-server-7.3.21-1.x86_64.rpm
rh-postgresql-tcl-7.3.21-1.x86_64.rpm
rh-postgresql-test-7.3.21-1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHh2TuXlSAg2UNWIIRArcVAKCGH25vKnTSgMrotPxMBQ +uhQgU6QCgiwO7
KF7Z1fViOOMGLIbQQNOd6ts=
=brKx
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

02-01-2008 01:56 PM

Moderate: postgresql security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: postgresql security update
Advisory ID: RHSA-2008:0040-01
Product: Red Hat Application Stack
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0040.html
Issue date: 2008-02-01
CVE Names: CVE-2007-3278 CVE-2007-4769 CVE-2007-4772
CVE-2007-6067 CVE-2007-6600 CVE-2007-6601
================================================== ===================

1. Summary:

Updated postgresql packages that fix several security issues are now
available for Red Hat Application Stack v1 and v2.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64
Red Hat Application Stack v2 for Enterprise Linux (v.5) - i386, x86_64

3. Description:

PostgreSQL is an advanced Object-Relational database management system
(DBMS). The postgresql packages include the client programs and libraries
needed to access a PostgreSQL DBMS server.

Will Drewry discovered multiple flaws in PostgreSQL's regular expression
engine. An authenticated attacker could use these flaws to cause a denial
of service by causing the PostgreSQL server to crash, enter an infinite
loop, or use extensive CPU and memory resources while processing queries
containing specially crafted regular expressions. Applications that accept
regular expressions from untrusted sources may expose this problem to
unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)

A privilege escalation flaw was discovered in PostgreSQL. An authenticated
attacker could create an index function that would be executed with
administrator privileges during database maintenance tasks, such as
database vacuuming. (CVE-2007-6600)

A privilege escalation flaw was discovered in PostgreSQL's Database Link
library (dblink). An authenticated attacker could use dblink to possibly
escalate privileges on systems with "trust" or "ident" authentication
configured. Please note that dblink functionality is not enabled by
default, and can only by enabled by a database administrator on systems
with the postgresql-contrib package installed.
(CVE-2007-3278, CVE-2007-6601)

All postgresql users should upgrade to these updated packages, which
include PostgreSQL 8.1.11 and 8.2.6, and resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

309141 - CVE-2007-3278 dblink allows proxying of database connections via 127.0.0.1
315231 - CVE-2007-4769 postgresql integer overflow in regex code
316511 - CVE-2007-4772 postgresql DoS via infinite loop in regex NFA optimization code
400931 - CVE-2007-6067 postgresql: tempory DoS caused by slow regex NFA cleanup
427127 - CVE-2007-6600 PostgreSQL privilege escalation
427128 - CVE-2007-6601 PostgreSQL privilege escalation via dblink

6. Package List:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4):

Source:
ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/postgresql-8.1.11-1.el4s1.1.src.rpm

i386:
postgresql-8.1.11-1.el4s1.1.i386.rpm
postgresql-contrib-8.1.11-1.el4s1.1.i386.rpm
postgresql-debuginfo-8.1.11-1.el4s1.1.i386.rpm
postgresql-devel-8.1.11-1.el4s1.1.i386.rpm
postgresql-docs-8.1.11-1.el4s1.1.i386.rpm
postgresql-libs-8.1.11-1.el4s1.1.i386.rpm
postgresql-pl-8.1.11-1.el4s1.1.i386.rpm
postgresql-python-8.1.11-1.el4s1.1.i386.rpm
postgresql-server-8.1.11-1.el4s1.1.i386.rpm
postgresql-tcl-8.1.11-1.el4s1.1.i386.rpm
postgresql-test-8.1.11-1.el4s1.1.i386.rpm

x86_64:
postgresql-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-contrib-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-debuginfo-8.1.11-1.el4s1.1.i386.rpm
postgresql-debuginfo-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-devel-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-docs-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-libs-8.1.11-1.el4s1.1.i386.rpm
postgresql-libs-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-pl-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-python-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-server-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-tcl-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-test-8.1.11-1.el4s1.1.x86_64.rpm

Red Hat Application Stack v1 for Enterprise Linux ES (v.4):

Source:
ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/postgresql-8.1.11-1.el4s1.1.src.rpm

i386:
postgresql-8.1.11-1.el4s1.1.i386.rpm
postgresql-contrib-8.1.11-1.el4s1.1.i386.rpm
postgresql-debuginfo-8.1.11-1.el4s1.1.i386.rpm
postgresql-devel-8.1.11-1.el4s1.1.i386.rpm
postgresql-docs-8.1.11-1.el4s1.1.i386.rpm
postgresql-libs-8.1.11-1.el4s1.1.i386.rpm
postgresql-pl-8.1.11-1.el4s1.1.i386.rpm
postgresql-python-8.1.11-1.el4s1.1.i386.rpm
postgresql-server-8.1.11-1.el4s1.1.i386.rpm
postgresql-tcl-8.1.11-1.el4s1.1.i386.rpm
postgresql-test-8.1.11-1.el4s1.1.i386.rpm

x86_64:
postgresql-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-contrib-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-debuginfo-8.1.11-1.el4s1.1.i386.rpm
postgresql-debuginfo-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-devel-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-docs-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-libs-8.1.11-1.el4s1.1.i386.rpm
postgresql-libs-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-pl-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-python-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-server-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-tcl-8.1.11-1.el4s1.1.x86_64.rpm
postgresql-test-8.1.11-1.el4s1.1.x86_64.rpm

Red Hat Application Stack v2 for Enterprise Linux (v.5):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/postgresql-8.2.6-1.el5s2.src.rpm

i386:
postgresql-8.2.6-1.el5s2.i386.rpm
postgresql-contrib-8.2.6-1.el5s2.i386.rpm
postgresql-debuginfo-8.2.6-1.el5s2.i386.rpm
postgresql-devel-8.2.6-1.el5s2.i386.rpm
postgresql-docs-8.2.6-1.el5s2.i386.rpm
postgresql-libs-8.2.6-1.el5s2.i386.rpm
postgresql-plperl-8.2.6-1.el5s2.i386.rpm
postgresql-plpython-8.2.6-1.el5s2.i386.rpm
postgresql-pltcl-8.2.6-1.el5s2.i386.rpm
postgresql-python-8.2.6-1.el5s2.i386.rpm
postgresql-server-8.2.6-1.el5s2.i386.rpm
postgresql-tcl-8.2.6-1.el5s2.i386.rpm
postgresql-test-8.2.6-1.el5s2.i386.rpm

x86_64:
postgresql-8.2.6-1.el5s2.x86_64.rpm
postgresql-contrib-8.2.6-1.el5s2.x86_64.rpm
postgresql-debuginfo-8.2.6-1.el5s2.i386.rpm
postgresql-debuginfo-8.2.6-1.el5s2.x86_64.rpm
postgresql-devel-8.2.6-1.el5s2.i386.rpm
postgresql-devel-8.2.6-1.el5s2.x86_64.rpm
postgresql-docs-8.2.6-1.el5s2.x86_64.rpm
postgresql-libs-8.2.6-1.el5s2.i386.rpm
postgresql-libs-8.2.6-1.el5s2.x86_64.rpm
postgresql-plperl-8.2.6-1.el5s2.x86_64.rpm
postgresql-plpython-8.2.6-1.el5s2.x86_64.rpm
postgresql-pltcl-8.2.6-1.el5s2.x86_64.rpm
postgresql-python-8.2.6-1.el5s2.x86_64.rpm
postgresql-server-8.2.6-1.el5s2.x86_64.rpm
postgresql-tcl-8.2.6-1.el5s2.x86_64.rpm
postgresql-test-8.2.6-1.el5s2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHozLrXlSAg2UNWIIRAkUOAJ44ZnHt8hRTZ7OKYTdUXE iUxoJ1owCgn5CD
Ex2ADzs5qG+899zj38WZl+M=
=Vyfj
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

05-19-2010 05:02 PM

Moderate: postgresql security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: postgresql security update
Advisory ID: RHSA-2010:0427-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0427.html
Issue date: 2010-05-19
CVE Names: CVE-2009-4136 CVE-2010-0442 CVE-2010-0733
CVE-2010-1169 CVE-2010-1170
================================================== ===================

1. Summary:

Updated postgresql packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 3.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system
(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the
Perl and Tcl languages, and are installed in trusted mode by default. In
trusted mode, certain operations, such as operating system level access,
are restricted.

A flaw was found in the way PostgreSQL enforced permission checks on
scripts written in PL/Perl. If the PL/Perl procedural language was
registered on a particular database, an authenticated database user running
a specially-crafted PL/Perl script could use this flaw to bypass intended
PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl
scripts with the privileges of the database server. (CVE-2010-1169)

Red Hat would like to thank Tim Bunce for responsibly reporting the
CVE-2010-1169 flaw.

A flaw was found in the way PostgreSQL enforced permission checks on
scripts written in PL/Tcl. If the PL/Tcl procedural language was registered
on a particular database, an authenticated database user running a
specially-crafted PL/Tcl script could use this flaw to bypass intended
PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl
scripts with the privileges of the database server. (CVE-2010-1170)

A buffer overflow flaw was found in the way PostgreSQL retrieved a
substring from the bit string for BIT() and BIT VARYING() SQL data types.
An authenticated database user running a specially-crafted SQL query could
use this flaw to cause a temporary denial of service (postgres daemon
crash) or, potentially, execute arbitrary code with the privileges of the
database server. (CVE-2010-0442)

An integer overflow flaw was found in the way PostgreSQL used to calculate
the size of the hash table for joined relations. An authenticated database
user could create a specially-crafted SQL query which could cause a
temporary denial of service (postgres daemon crash) or, potentially,
execute arbitrary code with the privileges of the database server.
(CVE-2010-0733)

PostgreSQL improperly protected session-local state during the execution of
an index function by a database superuser during the database maintenance
operations. An authenticated database user could use this flaw to elevate
their privileges via specially-crafted index functions. (CVE-2009-4136)

All PostgreSQL users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. Running
PostgreSQL instances must be restarted ("service rhdb restart") for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

546321 - CVE-2009-4136 postgresql: SQL privilege escalation via modifications to session-local state
546621 - CVE-2010-0733 postgresql: Integer overflow in hash table size calculation
559259 - CVE-2010-0442 postgresql: substring() negative length argument buffer overflow
582615 - CVE-2010-1169 PostgreSQL: PL/Perl Intended restriction bypass
583072 - CVE-2010-1170 PostgreSQL: PL/Tcl Intended restriction bypass

6. Package List:

Red Hat Enterprise Linux AS version 3:

Source:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/rh-postgresql-7.3.21-3.src.rpm

i386:
rh-postgresql-7.3.21-3.i386.rpm
rh-postgresql-contrib-7.3.21-3.i386.rpm
rh-postgresql-debuginfo-7.3.21-3.i386.rpm
rh-postgresql-devel-7.3.21-3.i386.rpm
rh-postgresql-docs-7.3.21-3.i386.rpm
rh-postgresql-jdbc-7.3.21-3.i386.rpm
rh-postgresql-libs-7.3.21-3.i386.rpm
rh-postgresql-pl-7.3.21-3.i386.rpm
rh-postgresql-python-7.3.21-3.i386.rpm
rh-postgresql-server-7.3.21-3.i386.rpm
rh-postgresql-tcl-7.3.21-3.i386.rpm
rh-postgresql-test-7.3.21-3.i386.rpm

ia64:
rh-postgresql-7.3.21-3.ia64.rpm
rh-postgresql-contrib-7.3.21-3.ia64.rpm
rh-postgresql-debuginfo-7.3.21-3.i386.rpm
rh-postgresql-debuginfo-7.3.21-3.ia64.rpm
rh-postgresql-devel-7.3.21-3.ia64.rpm
rh-postgresql-docs-7.3.21-3.ia64.rpm
rh-postgresql-jdbc-7.3.21-3.ia64.rpm
rh-postgresql-libs-7.3.21-3.i386.rpm
rh-postgresql-libs-7.3.21-3.ia64.rpm
rh-postgresql-pl-7.3.21-3.ia64.rpm
rh-postgresql-python-7.3.21-3.ia64.rpm
rh-postgresql-server-7.3.21-3.ia64.rpm
rh-postgresql-tcl-7.3.21-3.ia64.rpm
rh-postgresql-test-7.3.21-3.ia64.rpm

ppc:
rh-postgresql-7.3.21-3.ppc.rpm
rh-postgresql-contrib-7.3.21-3.ppc.rpm
rh-postgresql-debuginfo-7.3.21-3.ppc.rpm
rh-postgresql-debuginfo-7.3.21-3.ppc64.rpm
rh-postgresql-devel-7.3.21-3.ppc.rpm
rh-postgresql-docs-7.3.21-3.ppc.rpm
rh-postgresql-jdbc-7.3.21-3.ppc.rpm
rh-postgresql-libs-7.3.21-3.ppc.rpm
rh-postgresql-libs-7.3.21-3.ppc64.rpm
rh-postgresql-pl-7.3.21-3.ppc.rpm
rh-postgresql-python-7.3.21-3.ppc.rpm
rh-postgresql-server-7.3.21-3.ppc.rpm
rh-postgresql-tcl-7.3.21-3.ppc.rpm
rh-postgresql-test-7.3.21-3.ppc.rpm

s390:
rh-postgresql-7.3.21-3.s390.rpm
rh-postgresql-contrib-7.3.21-3.s390.rpm
rh-postgresql-debuginfo-7.3.21-3.s390.rpm
rh-postgresql-devel-7.3.21-3.s390.rpm
rh-postgresql-docs-7.3.21-3.s390.rpm
rh-postgresql-jdbc-7.3.21-3.s390.rpm
rh-postgresql-libs-7.3.21-3.s390.rpm
rh-postgresql-pl-7.3.21-3.s390.rpm
rh-postgresql-python-7.3.21-3.s390.rpm
rh-postgresql-server-7.3.21-3.s390.rpm
rh-postgresql-tcl-7.3.21-3.s390.rpm
rh-postgresql-test-7.3.21-3.s390.rpm

s390x:
rh-postgresql-7.3.21-3.s390x.rpm
rh-postgresql-contrib-7.3.21-3.s390x.rpm
rh-postgresql-debuginfo-7.3.21-3.s390.rpm
rh-postgresql-debuginfo-7.3.21-3.s390x.rpm
rh-postgresql-devel-7.3.21-3.s390x.rpm
rh-postgresql-docs-7.3.21-3.s390x.rpm
rh-postgresql-jdbc-7.3.21-3.s390x.rpm
rh-postgresql-libs-7.3.21-3.s390.rpm
rh-postgresql-libs-7.3.21-3.s390x.rpm
rh-postgresql-pl-7.3.21-3.s390x.rpm
rh-postgresql-python-7.3.21-3.s390x.rpm
rh-postgresql-server-7.3.21-3.s390x.rpm
rh-postgresql-tcl-7.3.21-3.s390x.rpm
rh-postgresql-test-7.3.21-3.s390x.rpm

x86_64:
rh-postgresql-7.3.21-3.x86_64.rpm
rh-postgresql-contrib-7.3.21-3.x86_64.rpm
rh-postgresql-debuginfo-7.3.21-3.i386.rpm
rh-postgresql-debuginfo-7.3.21-3.x86_64.rpm
rh-postgresql-devel-7.3.21-3.x86_64.rpm
rh-postgresql-docs-7.3.21-3.x86_64.rpm
rh-postgresql-jdbc-7.3.21-3.x86_64.rpm
rh-postgresql-libs-7.3.21-3.i386.rpm
rh-postgresql-libs-7.3.21-3.x86_64.rpm
rh-postgresql-pl-7.3.21-3.x86_64.rpm
rh-postgresql-python-7.3.21-3.x86_64.rpm
rh-postgresql-server-7.3.21-3.x86_64.rpm
rh-postgresql-tcl-7.3.21-3.x86_64.rpm
rh-postgresql-test-7.3.21-3.x86_64.rpm

Red Hat Desktop version 3:

Source:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/rh-postgresql-7.3.21-3.src.rpm

i386:
rh-postgresql-7.3.21-3.i386.rpm
rh-postgresql-contrib-7.3.21-3.i386.rpm
rh-postgresql-debuginfo-7.3.21-3.i386.rpm
rh-postgresql-devel-7.3.21-3.i386.rpm
rh-postgresql-docs-7.3.21-3.i386.rpm
rh-postgresql-jdbc-7.3.21-3.i386.rpm
rh-postgresql-libs-7.3.21-3.i386.rpm
rh-postgresql-pl-7.3.21-3.i386.rpm
rh-postgresql-python-7.3.21-3.i386.rpm
rh-postgresql-server-7.3.21-3.i386.rpm
rh-postgresql-tcl-7.3.21-3.i386.rpm
rh-postgresql-test-7.3.21-3.i386.rpm

x86_64:
rh-postgresql-7.3.21-3.x86_64.rpm
rh-postgresql-contrib-7.3.21-3.x86_64.rpm
rh-postgresql-debuginfo-7.3.21-3.i386.rpm
rh-postgresql-debuginfo-7.3.21-3.x86_64.rpm
rh-postgresql-devel-7.3.21-3.x86_64.rpm
rh-postgresql-docs-7.3.21-3.x86_64.rpm
rh-postgresql-jdbc-7.3.21-3.x86_64.rpm
rh-postgresql-libs-7.3.21-3.i386.rpm
rh-postgresql-libs-7.3.21-3.x86_64.rpm
rh-postgresql-pl-7.3.21-3.x86_64.rpm
rh-postgresql-python-7.3.21-3.x86_64.rpm
rh-postgresql-server-7.3.21-3.x86_64.rpm
rh-postgresql-tcl-7.3.21-3.x86_64.rpm
rh-postgresql-test-7.3.21-3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

Source:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/rh-postgresql-7.3.21-3.src.rpm

i386:
rh-postgresql-7.3.21-3.i386.rpm
rh-postgresql-contrib-7.3.21-3.i386.rpm
rh-postgresql-debuginfo-7.3.21-3.i386.rpm
rh-postgresql-devel-7.3.21-3.i386.rpm
rh-postgresql-docs-7.3.21-3.i386.rpm
rh-postgresql-jdbc-7.3.21-3.i386.rpm
rh-postgresql-libs-7.3.21-3.i386.rpm
rh-postgresql-pl-7.3.21-3.i386.rpm
rh-postgresql-python-7.3.21-3.i386.rpm
rh-postgresql-server-7.3.21-3.i386.rpm
rh-postgresql-tcl-7.3.21-3.i386.rpm
rh-postgresql-test-7.3.21-3.i386.rpm

ia64:
rh-postgresql-7.3.21-3.ia64.rpm
rh-postgresql-contrib-7.3.21-3.ia64.rpm
rh-postgresql-debuginfo-7.3.21-3.i386.rpm
rh-postgresql-debuginfo-7.3.21-3.ia64.rpm
rh-postgresql-devel-7.3.21-3.ia64.rpm
rh-postgresql-docs-7.3.21-3.ia64.rpm
rh-postgresql-jdbc-7.3.21-3.ia64.rpm
rh-postgresql-libs-7.3.21-3.i386.rpm
rh-postgresql-libs-7.3.21-3.ia64.rpm
rh-postgresql-pl-7.3.21-3.ia64.rpm
rh-postgresql-python-7.3.21-3.ia64.rpm
rh-postgresql-server-7.3.21-3.ia64.rpm
rh-postgresql-tcl-7.3.21-3.ia64.rpm
rh-postgresql-test-7.3.21-3.ia64.rpm

x86_64:
rh-postgresql-7.3.21-3.x86_64.rpm
rh-postgresql-contrib-7.3.21-3.x86_64.rpm
rh-postgresql-debuginfo-7.3.21-3.i386.rpm
rh-postgresql-debuginfo-7.3.21-3.x86_64.rpm
rh-postgresql-devel-7.3.21-3.x86_64.rpm
rh-postgresql-docs-7.3.21-3.x86_64.rpm
rh-postgresql-jdbc-7.3.21-3.x86_64.rpm
rh-postgresql-libs-7.3.21-3.i386.rpm
rh-postgresql-libs-7.3.21-3.x86_64.rpm
rh-postgresql-pl-7.3.21-3.x86_64.rpm
rh-postgresql-python-7.3.21-3.x86_64.rpm
rh-postgresql-server-7.3.21-3.x86_64.rpm
rh-postgresql-tcl-7.3.21-3.x86_64.rpm
rh-postgresql-test-7.3.21-3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

Source:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/rh-postgresql-7.3.21-3.src.rpm

i386:
rh-postgresql-7.3.21-3.i386.rpm
rh-postgresql-contrib-7.3.21-3.i386.rpm
rh-postgresql-debuginfo-7.3.21-3.i386.rpm
rh-postgresql-devel-7.3.21-3.i386.rpm
rh-postgresql-docs-7.3.21-3.i386.rpm
rh-postgresql-jdbc-7.3.21-3.i386.rpm
rh-postgresql-libs-7.3.21-3.i386.rpm
rh-postgresql-pl-7.3.21-3.i386.rpm
rh-postgresql-python-7.3.21-3.i386.rpm
rh-postgresql-server-7.3.21-3.i386.rpm
rh-postgresql-tcl-7.3.21-3.i386.rpm
rh-postgresql-test-7.3.21-3.i386.rpm

ia64:
rh-postgresql-7.3.21-3.ia64.rpm
rh-postgresql-contrib-7.3.21-3.ia64.rpm
rh-postgresql-debuginfo-7.3.21-3.i386.rpm
rh-postgresql-debuginfo-7.3.21-3.ia64.rpm
rh-postgresql-devel-7.3.21-3.ia64.rpm
rh-postgresql-docs-7.3.21-3.ia64.rpm
rh-postgresql-jdbc-7.3.21-3.ia64.rpm
rh-postgresql-libs-7.3.21-3.i386.rpm
rh-postgresql-libs-7.3.21-3.ia64.rpm
rh-postgresql-pl-7.3.21-3.ia64.rpm
rh-postgresql-python-7.3.21-3.ia64.rpm
rh-postgresql-server-7.3.21-3.ia64.rpm
rh-postgresql-tcl-7.3.21-3.ia64.rpm
rh-postgresql-test-7.3.21-3.ia64.rpm

x86_64:
rh-postgresql-7.3.21-3.x86_64.rpm
rh-postgresql-contrib-7.3.21-3.x86_64.rpm
rh-postgresql-debuginfo-7.3.21-3.i386.rpm
rh-postgresql-debuginfo-7.3.21-3.x86_64.rpm
rh-postgresql-devel-7.3.21-3.x86_64.rpm
rh-postgresql-docs-7.3.21-3.x86_64.rpm
rh-postgresql-jdbc-7.3.21-3.x86_64.rpm
rh-postgresql-libs-7.3.21-3.i386.rpm
rh-postgresql-libs-7.3.21-3.x86_64.rpm
rh-postgresql-pl-7.3.21-3.x86_64.rpm
rh-postgresql-python-7.3.21-3.x86_64.rpm
rh-postgresql-server-7.3.21-3.x86_64.rpm
rh-postgresql-tcl-7.3.21-3.x86_64.rpm
rh-postgresql-test-7.3.21-3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-4136.html
https://www.redhat.com/security/data/cve/CVE-2010-0442.html
https://www.redhat.com/security/data/cve/CVE-2010-0733.html
https://www.redhat.com/security/data/cve/CVE-2010-1169.html
https://www.redhat.com/security/data/cve/CVE-2010-1170.html
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFL9BmSXlSAg2UNWIIRApYpAJ4pVbgOZCF3Jfwnusgzot UQrSqshQCfWvH+
iueusYINpQ2fIejHu6GXFrQ=
=Ecx2
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

05-19-2010 05:03 PM

Moderate: postgresql security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: postgresql security update
Advisory ID: RHSA-2010:0428-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0428.html
Issue date: 2010-05-19
CVE Names: CVE-2009-4136 CVE-2010-0442 CVE-2010-0733
CVE-2010-1169 CVE-2010-1170
================================================== ===================

1. Summary:

Updated postgresql packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system
(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the
Perl and Tcl languages, and are installed in trusted mode by default. In
trusted mode, certain operations, such as operating system level access,
are restricted.

A flaw was found in the way PostgreSQL enforced permission checks on
scripts written in PL/Perl. If the PL/Perl procedural language was
registered on a particular database, an authenticated database user running
a specially-crafted PL/Perl script could use this flaw to bypass intended
PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl
scripts with the privileges of the database server. (CVE-2010-1169)

Red Hat would like to thank Tim Bunce for responsibly reporting the
CVE-2010-1169 flaw.

A flaw was found in the way PostgreSQL enforced permission checks on
scripts written in PL/Tcl. If the PL/Tcl procedural language was registered
on a particular database, an authenticated database user running a
specially-crafted PL/Tcl script could use this flaw to bypass intended
PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl
scripts with the privileges of the database server. (CVE-2010-1170)

A buffer overflow flaw was found in the way PostgreSQL retrieved a
substring from the bit string for BIT() and BIT VARYING() SQL data types.
An authenticated database user running a specially-crafted SQL query could
use this flaw to cause a temporary denial of service (postgres daemon
crash) or, potentially, execute arbitrary code with the privileges of the
database server. (CVE-2010-0442)

An integer overflow flaw was found in the way PostgreSQL used to calculate
the size of the hash table for joined relations. An authenticated database
user could create a specially-crafted SQL query which could cause a
temporary denial of service (postgres daemon crash) or, potentially,
execute arbitrary code with the privileges of the database server.
(CVE-2010-0733)

PostgreSQL improperly protected session-local state during the execution of
an index function by a database superuser during the database maintenance
operations. An authenticated database user could use this flaw to elevate
their privileges via specially-crafted index functions. (CVE-2009-4136)

These packages upgrade PostgreSQL to version 7.4.29. Refer to the
PostgreSQL Release Notes for a list of changes:

http://www.postgresql.org/docs/7.4/static/release.html

All PostgreSQL users are advised to upgrade to these updated packages,
which correct these issues. If the postgresql service is running, it will
be automatically restarted after installing this update.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

546321 - CVE-2009-4136 postgresql: SQL privilege escalation via modifications to session-local state
546621 - CVE-2010-0733 postgresql: Integer overflow in hash table size calculation
559259 - CVE-2010-0442 postgresql: substring() negative length argument buffer overflow
582615 - CVE-2010-1169 PostgreSQL: PL/Perl Intended restriction bypass
583072 - CVE-2010-1170 PostgreSQL: PL/Tcl Intended restriction bypass

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/postgresql-7.4.29-1.el4_8.1.src.rpm

i386:
postgresql-7.4.29-1.el4_8.1.i386.rpm
postgresql-contrib-7.4.29-1.el4_8.1.i386.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.i386.rpm
postgresql-devel-7.4.29-1.el4_8.1.i386.rpm
postgresql-docs-7.4.29-1.el4_8.1.i386.rpm
postgresql-jdbc-7.4.29-1.el4_8.1.i386.rpm
postgresql-libs-7.4.29-1.el4_8.1.i386.rpm
postgresql-pl-7.4.29-1.el4_8.1.i386.rpm
postgresql-python-7.4.29-1.el4_8.1.i386.rpm
postgresql-server-7.4.29-1.el4_8.1.i386.rpm
postgresql-tcl-7.4.29-1.el4_8.1.i386.rpm
postgresql-test-7.4.29-1.el4_8.1.i386.rpm

ia64:
postgresql-7.4.29-1.el4_8.1.ia64.rpm
postgresql-contrib-7.4.29-1.el4_8.1.ia64.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.i386.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.ia64.rpm
postgresql-devel-7.4.29-1.el4_8.1.ia64.rpm
postgresql-docs-7.4.29-1.el4_8.1.ia64.rpm
postgresql-jdbc-7.4.29-1.el4_8.1.ia64.rpm
postgresql-libs-7.4.29-1.el4_8.1.i386.rpm
postgresql-libs-7.4.29-1.el4_8.1.ia64.rpm
postgresql-pl-7.4.29-1.el4_8.1.ia64.rpm
postgresql-python-7.4.29-1.el4_8.1.ia64.rpm
postgresql-server-7.4.29-1.el4_8.1.ia64.rpm
postgresql-tcl-7.4.29-1.el4_8.1.ia64.rpm
postgresql-test-7.4.29-1.el4_8.1.ia64.rpm

ppc:
postgresql-7.4.29-1.el4_8.1.ppc.rpm
postgresql-contrib-7.4.29-1.el4_8.1.ppc.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.ppc.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.ppc64.rpm
postgresql-devel-7.4.29-1.el4_8.1.ppc.rpm
postgresql-docs-7.4.29-1.el4_8.1.ppc.rpm
postgresql-jdbc-7.4.29-1.el4_8.1.ppc.rpm
postgresql-libs-7.4.29-1.el4_8.1.ppc.rpm
postgresql-libs-7.4.29-1.el4_8.1.ppc64.rpm
postgresql-pl-7.4.29-1.el4_8.1.ppc.rpm
postgresql-python-7.4.29-1.el4_8.1.ppc.rpm
postgresql-server-7.4.29-1.el4_8.1.ppc.rpm
postgresql-tcl-7.4.29-1.el4_8.1.ppc.rpm
postgresql-test-7.4.29-1.el4_8.1.ppc.rpm

s390:
postgresql-7.4.29-1.el4_8.1.s390.rpm
postgresql-contrib-7.4.29-1.el4_8.1.s390.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.s390.rpm
postgresql-devel-7.4.29-1.el4_8.1.s390.rpm
postgresql-docs-7.4.29-1.el4_8.1.s390.rpm
postgresql-jdbc-7.4.29-1.el4_8.1.s390.rpm
postgresql-libs-7.4.29-1.el4_8.1.s390.rpm
postgresql-pl-7.4.29-1.el4_8.1.s390.rpm
postgresql-python-7.4.29-1.el4_8.1.s390.rpm
postgresql-server-7.4.29-1.el4_8.1.s390.rpm
postgresql-tcl-7.4.29-1.el4_8.1.s390.rpm
postgresql-test-7.4.29-1.el4_8.1.s390.rpm

s390x:
postgresql-7.4.29-1.el4_8.1.s390x.rpm
postgresql-contrib-7.4.29-1.el4_8.1.s390x.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.s390.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.s390x.rpm
postgresql-devel-7.4.29-1.el4_8.1.s390x.rpm
postgresql-docs-7.4.29-1.el4_8.1.s390x.rpm
postgresql-jdbc-7.4.29-1.el4_8.1.s390x.rpm
postgresql-libs-7.4.29-1.el4_8.1.s390.rpm
postgresql-libs-7.4.29-1.el4_8.1.s390x.rpm
postgresql-pl-7.4.29-1.el4_8.1.s390x.rpm
postgresql-python-7.4.29-1.el4_8.1.s390x.rpm
postgresql-server-7.4.29-1.el4_8.1.s390x.rpm
postgresql-tcl-7.4.29-1.el4_8.1.s390x.rpm
postgresql-test-7.4.29-1.el4_8.1.s390x.rpm

x86_64:
postgresql-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-contrib-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.i386.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-devel-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-docs-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-jdbc-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-libs-7.4.29-1.el4_8.1.i386.rpm
postgresql-libs-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-pl-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-python-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-server-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-tcl-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-test-7.4.29-1.el4_8.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/postgresql-7.4.29-1.el4_8.1.src.rpm

i386:
postgresql-7.4.29-1.el4_8.1.i386.rpm
postgresql-contrib-7.4.29-1.el4_8.1.i386.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.i386.rpm
postgresql-devel-7.4.29-1.el4_8.1.i386.rpm
postgresql-docs-7.4.29-1.el4_8.1.i386.rpm
postgresql-jdbc-7.4.29-1.el4_8.1.i386.rpm
postgresql-libs-7.4.29-1.el4_8.1.i386.rpm
postgresql-pl-7.4.29-1.el4_8.1.i386.rpm
postgresql-python-7.4.29-1.el4_8.1.i386.rpm
postgresql-server-7.4.29-1.el4_8.1.i386.rpm
postgresql-tcl-7.4.29-1.el4_8.1.i386.rpm
postgresql-test-7.4.29-1.el4_8.1.i386.rpm

x86_64:
postgresql-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-contrib-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.i386.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-devel-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-docs-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-jdbc-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-libs-7.4.29-1.el4_8.1.i386.rpm
postgresql-libs-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-pl-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-python-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-server-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-tcl-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-test-7.4.29-1.el4_8.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/postgresql-7.4.29-1.el4_8.1.src.rpm

i386:
postgresql-7.4.29-1.el4_8.1.i386.rpm
postgresql-contrib-7.4.29-1.el4_8.1.i386.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.i386.rpm
postgresql-devel-7.4.29-1.el4_8.1.i386.rpm
postgresql-docs-7.4.29-1.el4_8.1.i386.rpm
postgresql-jdbc-7.4.29-1.el4_8.1.i386.rpm
postgresql-libs-7.4.29-1.el4_8.1.i386.rpm
postgresql-pl-7.4.29-1.el4_8.1.i386.rpm
postgresql-python-7.4.29-1.el4_8.1.i386.rpm
postgresql-server-7.4.29-1.el4_8.1.i386.rpm
postgresql-tcl-7.4.29-1.el4_8.1.i386.rpm
postgresql-test-7.4.29-1.el4_8.1.i386.rpm

ia64:
postgresql-7.4.29-1.el4_8.1.ia64.rpm
postgresql-contrib-7.4.29-1.el4_8.1.ia64.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.i386.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.ia64.rpm
postgresql-devel-7.4.29-1.el4_8.1.ia64.rpm
postgresql-docs-7.4.29-1.el4_8.1.ia64.rpm
postgresql-jdbc-7.4.29-1.el4_8.1.ia64.rpm
postgresql-libs-7.4.29-1.el4_8.1.i386.rpm
postgresql-libs-7.4.29-1.el4_8.1.ia64.rpm
postgresql-pl-7.4.29-1.el4_8.1.ia64.rpm
postgresql-python-7.4.29-1.el4_8.1.ia64.rpm
postgresql-server-7.4.29-1.el4_8.1.ia64.rpm
postgresql-tcl-7.4.29-1.el4_8.1.ia64.rpm
postgresql-test-7.4.29-1.el4_8.1.ia64.rpm

x86_64:
postgresql-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-contrib-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.i386.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-devel-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-docs-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-jdbc-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-libs-7.4.29-1.el4_8.1.i386.rpm
postgresql-libs-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-pl-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-python-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-server-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-tcl-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-test-7.4.29-1.el4_8.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/postgresql-7.4.29-1.el4_8.1.src.rpm

i386:
postgresql-7.4.29-1.el4_8.1.i386.rpm
postgresql-contrib-7.4.29-1.el4_8.1.i386.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.i386.rpm
postgresql-devel-7.4.29-1.el4_8.1.i386.rpm
postgresql-docs-7.4.29-1.el4_8.1.i386.rpm
postgresql-jdbc-7.4.29-1.el4_8.1.i386.rpm
postgresql-libs-7.4.29-1.el4_8.1.i386.rpm
postgresql-pl-7.4.29-1.el4_8.1.i386.rpm
postgresql-python-7.4.29-1.el4_8.1.i386.rpm
postgresql-server-7.4.29-1.el4_8.1.i386.rpm
postgresql-tcl-7.4.29-1.el4_8.1.i386.rpm
postgresql-test-7.4.29-1.el4_8.1.i386.rpm

ia64:
postgresql-7.4.29-1.el4_8.1.ia64.rpm
postgresql-contrib-7.4.29-1.el4_8.1.ia64.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.i386.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.ia64.rpm
postgresql-devel-7.4.29-1.el4_8.1.ia64.rpm
postgresql-docs-7.4.29-1.el4_8.1.ia64.rpm
postgresql-jdbc-7.4.29-1.el4_8.1.ia64.rpm
postgresql-libs-7.4.29-1.el4_8.1.i386.rpm
postgresql-libs-7.4.29-1.el4_8.1.ia64.rpm
postgresql-pl-7.4.29-1.el4_8.1.ia64.rpm
postgresql-python-7.4.29-1.el4_8.1.ia64.rpm
postgresql-server-7.4.29-1.el4_8.1.ia64.rpm
postgresql-tcl-7.4.29-1.el4_8.1.ia64.rpm
postgresql-test-7.4.29-1.el4_8.1.ia64.rpm

x86_64:
postgresql-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-contrib-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.i386.rpm
postgresql-debuginfo-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-devel-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-docs-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-jdbc-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-libs-7.4.29-1.el4_8.1.i386.rpm
postgresql-libs-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-pl-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-python-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-server-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-tcl-7.4.29-1.el4_8.1.x86_64.rpm
postgresql-test-7.4.29-1.el4_8.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-4136.html
https://www.redhat.com/security/data/cve/CVE-2010-0442.html
https://www.redhat.com/security/data/cve/CVE-2010-0733.html
https://www.redhat.com/security/data/cve/CVE-2010-1169.html
https://www.redhat.com/security/data/cve/CVE-2010-1170.html
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFL9Bm/XlSAg2UNWIIRAp2SAJ0Vnye/JJIPde8oMvhKG7Evi9/uhgCdEk/o
ioksfWFitLkjGT8EgbzDxm0=
=koSS
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

05-19-2010 05:03 PM

Moderate: postgresql security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: postgresql security update
Advisory ID: RHSA-2010:0429-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0429.html
Issue date: 2010-05-19
CVE Names: CVE-2009-4136 CVE-2010-0442 CVE-2010-0733
CVE-2010-1169 CVE-2010-1170
================================================== ===================

1. Summary:

Updated postgresql packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system
(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the
Perl and Tcl languages, and are installed in trusted mode by default. In
trusted mode, certain operations, such as operating system level access,
are restricted.

A flaw was found in the way PostgreSQL enforced permission checks on
scripts written in PL/Perl. If the PL/Perl procedural language was
registered on a particular database, an authenticated database user running
a specially-crafted PL/Perl script could use this flaw to bypass intended
PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl
scripts with the privileges of the database server. (CVE-2010-1169)

Red Hat would like to thank Tim Bunce for responsibly reporting the
CVE-2010-1169 flaw.

A flaw was found in the way PostgreSQL enforced permission checks on
scripts written in PL/Tcl. If the PL/Tcl procedural language was registered
on a particular database, an authenticated database user running a
specially-crafted PL/Tcl script could use this flaw to bypass intended
PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl
scripts with the privileges of the database server. (CVE-2010-1170)

A buffer overflow flaw was found in the way PostgreSQL retrieved a
substring from the bit string for BIT() and BIT VARYING() SQL data types.
An authenticated database user running a specially-crafted SQL query could
use this flaw to cause a temporary denial of service (postgres daemon
crash) or, potentially, execute arbitrary code with the privileges of the
database server. (CVE-2010-0442)

An integer overflow flaw was found in the way PostgreSQL used to calculate
the size of the hash table for joined relations. An authenticated database
user could create a specially-crafted SQL query which could cause a
temporary denial of service (postgres daemon crash) or, potentially,
execute arbitrary code with the privileges of the database server.
(CVE-2010-0733)

PostgreSQL improperly protected session-local state during the execution of
an index function by a database superuser during the database maintenance
operations. An authenticated database user could use this flaw to elevate
their privileges via specially-crafted index functions. (CVE-2009-4136)

These packages upgrade PostgreSQL to version 8.1.21. Refer to the
PostgreSQL Release Notes for a list of changes:

http://www.postgresql.org/docs/8.1/static/release.html

All PostgreSQL users are advised to upgrade to these updated packages,
which correct these issues. If the postgresql service is running, it will
be automatically restarted after installing this update.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

546321 - CVE-2009-4136 postgresql: SQL privilege escalation via modifications to session-local state
546621 - CVE-2010-0733 postgresql: Integer overflow in hash table size calculation
559259 - CVE-2010-0442 postgresql: substring() negative length argument buffer overflow
582615 - CVE-2010-1169 PostgreSQL: PL/Perl Intended restriction bypass
583072 - CVE-2010-1170 PostgreSQL: PL/Tcl Intended restriction bypass

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.21-1.el5_5.1.src.rpm

i386:
postgresql-8.1.21-1.el5_5.1.i386.rpm
postgresql-contrib-8.1.21-1.el5_5.1.i386.rpm
postgresql-debuginfo-8.1.21-1.el5_5.1.i386.rpm
postgresql-devel-8.1.21-1.el5_5.1.i386.rpm
postgresql-docs-8.1.21-1.el5_5.1.i386.rpm
postgresql-libs-8.1.21-1.el5_5.1.i386.rpm
postgresql-pl-8.1.21-1.el5_5.1.i386.rpm
postgresql-python-8.1.21-1.el5_5.1.i386.rpm
postgresql-server-8.1.21-1.el5_5.1.i386.rpm
postgresql-tcl-8.1.21-1.el5_5.1.i386.rpm
postgresql-test-8.1.21-1.el5_5.1.i386.rpm

x86_64:
postgresql-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-contrib-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-debuginfo-8.1.21-1.el5_5.1.i386.rpm
postgresql-debuginfo-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-docs-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-libs-8.1.21-1.el5_5.1.i386.rpm
postgresql-libs-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-python-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-tcl-8.1.21-1.el5_5.1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.21-1.el5_5.1.src.rpm

i386:
postgresql-debuginfo-8.1.21-1.el5_5.1.i386.rpm
postgresql-devel-8.1.21-1.el5_5.1.i386.rpm
postgresql-pl-8.1.21-1.el5_5.1.i386.rpm
postgresql-server-8.1.21-1.el5_5.1.i386.rpm
postgresql-test-8.1.21-1.el5_5.1.i386.rpm

x86_64:
postgresql-debuginfo-8.1.21-1.el5_5.1.i386.rpm
postgresql-debuginfo-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-devel-8.1.21-1.el5_5.1.i386.rpm
postgresql-devel-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-pl-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-server-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-test-8.1.21-1.el5_5.1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postgresql-8.1.21-1.el5_5.1.src.rpm

i386:
postgresql-8.1.21-1.el5_5.1.i386.rpm
postgresql-contrib-8.1.21-1.el5_5.1.i386.rpm
postgresql-debuginfo-8.1.21-1.el5_5.1.i386.rpm
postgresql-devel-8.1.21-1.el5_5.1.i386.rpm
postgresql-docs-8.1.21-1.el5_5.1.i386.rpm
postgresql-libs-8.1.21-1.el5_5.1.i386.rpm
postgresql-pl-8.1.21-1.el5_5.1.i386.rpm
postgresql-python-8.1.21-1.el5_5.1.i386.rpm
postgresql-server-8.1.21-1.el5_5.1.i386.rpm
postgresql-tcl-8.1.21-1.el5_5.1.i386.rpm
postgresql-test-8.1.21-1.el5_5.1.i386.rpm

ia64:
postgresql-8.1.21-1.el5_5.1.ia64.rpm
postgresql-contrib-8.1.21-1.el5_5.1.ia64.rpm
postgresql-debuginfo-8.1.21-1.el5_5.1.i386.rpm
postgresql-debuginfo-8.1.21-1.el5_5.1.ia64.rpm
postgresql-devel-8.1.21-1.el5_5.1.ia64.rpm
postgresql-docs-8.1.21-1.el5_5.1.ia64.rpm
postgresql-libs-8.1.21-1.el5_5.1.i386.rpm
postgresql-libs-8.1.21-1.el5_5.1.ia64.rpm
postgresql-pl-8.1.21-1.el5_5.1.ia64.rpm
postgresql-python-8.1.21-1.el5_5.1.ia64.rpm
postgresql-server-8.1.21-1.el5_5.1.ia64.rpm
postgresql-tcl-8.1.21-1.el5_5.1.ia64.rpm
postgresql-test-8.1.21-1.el5_5.1.ia64.rpm

ppc:
postgresql-8.1.21-1.el5_5.1.ppc.rpm
postgresql-8.1.21-1.el5_5.1.ppc64.rpm
postgresql-contrib-8.1.21-1.el5_5.1.ppc.rpm
postgresql-debuginfo-8.1.21-1.el5_5.1.ppc.rpm
postgresql-debuginfo-8.1.21-1.el5_5.1.ppc64.rpm
postgresql-devel-8.1.21-1.el5_5.1.ppc.rpm
postgresql-devel-8.1.21-1.el5_5.1.ppc64.rpm
postgresql-docs-8.1.21-1.el5_5.1.ppc.rpm
postgresql-libs-8.1.21-1.el5_5.1.ppc.rpm
postgresql-libs-8.1.21-1.el5_5.1.ppc64.rpm
postgresql-pl-8.1.21-1.el5_5.1.ppc.rpm
postgresql-python-8.1.21-1.el5_5.1.ppc.rpm
postgresql-server-8.1.21-1.el5_5.1.ppc.rpm
postgresql-tcl-8.1.21-1.el5_5.1.ppc.rpm
postgresql-test-8.1.21-1.el5_5.1.ppc.rpm

s390x:
postgresql-8.1.21-1.el5_5.1.s390x.rpm
postgresql-contrib-8.1.21-1.el5_5.1.s390x.rpm
postgresql-debuginfo-8.1.21-1.el5_5.1.s390.rpm
postgresql-debuginfo-8.1.21-1.el5_5.1.s390x.rpm
postgresql-devel-8.1.21-1.el5_5.1.s390.rpm
postgresql-devel-8.1.21-1.el5_5.1.s390x.rpm
postgresql-docs-8.1.21-1.el5_5.1.s390x.rpm
postgresql-libs-8.1.21-1.el5_5.1.s390.rpm
postgresql-libs-8.1.21-1.el5_5.1.s390x.rpm
postgresql-pl-8.1.21-1.el5_5.1.s390x.rpm
postgresql-python-8.1.21-1.el5_5.1.s390x.rpm
postgresql-server-8.1.21-1.el5_5.1.s390x.rpm
postgresql-tcl-8.1.21-1.el5_5.1.s390x.rpm
postgresql-test-8.1.21-1.el5_5.1.s390x.rpm

x86_64:
postgresql-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-contrib-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-debuginfo-8.1.21-1.el5_5.1.i386.rpm
postgresql-debuginfo-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-devel-8.1.21-1.el5_5.1.i386.rpm
postgresql-devel-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-docs-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-libs-8.1.21-1.el5_5.1.i386.rpm
postgresql-libs-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-pl-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-python-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-server-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-tcl-8.1.21-1.el5_5.1.x86_64.rpm
postgresql-test-8.1.21-1.el5_5.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-4136.html
https://www.redhat.com/security/data/cve/CVE-2010-0442.html
https://www.redhat.com/security/data/cve/CVE-2010-0733.html
https://www.redhat.com/security/data/cve/CVE-2010-1169.html
https://www.redhat.com/security/data/cve/CVE-2010-1170.html
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFL9BnkXlSAg2UNWIIRApkAAKCTejGjiJwe3CTX9Pvjqp dxSuuN0gCfTFt8
61yYeEGIQxyQ/szm4ksZRH4=
=AQnw
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

11-23-2010 03:54 PM

Moderate: postgresql security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: postgresql security update
Advisory ID: RHSA-2010:0908-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0908.html
Issue date: 2010-11-23
CVE Names: CVE-2010-3433
================================================== ===================

1. Summary:

Updated postgresql packages that fix one security issue are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system
(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the
Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which
can be used when creating a new PostgreSQL function, specifies that the
function will be executed with the privileges of the user that created it.

It was discovered that a user could utilize the features of the PL/Perl and
PL/Tcl languages to modify the behavior of a SECURITY DEFINER function
created by a different user. If the PL/Perl or PL/Tcl language was used to
implement a SECURITY DEFINER function, an authenticated database user could
use a PL/Perl or PL/Tcl script to modify the behavior of that function
during subsequent calls in the same session. This would result in the
modified or injected code also being executed with the privileges of the
user who created the SECURITY DEFINER function, possibly leading to
privilege escalation. (CVE-2010-3433)

These updated postgresql packages upgrade PostgreSQL to version 8.4.5.
Refer to the PostgreSQL Release Notes for a list of changes:

http://www.postgresql.org/docs/8.4/static/release.html

All PostgreSQL users are advised to upgrade to these updated packages,
which correct this issue. If the postgresql service is running, it will be
automatically restarted after installing this update.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

639371 - CVE-2010-3433 PostgreSQL (PL/Perl, PL/Tcl): SECURITY DEFINER function keyword bypass

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.5-1.el6_0.2.src.rpm

i386:
postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm
postgresql-libs-8.4.5-1.el6_0.2.i686.rpm

x86_64:
postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm
postgresql-debuginfo-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-libs-8.4.5-1.el6_0.2.i686.rpm
postgresql-libs-8.4.5-1.el6_0.2.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.5-1.el6_0.2.src.rpm

i386:
postgresql-8.4.5-1.el6_0.2.i686.rpm
postgresql-contrib-8.4.5-1.el6_0.2.i686.rpm
postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm
postgresql-devel-8.4.5-1.el6_0.2.i686.rpm
postgresql-docs-8.4.5-1.el6_0.2.i686.rpm
postgresql-plperl-8.4.5-1.el6_0.2.i686.rpm
postgresql-plpython-8.4.5-1.el6_0.2.i686.rpm
postgresql-pltcl-8.4.5-1.el6_0.2.i686.rpm
postgresql-server-8.4.5-1.el6_0.2.i686.rpm
postgresql-test-8.4.5-1.el6_0.2.i686.rpm

x86_64:
postgresql-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-contrib-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm
postgresql-debuginfo-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-devel-8.4.5-1.el6_0.2.i686.rpm
postgresql-devel-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-docs-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-plperl-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-plpython-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-pltcl-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-server-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-test-8.4.5-1.el6_0.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/postgresql-8.4.5-1.el6_0.2.src.rpm

x86_64:
postgresql-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-contrib-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm
postgresql-debuginfo-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-devel-8.4.5-1.el6_0.2.i686.rpm
postgresql-devel-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-docs-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-libs-8.4.5-1.el6_0.2.i686.rpm
postgresql-libs-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-plperl-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-plpython-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-pltcl-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-server-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-test-8.4.5-1.el6_0.2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/postgresql-8.4.5-1.el6_0.2.src.rpm

i386:
postgresql-8.4.5-1.el6_0.2.i686.rpm
postgresql-contrib-8.4.5-1.el6_0.2.i686.rpm
postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm
postgresql-devel-8.4.5-1.el6_0.2.i686.rpm
postgresql-docs-8.4.5-1.el6_0.2.i686.rpm
postgresql-libs-8.4.5-1.el6_0.2.i686.rpm
postgresql-plperl-8.4.5-1.el6_0.2.i686.rpm
postgresql-plpython-8.4.5-1.el6_0.2.i686.rpm
postgresql-pltcl-8.4.5-1.el6_0.2.i686.rpm
postgresql-server-8.4.5-1.el6_0.2.i686.rpm
postgresql-test-8.4.5-1.el6_0.2.i686.rpm

ppc64:
postgresql-8.4.5-1.el6_0.2.ppc64.rpm
postgresql-contrib-8.4.5-1.el6_0.2.ppc64.rpm
postgresql-debuginfo-8.4.5-1.el6_0.2.ppc.rpm
postgresql-debuginfo-8.4.5-1.el6_0.2.ppc64.rpm
postgresql-devel-8.4.5-1.el6_0.2.ppc.rpm
postgresql-devel-8.4.5-1.el6_0.2.ppc64.rpm
postgresql-docs-8.4.5-1.el6_0.2.ppc64.rpm
postgresql-libs-8.4.5-1.el6_0.2.ppc.rpm
postgresql-libs-8.4.5-1.el6_0.2.ppc64.rpm
postgresql-plperl-8.4.5-1.el6_0.2.ppc64.rpm
postgresql-plpython-8.4.5-1.el6_0.2.ppc64.rpm
postgresql-pltcl-8.4.5-1.el6_0.2.ppc64.rpm
postgresql-server-8.4.5-1.el6_0.2.ppc64.rpm
postgresql-test-8.4.5-1.el6_0.2.ppc64.rpm

s390x:
postgresql-8.4.5-1.el6_0.2.s390x.rpm
postgresql-contrib-8.4.5-1.el6_0.2.s390x.rpm
postgresql-debuginfo-8.4.5-1.el6_0.2.s390.rpm
postgresql-debuginfo-8.4.5-1.el6_0.2.s390x.rpm
postgresql-devel-8.4.5-1.el6_0.2.s390.rpm
postgresql-devel-8.4.5-1.el6_0.2.s390x.rpm
postgresql-docs-8.4.5-1.el6_0.2.s390x.rpm
postgresql-libs-8.4.5-1.el6_0.2.s390.rpm
postgresql-libs-8.4.5-1.el6_0.2.s390x.rpm
postgresql-plperl-8.4.5-1.el6_0.2.s390x.rpm
postgresql-plpython-8.4.5-1.el6_0.2.s390x.rpm
postgresql-pltcl-8.4.5-1.el6_0.2.s390x.rpm
postgresql-server-8.4.5-1.el6_0.2.s390x.rpm
postgresql-test-8.4.5-1.el6_0.2.s390x.rpm

x86_64:
postgresql-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-contrib-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm
postgresql-debuginfo-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-devel-8.4.5-1.el6_0.2.i686.rpm
postgresql-devel-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-docs-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-libs-8.4.5-1.el6_0.2.i686.rpm
postgresql-libs-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-plperl-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-plpython-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-pltcl-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-server-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-test-8.4.5-1.el6_0.2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/postgresql-8.4.5-1.el6_0.2.src.rpm

i386:
postgresql-8.4.5-1.el6_0.2.i686.rpm
postgresql-contrib-8.4.5-1.el6_0.2.i686.rpm
postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm
postgresql-devel-8.4.5-1.el6_0.2.i686.rpm
postgresql-docs-8.4.5-1.el6_0.2.i686.rpm
postgresql-libs-8.4.5-1.el6_0.2.i686.rpm
postgresql-plperl-8.4.5-1.el6_0.2.i686.rpm
postgresql-plpython-8.4.5-1.el6_0.2.i686.rpm
postgresql-pltcl-8.4.5-1.el6_0.2.i686.rpm
postgresql-server-8.4.5-1.el6_0.2.i686.rpm
postgresql-test-8.4.5-1.el6_0.2.i686.rpm

x86_64:
postgresql-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-contrib-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm
postgresql-debuginfo-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-devel-8.4.5-1.el6_0.2.i686.rpm
postgresql-devel-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-docs-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-libs-8.4.5-1.el6_0.2.i686.rpm
postgresql-libs-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-plperl-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-plpython-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-pltcl-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-server-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-test-8.4.5-1.el6_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3433.html
http://www.redhat.com/security/updates/classification/#moderate
http://www.postgresql.org/docs/8.1/interactive/sql-createfunction.html
http://www.postgresql.org/docs/8.4/static/release.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFM6/E1XlSAg2UNWIIRAnoEAKCWNUSyRaNHmnclmqSAHDVbtfn8IQCf T9m7
rpFZnfWgZYUwkFqB2OminOY=
=6QpM
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

02-03-2011 07:28 PM

Moderate: postgresql security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: postgresql security update
Advisory ID: RHSA-2011:0197-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0197.html
Issue date: 2011-02-03
CVE Names: CVE-2010-4015
================================================== ===================

1. Summary:

Updated postgresql packages that fix one security issue are now available
for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system
(DBMS).

A stack-based buffer overflow flaw was found in the way PostgreSQL
processed certain tokens from an SQL query when the intarray module was
enabled on a particular database. An authenticated database user running a
specially-crafted SQL query could use this flaw to cause a temporary denial
of service (postgres daemon crash) or, potentially, execute arbitrary code
with the privileges of the database server. (CVE-2010-4015)

Red Hat would like to thank Geoff Keating of the Apple Product Security
team for reporting this issue.

For Red Hat Enterprise Linux 4, the updated postgresql packages contain a
backported patch for this issue; there are no other changes.

For Red Hat Enterprise Linux 5, the updated postgresql packages upgrade
PostgreSQL to version 8.1.23, and contain a backported patch for this
issue. Refer to the PostgreSQL Release Notes for a full list of changes:

http://www.postgresql.org/docs/8.1/static/release.html

For Red Hat Enterprise Linux 6, the updated postgresql packages upgrade
PostgreSQL to version 8.4.7, which includes a fix for this issue. Refer to
the PostgreSQL Release Notes for a full list of changes:

http://www.postgresql.org/docs/8.4/static/release.html

All PostgreSQL users are advised to upgrade to these updated packages,
which correct this issue. If the postgresql service is running, it will be
automatically restarted after installing this update.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

664402 - CVE-2010-4015 PostgreSQL: Stack-based buffer overflow by processing certain tokens from SQL query string when intarray module enabled

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/postgresql-7.4.30-1.el4_8.2.src.rpm

i386:
postgresql-7.4.30-1.el4_8.2.i386.rpm
postgresql-contrib-7.4.30-1.el4_8.2.i386.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.i386.rpm
postgresql-devel-7.4.30-1.el4_8.2.i386.rpm
postgresql-docs-7.4.30-1.el4_8.2.i386.rpm
postgresql-jdbc-7.4.30-1.el4_8.2.i386.rpm
postgresql-libs-7.4.30-1.el4_8.2.i386.rpm
postgresql-pl-7.4.30-1.el4_8.2.i386.rpm
postgresql-python-7.4.30-1.el4_8.2.i386.rpm
postgresql-server-7.4.30-1.el4_8.2.i386.rpm
postgresql-tcl-7.4.30-1.el4_8.2.i386.rpm
postgresql-test-7.4.30-1.el4_8.2.i386.rpm

ia64:
postgresql-7.4.30-1.el4_8.2.ia64.rpm
postgresql-contrib-7.4.30-1.el4_8.2.ia64.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.i386.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.ia64.rpm
postgresql-devel-7.4.30-1.el4_8.2.ia64.rpm
postgresql-docs-7.4.30-1.el4_8.2.ia64.rpm
postgresql-jdbc-7.4.30-1.el4_8.2.ia64.rpm
postgresql-libs-7.4.30-1.el4_8.2.i386.rpm
postgresql-libs-7.4.30-1.el4_8.2.ia64.rpm
postgresql-pl-7.4.30-1.el4_8.2.ia64.rpm
postgresql-python-7.4.30-1.el4_8.2.ia64.rpm
postgresql-server-7.4.30-1.el4_8.2.ia64.rpm
postgresql-tcl-7.4.30-1.el4_8.2.ia64.rpm
postgresql-test-7.4.30-1.el4_8.2.ia64.rpm

ppc:
postgresql-7.4.30-1.el4_8.2.ppc.rpm
postgresql-contrib-7.4.30-1.el4_8.2.ppc.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.ppc.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.ppc64.rpm
postgresql-devel-7.4.30-1.el4_8.2.ppc.rpm
postgresql-docs-7.4.30-1.el4_8.2.ppc.rpm
postgresql-jdbc-7.4.30-1.el4_8.2.ppc.rpm
postgresql-libs-7.4.30-1.el4_8.2.ppc.rpm
postgresql-libs-7.4.30-1.el4_8.2.ppc64.rpm
postgresql-pl-7.4.30-1.el4_8.2.ppc.rpm
postgresql-python-7.4.30-1.el4_8.2.ppc.rpm
postgresql-server-7.4.30-1.el4_8.2.ppc.rpm
postgresql-tcl-7.4.30-1.el4_8.2.ppc.rpm
postgresql-test-7.4.30-1.el4_8.2.ppc.rpm

s390:
postgresql-7.4.30-1.el4_8.2.s390.rpm
postgresql-contrib-7.4.30-1.el4_8.2.s390.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.s390.rpm
postgresql-devel-7.4.30-1.el4_8.2.s390.rpm
postgresql-docs-7.4.30-1.el4_8.2.s390.rpm
postgresql-jdbc-7.4.30-1.el4_8.2.s390.rpm
postgresql-libs-7.4.30-1.el4_8.2.s390.rpm
postgresql-pl-7.4.30-1.el4_8.2.s390.rpm
postgresql-python-7.4.30-1.el4_8.2.s390.rpm
postgresql-server-7.4.30-1.el4_8.2.s390.rpm
postgresql-tcl-7.4.30-1.el4_8.2.s390.rpm
postgresql-test-7.4.30-1.el4_8.2.s390.rpm

s390x:
postgresql-7.4.30-1.el4_8.2.s390x.rpm
postgresql-contrib-7.4.30-1.el4_8.2.s390x.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.s390.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.s390x.rpm
postgresql-devel-7.4.30-1.el4_8.2.s390x.rpm
postgresql-docs-7.4.30-1.el4_8.2.s390x.rpm
postgresql-jdbc-7.4.30-1.el4_8.2.s390x.rpm
postgresql-libs-7.4.30-1.el4_8.2.s390.rpm
postgresql-libs-7.4.30-1.el4_8.2.s390x.rpm
postgresql-pl-7.4.30-1.el4_8.2.s390x.rpm
postgresql-python-7.4.30-1.el4_8.2.s390x.rpm
postgresql-server-7.4.30-1.el4_8.2.s390x.rpm
postgresql-tcl-7.4.30-1.el4_8.2.s390x.rpm
postgresql-test-7.4.30-1.el4_8.2.s390x.rpm

x86_64:
postgresql-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-contrib-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.i386.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-devel-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-docs-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-jdbc-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-libs-7.4.30-1.el4_8.2.i386.rpm
postgresql-libs-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-pl-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-python-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-server-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-tcl-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-test-7.4.30-1.el4_8.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/postgresql-7.4.30-1.el4_8.2.src.rpm

i386:
postgresql-7.4.30-1.el4_8.2.i386.rpm
postgresql-contrib-7.4.30-1.el4_8.2.i386.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.i386.rpm
postgresql-devel-7.4.30-1.el4_8.2.i386.rpm
postgresql-docs-7.4.30-1.el4_8.2.i386.rpm
postgresql-jdbc-7.4.30-1.el4_8.2.i386.rpm
postgresql-libs-7.4.30-1.el4_8.2.i386.rpm
postgresql-pl-7.4.30-1.el4_8.2.i386.rpm
postgresql-python-7.4.30-1.el4_8.2.i386.rpm
postgresql-server-7.4.30-1.el4_8.2.i386.rpm
postgresql-tcl-7.4.30-1.el4_8.2.i386.rpm
postgresql-test-7.4.30-1.el4_8.2.i386.rpm

x86_64:
postgresql-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-contrib-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.i386.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-devel-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-docs-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-jdbc-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-libs-7.4.30-1.el4_8.2.i386.rpm
postgresql-libs-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-pl-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-python-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-server-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-tcl-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-test-7.4.30-1.el4_8.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/postgresql-7.4.30-1.el4_8.2.src.rpm

i386:
postgresql-7.4.30-1.el4_8.2.i386.rpm
postgresql-contrib-7.4.30-1.el4_8.2.i386.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.i386.rpm
postgresql-devel-7.4.30-1.el4_8.2.i386.rpm
postgresql-docs-7.4.30-1.el4_8.2.i386.rpm
postgresql-jdbc-7.4.30-1.el4_8.2.i386.rpm
postgresql-libs-7.4.30-1.el4_8.2.i386.rpm
postgresql-pl-7.4.30-1.el4_8.2.i386.rpm
postgresql-python-7.4.30-1.el4_8.2.i386.rpm
postgresql-server-7.4.30-1.el4_8.2.i386.rpm
postgresql-tcl-7.4.30-1.el4_8.2.i386.rpm
postgresql-test-7.4.30-1.el4_8.2.i386.rpm

ia64:
postgresql-7.4.30-1.el4_8.2.ia64.rpm
postgresql-contrib-7.4.30-1.el4_8.2.ia64.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.i386.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.ia64.rpm
postgresql-devel-7.4.30-1.el4_8.2.ia64.rpm
postgresql-docs-7.4.30-1.el4_8.2.ia64.rpm
postgresql-jdbc-7.4.30-1.el4_8.2.ia64.rpm
postgresql-libs-7.4.30-1.el4_8.2.i386.rpm
postgresql-libs-7.4.30-1.el4_8.2.ia64.rpm
postgresql-pl-7.4.30-1.el4_8.2.ia64.rpm
postgresql-python-7.4.30-1.el4_8.2.ia64.rpm
postgresql-server-7.4.30-1.el4_8.2.ia64.rpm
postgresql-tcl-7.4.30-1.el4_8.2.ia64.rpm
postgresql-test-7.4.30-1.el4_8.2.ia64.rpm

x86_64:
postgresql-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-contrib-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.i386.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-devel-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-docs-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-jdbc-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-libs-7.4.30-1.el4_8.2.i386.rpm
postgresql-libs-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-pl-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-python-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-server-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-tcl-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-test-7.4.30-1.el4_8.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/postgresql-7.4.30-1.el4_8.2.src.rpm

i386:
postgresql-7.4.30-1.el4_8.2.i386.rpm
postgresql-contrib-7.4.30-1.el4_8.2.i386.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.i386.rpm
postgresql-devel-7.4.30-1.el4_8.2.i386.rpm
postgresql-docs-7.4.30-1.el4_8.2.i386.rpm
postgresql-jdbc-7.4.30-1.el4_8.2.i386.rpm
postgresql-libs-7.4.30-1.el4_8.2.i386.rpm
postgresql-pl-7.4.30-1.el4_8.2.i386.rpm
postgresql-python-7.4.30-1.el4_8.2.i386.rpm
postgresql-server-7.4.30-1.el4_8.2.i386.rpm
postgresql-tcl-7.4.30-1.el4_8.2.i386.rpm
postgresql-test-7.4.30-1.el4_8.2.i386.rpm

ia64:
postgresql-7.4.30-1.el4_8.2.ia64.rpm
postgresql-contrib-7.4.30-1.el4_8.2.ia64.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.i386.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.ia64.rpm
postgresql-devel-7.4.30-1.el4_8.2.ia64.rpm
postgresql-docs-7.4.30-1.el4_8.2.ia64.rpm
postgresql-jdbc-7.4.30-1.el4_8.2.ia64.rpm
postgresql-libs-7.4.30-1.el4_8.2.i386.rpm
postgresql-libs-7.4.30-1.el4_8.2.ia64.rpm
postgresql-pl-7.4.30-1.el4_8.2.ia64.rpm
postgresql-python-7.4.30-1.el4_8.2.ia64.rpm
postgresql-server-7.4.30-1.el4_8.2.ia64.rpm
postgresql-tcl-7.4.30-1.el4_8.2.ia64.rpm
postgresql-test-7.4.30-1.el4_8.2.ia64.rpm

x86_64:
postgresql-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-contrib-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.i386.rpm
postgresql-debuginfo-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-devel-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-docs-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-jdbc-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-libs-7.4.30-1.el4_8.2.i386.rpm
postgresql-libs-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-pl-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-python-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-server-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-tcl-7.4.30-1.el4_8.2.x86_64.rpm
postgresql-test-7.4.30-1.el4_8.2.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.23-1.el5_6.1.src.rpm

i386:
postgresql-8.1.23-1.el5_6.1.i386.rpm
postgresql-contrib-8.1.23-1.el5_6.1.i386.rpm
postgresql-debuginfo-8.1.23-1.el5_6.1.i386.rpm
postgresql-docs-8.1.23-1.el5_6.1.i386.rpm
postgresql-libs-8.1.23-1.el5_6.1.i386.rpm
postgresql-python-8.1.23-1.el5_6.1.i386.rpm
postgresql-tcl-8.1.23-1.el5_6.1.i386.rpm

x86_64:
postgresql-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-contrib-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-debuginfo-8.1.23-1.el5_6.1.i386.rpm
postgresql-debuginfo-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-docs-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-libs-8.1.23-1.el5_6.1.i386.rpm
postgresql-libs-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-python-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-tcl-8.1.23-1.el5_6.1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.23-1.el5_6.1.src.rpm

i386:
postgresql-debuginfo-8.1.23-1.el5_6.1.i386.rpm
postgresql-devel-8.1.23-1.el5_6.1.i386.rpm
postgresql-pl-8.1.23-1.el5_6.1.i386.rpm
postgresql-server-8.1.23-1.el5_6.1.i386.rpm
postgresql-test-8.1.23-1.el5_6.1.i386.rpm

x86_64:
postgresql-debuginfo-8.1.23-1.el5_6.1.i386.rpm
postgresql-debuginfo-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-devel-8.1.23-1.el5_6.1.i386.rpm
postgresql-devel-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-pl-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-server-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-test-8.1.23-1.el5_6.1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postgresql-8.1.23-1.el5_6.1.src.rpm

i386:
postgresql-8.1.23-1.el5_6.1.i386.rpm
postgresql-contrib-8.1.23-1.el5_6.1.i386.rpm
postgresql-debuginfo-8.1.23-1.el5_6.1.i386.rpm
postgresql-devel-8.1.23-1.el5_6.1.i386.rpm
postgresql-docs-8.1.23-1.el5_6.1.i386.rpm
postgresql-libs-8.1.23-1.el5_6.1.i386.rpm
postgresql-pl-8.1.23-1.el5_6.1.i386.rpm
postgresql-python-8.1.23-1.el5_6.1.i386.rpm
postgresql-server-8.1.23-1.el5_6.1.i386.rpm
postgresql-tcl-8.1.23-1.el5_6.1.i386.rpm
postgresql-test-8.1.23-1.el5_6.1.i386.rpm

ia64:
postgresql-8.1.23-1.el5_6.1.ia64.rpm
postgresql-contrib-8.1.23-1.el5_6.1.ia64.rpm
postgresql-debuginfo-8.1.23-1.el5_6.1.i386.rpm
postgresql-debuginfo-8.1.23-1.el5_6.1.ia64.rpm
postgresql-devel-8.1.23-1.el5_6.1.ia64.rpm
postgresql-docs-8.1.23-1.el5_6.1.ia64.rpm
postgresql-libs-8.1.23-1.el5_6.1.i386.rpm
postgresql-libs-8.1.23-1.el5_6.1.ia64.rpm
postgresql-pl-8.1.23-1.el5_6.1.ia64.rpm
postgresql-python-8.1.23-1.el5_6.1.ia64.rpm
postgresql-server-8.1.23-1.el5_6.1.ia64.rpm
postgresql-tcl-8.1.23-1.el5_6.1.ia64.rpm
postgresql-test-8.1.23-1.el5_6.1.ia64.rpm

ppc:
postgresql-8.1.23-1.el5_6.1.ppc.rpm
postgresql-8.1.23-1.el5_6.1.ppc64.rpm
postgresql-contrib-8.1.23-1.el5_6.1.ppc.rpm
postgresql-debuginfo-8.1.23-1.el5_6.1.ppc.rpm
postgresql-debuginfo-8.1.23-1.el5_6.1.ppc64.rpm
postgresql-devel-8.1.23-1.el5_6.1.ppc.rpm
postgresql-devel-8.1.23-1.el5_6.1.ppc64.rpm
postgresql-docs-8.1.23-1.el5_6.1.ppc.rpm
postgresql-libs-8.1.23-1.el5_6.1.ppc.rpm
postgresql-libs-8.1.23-1.el5_6.1.ppc64.rpm
postgresql-pl-8.1.23-1.el5_6.1.ppc.rpm
postgresql-python-8.1.23-1.el5_6.1.ppc.rpm
postgresql-server-8.1.23-1.el5_6.1.ppc.rpm
postgresql-tcl-8.1.23-1.el5_6.1.ppc.rpm
postgresql-test-8.1.23-1.el5_6.1.ppc.rpm

s390x:
postgresql-8.1.23-1.el5_6.1.s390x.rpm
postgresql-contrib-8.1.23-1.el5_6.1.s390x.rpm
postgresql-debuginfo-8.1.23-1.el5_6.1.s390.rpm
postgresql-debuginfo-8.1.23-1.el5_6.1.s390x.rpm
postgresql-devel-8.1.23-1.el5_6.1.s390.rpm
postgresql-devel-8.1.23-1.el5_6.1.s390x.rpm
postgresql-docs-8.1.23-1.el5_6.1.s390x.rpm
postgresql-libs-8.1.23-1.el5_6.1.s390.rpm
postgresql-libs-8.1.23-1.el5_6.1.s390x.rpm
postgresql-pl-8.1.23-1.el5_6.1.s390x.rpm
postgresql-python-8.1.23-1.el5_6.1.s390x.rpm
postgresql-server-8.1.23-1.el5_6.1.s390x.rpm
postgresql-tcl-8.1.23-1.el5_6.1.s390x.rpm
postgresql-test-8.1.23-1.el5_6.1.s390x.rpm

x86_64:
postgresql-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-contrib-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-debuginfo-8.1.23-1.el5_6.1.i386.rpm
postgresql-debuginfo-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-devel-8.1.23-1.el5_6.1.i386.rpm
postgresql-devel-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-docs-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-libs-8.1.23-1.el5_6.1.i386.rpm
postgresql-libs-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-pl-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-python-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-server-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-tcl-8.1.23-1.el5_6.1.x86_64.rpm
postgresql-test-8.1.23-1.el5_6.1.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.7-1.el6_0.1.src.rpm

i386:
postgresql-debuginfo-8.4.7-1.el6_0.1.i686.rpm
postgresql-libs-8.4.7-1.el6_0.1.i686.rpm

x86_64:
postgresql-debuginfo-8.4.7-1.el6_0.1.i686.rpm
postgresql-debuginfo-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-libs-8.4.7-1.el6_0.1.i686.rpm
postgresql-libs-8.4.7-1.el6_0.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.7-1.el6_0.1.src.rpm

i386:
postgresql-8.4.7-1.el6_0.1.i686.rpm
postgresql-contrib-8.4.7-1.el6_0.1.i686.rpm
postgresql-debuginfo-8.4.7-1.el6_0.1.i686.rpm
postgresql-devel-8.4.7-1.el6_0.1.i686.rpm
postgresql-docs-8.4.7-1.el6_0.1.i686.rpm
postgresql-plperl-8.4.7-1.el6_0.1.i686.rpm
postgresql-plpython-8.4.7-1.el6_0.1.i686.rpm
postgresql-pltcl-8.4.7-1.el6_0.1.i686.rpm
postgresql-server-8.4.7-1.el6_0.1.i686.rpm
postgresql-test-8.4.7-1.el6_0.1.i686.rpm

x86_64:
postgresql-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-contrib-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-debuginfo-8.4.7-1.el6_0.1.i686.rpm
postgresql-debuginfo-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-devel-8.4.7-1.el6_0.1.i686.rpm
postgresql-devel-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-docs-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-plperl-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-plpython-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-pltcl-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-server-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-test-8.4.7-1.el6_0.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/postgresql-8.4.7-1.el6_0.1.src.rpm

x86_64:
postgresql-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-contrib-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-debuginfo-8.4.7-1.el6_0.1.i686.rpm
postgresql-debuginfo-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-devel-8.4.7-1.el6_0.1.i686.rpm
postgresql-devel-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-docs-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-libs-8.4.7-1.el6_0.1.i686.rpm
postgresql-libs-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-plperl-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-plpython-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-pltcl-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-server-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-test-8.4.7-1.el6_0.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/postgresql-8.4.7-1.el6_0.1.src.rpm

i386:
postgresql-8.4.7-1.el6_0.1.i686.rpm
postgresql-contrib-8.4.7-1.el6_0.1.i686.rpm
postgresql-debuginfo-8.4.7-1.el6_0.1.i686.rpm
postgresql-devel-8.4.7-1.el6_0.1.i686.rpm
postgresql-docs-8.4.7-1.el6_0.1.i686.rpm
postgresql-libs-8.4.7-1.el6_0.1.i686.rpm
postgresql-plperl-8.4.7-1.el6_0.1.i686.rpm
postgresql-plpython-8.4.7-1.el6_0.1.i686.rpm
postgresql-pltcl-8.4.7-1.el6_0.1.i686.rpm
postgresql-server-8.4.7-1.el6_0.1.i686.rpm
postgresql-test-8.4.7-1.el6_0.1.i686.rpm

ppc64:
postgresql-8.4.7-1.el6_0.1.ppc64.rpm
postgresql-contrib-8.4.7-1.el6_0.1.ppc64.rpm
postgresql-debuginfo-8.4.7-1.el6_0.1.ppc.rpm
postgresql-debuginfo-8.4.7-1.el6_0.1.ppc64.rpm
postgresql-devel-8.4.7-1.el6_0.1.ppc.rpm
postgresql-devel-8.4.7-1.el6_0.1.ppc64.rpm
postgresql-docs-8.4.7-1.el6_0.1.ppc64.rpm
postgresql-libs-8.4.7-1.el6_0.1.ppc.rpm
postgresql-libs-8.4.7-1.el6_0.1.ppc64.rpm
postgresql-plperl-8.4.7-1.el6_0.1.ppc64.rpm
postgresql-plpython-8.4.7-1.el6_0.1.ppc64.rpm
postgresql-pltcl-8.4.7-1.el6_0.1.ppc64.rpm
postgresql-server-8.4.7-1.el6_0.1.ppc64.rpm
postgresql-test-8.4.7-1.el6_0.1.ppc64.rpm

s390x:
postgresql-8.4.7-1.el6_0.1.s390x.rpm
postgresql-contrib-8.4.7-1.el6_0.1.s390x.rpm
postgresql-debuginfo-8.4.7-1.el6_0.1.s390.rpm
postgresql-debuginfo-8.4.7-1.el6_0.1.s390x.rpm
postgresql-devel-8.4.7-1.el6_0.1.s390.rpm
postgresql-devel-8.4.7-1.el6_0.1.s390x.rpm
postgresql-docs-8.4.7-1.el6_0.1.s390x.rpm
postgresql-libs-8.4.7-1.el6_0.1.s390.rpm
postgresql-libs-8.4.7-1.el6_0.1.s390x.rpm
postgresql-plperl-8.4.7-1.el6_0.1.s390x.rpm
postgresql-plpython-8.4.7-1.el6_0.1.s390x.rpm
postgresql-pltcl-8.4.7-1.el6_0.1.s390x.rpm
postgresql-server-8.4.7-1.el6_0.1.s390x.rpm
postgresql-test-8.4.7-1.el6_0.1.s390x.rpm

x86_64:
postgresql-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-contrib-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-debuginfo-8.4.7-1.el6_0.1.i686.rpm
postgresql-debuginfo-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-devel-8.4.7-1.el6_0.1.i686.rpm
postgresql-devel-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-docs-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-libs-8.4.7-1.el6_0.1.i686.rpm
postgresql-libs-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-plperl-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-plpython-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-pltcl-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-server-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-test-8.4.7-1.el6_0.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/postgresql-8.4.7-1.el6_0.1.src.rpm

i386:
postgresql-8.4.7-1.el6_0.1.i686.rpm
postgresql-contrib-8.4.7-1.el6_0.1.i686.rpm
postgresql-debuginfo-8.4.7-1.el6_0.1.i686.rpm
postgresql-devel-8.4.7-1.el6_0.1.i686.rpm
postgresql-docs-8.4.7-1.el6_0.1.i686.rpm
postgresql-libs-8.4.7-1.el6_0.1.i686.rpm
postgresql-plperl-8.4.7-1.el6_0.1.i686.rpm
postgresql-plpython-8.4.7-1.el6_0.1.i686.rpm
postgresql-pltcl-8.4.7-1.el6_0.1.i686.rpm
postgresql-server-8.4.7-1.el6_0.1.i686.rpm
postgresql-test-8.4.7-1.el6_0.1.i686.rpm

x86_64:
postgresql-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-contrib-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-debuginfo-8.4.7-1.el6_0.1.i686.rpm
postgresql-debuginfo-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-devel-8.4.7-1.el6_0.1.i686.rpm
postgresql-devel-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-docs-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-libs-8.4.7-1.el6_0.1.i686.rpm
postgresql-libs-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-plperl-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-plpython-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-pltcl-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-server-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-test-8.4.7-1.el6_0.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-4015.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFNSw8IXlSAg2UNWIIRAtTbAKCTnJhgfhy/XxChYMU3qLuIyrAm0wCeKZFX
ZhSQso3cbaFOLuSB9USVvPE=
=fMAp
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

10-17-2011 10:00 PM

Moderate: postgresql security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: postgresql security update
Advisory ID: RHSA-2011:1377-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1377.html
Issue date: 2011-10-17
CVE Names: CVE-2011-2483
================================================== ===================

1. Summary:

Updated postgresql packages that fix one security issue are now available
for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system
(DBMS).

A signedness issue was found in the way the crypt() function in the
PostgreSQL pgcrypto module handled 8-bit characters in passwords when using
Blowfish hashing. Up to three characters immediately preceding a non-ASCII
character (one with the high bit set) had no effect on the hash result,
thus shortening the effective password length. This made brute-force
guessing more efficient as several different passwords were hashed to the
same value. (CVE-2011-2483)

Note: Due to the CVE-2011-2483 fix, after installing this update some users
may not be able to log in to applications that store user passwords, hashed
with Blowfish using the PostgreSQL crypt() function, in a back-end
PostgreSQL database. Unsafe processing can be re-enabled for specific
passwords (allowing affected users to log in) by changing their hash prefix
to "$2x$".

For Red Hat Enterprise Linux 6, the updated postgresql packages upgrade
PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a
full list of changes:

http://www.postgresql.org/docs/8.4/static/release.html

For Red Hat Enterprise Linux 4 and 5, the updated postgresql packages
contain a backported patch.

All PostgreSQL users are advised to upgrade to these updated packages,
which correct this issue. If the postgresql service is running, it will be
automatically restarted after installing this update.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

715025 - CVE-2011-2483 crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/postgresql-7.4.30-3.el4.src.rpm

i386:
postgresql-7.4.30-3.el4.i386.rpm
postgresql-contrib-7.4.30-3.el4.i386.rpm
postgresql-debuginfo-7.4.30-3.el4.i386.rpm
postgresql-devel-7.4.30-3.el4.i386.rpm
postgresql-docs-7.4.30-3.el4.i386.rpm
postgresql-jdbc-7.4.30-3.el4.i386.rpm
postgresql-libs-7.4.30-3.el4.i386.rpm
postgresql-pl-7.4.30-3.el4.i386.rpm
postgresql-python-7.4.30-3.el4.i386.rpm
postgresql-server-7.4.30-3.el4.i386.rpm
postgresql-tcl-7.4.30-3.el4.i386.rpm
postgresql-test-7.4.30-3.el4.i386.rpm

ia64:
postgresql-7.4.30-3.el4.ia64.rpm
postgresql-contrib-7.4.30-3.el4.ia64.rpm
postgresql-debuginfo-7.4.30-3.el4.i386.rpm
postgresql-debuginfo-7.4.30-3.el4.ia64.rpm
postgresql-devel-7.4.30-3.el4.ia64.rpm
postgresql-docs-7.4.30-3.el4.ia64.rpm
postgresql-jdbc-7.4.30-3.el4.ia64.rpm
postgresql-libs-7.4.30-3.el4.i386.rpm
postgresql-libs-7.4.30-3.el4.ia64.rpm
postgresql-pl-7.4.30-3.el4.ia64.rpm
postgresql-python-7.4.30-3.el4.ia64.rpm
postgresql-server-7.4.30-3.el4.ia64.rpm
postgresql-tcl-7.4.30-3.el4.ia64.rpm
postgresql-test-7.4.30-3.el4.ia64.rpm

ppc:
postgresql-7.4.30-3.el4.ppc.rpm
postgresql-contrib-7.4.30-3.el4.ppc.rpm
postgresql-debuginfo-7.4.30-3.el4.ppc.rpm
postgresql-debuginfo-7.4.30-3.el4.ppc64.rpm
postgresql-devel-7.4.30-3.el4.ppc.rpm
postgresql-docs-7.4.30-3.el4.ppc.rpm
postgresql-jdbc-7.4.30-3.el4.ppc.rpm
postgresql-libs-7.4.30-3.el4.ppc.rpm
postgresql-libs-7.4.30-3.el4.ppc64.rpm
postgresql-pl-7.4.30-3.el4.ppc.rpm
postgresql-python-7.4.30-3.el4.ppc.rpm
postgresql-server-7.4.30-3.el4.ppc.rpm
postgresql-tcl-7.4.30-3.el4.ppc.rpm
postgresql-test-7.4.30-3.el4.ppc.rpm

s390:
postgresql-7.4.30-3.el4.s390.rpm
postgresql-contrib-7.4.30-3.el4.s390.rpm
postgresql-debuginfo-7.4.30-3.el4.s390.rpm
postgresql-devel-7.4.30-3.el4.s390.rpm
postgresql-docs-7.4.30-3.el4.s390.rpm
postgresql-jdbc-7.4.30-3.el4.s390.rpm
postgresql-libs-7.4.30-3.el4.s390.rpm
postgresql-pl-7.4.30-3.el4.s390.rpm
postgresql-python-7.4.30-3.el4.s390.rpm
postgresql-server-7.4.30-3.el4.s390.rpm
postgresql-tcl-7.4.30-3.el4.s390.rpm
postgresql-test-7.4.30-3.el4.s390.rpm

s390x:
postgresql-7.4.30-3.el4.s390x.rpm
postgresql-contrib-7.4.30-3.el4.s390x.rpm
postgresql-debuginfo-7.4.30-3.el4.s390.rpm
postgresql-debuginfo-7.4.30-3.el4.s390x.rpm
postgresql-devel-7.4.30-3.el4.s390x.rpm
postgresql-docs-7.4.30-3.el4.s390x.rpm
postgresql-jdbc-7.4.30-3.el4.s390x.rpm
postgresql-libs-7.4.30-3.el4.s390.rpm
postgresql-libs-7.4.30-3.el4.s390x.rpm
postgresql-pl-7.4.30-3.el4.s390x.rpm
postgresql-python-7.4.30-3.el4.s390x.rpm
postgresql-server-7.4.30-3.el4.s390x.rpm
postgresql-tcl-7.4.30-3.el4.s390x.rpm
postgresql-test-7.4.30-3.el4.s390x.rpm

x86_64:
postgresql-7.4.30-3.el4.x86_64.rpm
postgresql-contrib-7.4.30-3.el4.x86_64.rpm
postgresql-debuginfo-7.4.30-3.el4.i386.rpm
postgresql-debuginfo-7.4.30-3.el4.x86_64.rpm
postgresql-devel-7.4.30-3.el4.x86_64.rpm
postgresql-docs-7.4.30-3.el4.x86_64.rpm
postgresql-jdbc-7.4.30-3.el4.x86_64.rpm
postgresql-libs-7.4.30-3.el4.i386.rpm
postgresql-libs-7.4.30-3.el4.x86_64.rpm
postgresql-pl-7.4.30-3.el4.x86_64.rpm
postgresql-python-7.4.30-3.el4.x86_64.rpm
postgresql-server-7.4.30-3.el4.x86_64.rpm
postgresql-tcl-7.4.30-3.el4.x86_64.rpm
postgresql-test-7.4.30-3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/postgresql-7.4.30-3.el4.src.rpm

i386:
postgresql-7.4.30-3.el4.i386.rpm
postgresql-contrib-7.4.30-3.el4.i386.rpm
postgresql-debuginfo-7.4.30-3.el4.i386.rpm
postgresql-devel-7.4.30-3.el4.i386.rpm
postgresql-docs-7.4.30-3.el4.i386.rpm
postgresql-jdbc-7.4.30-3.el4.i386.rpm
postgresql-libs-7.4.30-3.el4.i386.rpm
postgresql-pl-7.4.30-3.el4.i386.rpm
postgresql-python-7.4.30-3.el4.i386.rpm
postgresql-server-7.4.30-3.el4.i386.rpm
postgresql-tcl-7.4.30-3.el4.i386.rpm
postgresql-test-7.4.30-3.el4.i386.rpm

x86_64:
postgresql-7.4.30-3.el4.x86_64.rpm
postgresql-contrib-7.4.30-3.el4.x86_64.rpm
postgresql-debuginfo-7.4.30-3.el4.i386.rpm
postgresql-debuginfo-7.4.30-3.el4.x86_64.rpm
postgresql-devel-7.4.30-3.el4.x86_64.rpm
postgresql-docs-7.4.30-3.el4.x86_64.rpm
postgresql-jdbc-7.4.30-3.el4.x86_64.rpm
postgresql-libs-7.4.30-3.el4.i386.rpm
postgresql-libs-7.4.30-3.el4.x86_64.rpm
postgresql-pl-7.4.30-3.el4.x86_64.rpm
postgresql-python-7.4.30-3.el4.x86_64.rpm
postgresql-server-7.4.30-3.el4.x86_64.rpm
postgresql-tcl-7.4.30-3.el4.x86_64.rpm
postgresql-test-7.4.30-3.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/postgresql-7.4.30-3.el4.src.rpm

i386:
postgresql-7.4.30-3.el4.i386.rpm
postgresql-contrib-7.4.30-3.el4.i386.rpm
postgresql-debuginfo-7.4.30-3.el4.i386.rpm
postgresql-devel-7.4.30-3.el4.i386.rpm
postgresql-docs-7.4.30-3.el4.i386.rpm
postgresql-jdbc-7.4.30-3.el4.i386.rpm
postgresql-libs-7.4.30-3.el4.i386.rpm
postgresql-pl-7.4.30-3.el4.i386.rpm
postgresql-python-7.4.30-3.el4.i386.rpm
postgresql-server-7.4.30-3.el4.i386.rpm
postgresql-tcl-7.4.30-3.el4.i386.rpm
postgresql-test-7.4.30-3.el4.i386.rpm

ia64:
postgresql-7.4.30-3.el4.ia64.rpm
postgresql-contrib-7.4.30-3.el4.ia64.rpm
postgresql-debuginfo-7.4.30-3.el4.i386.rpm
postgresql-debuginfo-7.4.30-3.el4.ia64.rpm
postgresql-devel-7.4.30-3.el4.ia64.rpm
postgresql-docs-7.4.30-3.el4.ia64.rpm
postgresql-jdbc-7.4.30-3.el4.ia64.rpm
postgresql-libs-7.4.30-3.el4.i386.rpm
postgresql-libs-7.4.30-3.el4.ia64.rpm
postgresql-pl-7.4.30-3.el4.ia64.rpm
postgresql-python-7.4.30-3.el4.ia64.rpm
postgresql-server-7.4.30-3.el4.ia64.rpm
postgresql-tcl-7.4.30-3.el4.ia64.rpm
postgresql-test-7.4.30-3.el4.ia64.rpm

x86_64:
postgresql-7.4.30-3.el4.x86_64.rpm
postgresql-contrib-7.4.30-3.el4.x86_64.rpm
postgresql-debuginfo-7.4.30-3.el4.i386.rpm
postgresql-debuginfo-7.4.30-3.el4.x86_64.rpm
postgresql-devel-7.4.30-3.el4.x86_64.rpm
postgresql-docs-7.4.30-3.el4.x86_64.rpm
postgresql-jdbc-7.4.30-3.el4.x86_64.rpm
postgresql-libs-7.4.30-3.el4.i386.rpm
postgresql-libs-7.4.30-3.el4.x86_64.rpm
postgresql-pl-7.4.30-3.el4.x86_64.rpm
postgresql-python-7.4.30-3.el4.x86_64.rpm
postgresql-server-7.4.30-3.el4.x86_64.rpm
postgresql-tcl-7.4.30-3.el4.x86_64.rpm
postgresql-test-7.4.30-3.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/postgresql-7.4.30-3.el4.src.rpm

i386:
postgresql-7.4.30-3.el4.i386.rpm
postgresql-contrib-7.4.30-3.el4.i386.rpm
postgresql-debuginfo-7.4.30-3.el4.i386.rpm
postgresql-devel-7.4.30-3.el4.i386.rpm
postgresql-docs-7.4.30-3.el4.i386.rpm
postgresql-jdbc-7.4.30-3.el4.i386.rpm
postgresql-libs-7.4.30-3.el4.i386.rpm
postgresql-pl-7.4.30-3.el4.i386.rpm
postgresql-python-7.4.30-3.el4.i386.rpm
postgresql-server-7.4.30-3.el4.i386.rpm
postgresql-tcl-7.4.30-3.el4.i386.rpm
postgresql-test-7.4.30-3.el4.i386.rpm

ia64:
postgresql-7.4.30-3.el4.ia64.rpm
postgresql-contrib-7.4.30-3.el4.ia64.rpm
postgresql-debuginfo-7.4.30-3.el4.i386.rpm
postgresql-debuginfo-7.4.30-3.el4.ia64.rpm
postgresql-devel-7.4.30-3.el4.ia64.rpm
postgresql-docs-7.4.30-3.el4.ia64.rpm
postgresql-jdbc-7.4.30-3.el4.ia64.rpm
postgresql-libs-7.4.30-3.el4.i386.rpm
postgresql-libs-7.4.30-3.el4.ia64.rpm
postgresql-pl-7.4.30-3.el4.ia64.rpm
postgresql-python-7.4.30-3.el4.ia64.rpm
postgresql-server-7.4.30-3.el4.ia64.rpm
postgresql-tcl-7.4.30-3.el4.ia64.rpm
postgresql-test-7.4.30-3.el4.ia64.rpm

x86_64:
postgresql-7.4.30-3.el4.x86_64.rpm
postgresql-contrib-7.4.30-3.el4.x86_64.rpm
postgresql-debuginfo-7.4.30-3.el4.i386.rpm
postgresql-debuginfo-7.4.30-3.el4.x86_64.rpm
postgresql-devel-7.4.30-3.el4.x86_64.rpm
postgresql-docs-7.4.30-3.el4.x86_64.rpm
postgresql-jdbc-7.4.30-3.el4.x86_64.rpm
postgresql-libs-7.4.30-3.el4.i386.rpm
postgresql-libs-7.4.30-3.el4.x86_64.rpm
postgresql-pl-7.4.30-3.el4.x86_64.rpm
postgresql-python-7.4.30-3.el4.x86_64.rpm
postgresql-server-7.4.30-3.el4.x86_64.rpm
postgresql-tcl-7.4.30-3.el4.x86_64.rpm
postgresql-test-7.4.30-3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.23-1.el5_7.2.src.rpm

i386:
postgresql-8.1.23-1.el5_7.2.i386.rpm
postgresql-contrib-8.1.23-1.el5_7.2.i386.rpm
postgresql-debuginfo-8.1.23-1.el5_7.2.i386.rpm
postgresql-docs-8.1.23-1.el5_7.2.i386.rpm
postgresql-libs-8.1.23-1.el5_7.2.i386.rpm
postgresql-python-8.1.23-1.el5_7.2.i386.rpm
postgresql-tcl-8.1.23-1.el5_7.2.i386.rpm

x86_64:
postgresql-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-contrib-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-debuginfo-8.1.23-1.el5_7.2.i386.rpm
postgresql-debuginfo-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-docs-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-libs-8.1.23-1.el5_7.2.i386.rpm
postgresql-libs-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-python-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-tcl-8.1.23-1.el5_7.2.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.23-1.el5_7.2.src.rpm

i386:
postgresql-debuginfo-8.1.23-1.el5_7.2.i386.rpm
postgresql-devel-8.1.23-1.el5_7.2.i386.rpm
postgresql-pl-8.1.23-1.el5_7.2.i386.rpm
postgresql-server-8.1.23-1.el5_7.2.i386.rpm
postgresql-test-8.1.23-1.el5_7.2.i386.rpm

x86_64:
postgresql-debuginfo-8.1.23-1.el5_7.2.i386.rpm
postgresql-debuginfo-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-devel-8.1.23-1.el5_7.2.i386.rpm
postgresql-devel-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-pl-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-server-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-test-8.1.23-1.el5_7.2.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postgresql-8.1.23-1.el5_7.2.src.rpm

i386:
postgresql-8.1.23-1.el5_7.2.i386.rpm
postgresql-contrib-8.1.23-1.el5_7.2.i386.rpm
postgresql-debuginfo-8.1.23-1.el5_7.2.i386.rpm
postgresql-devel-8.1.23-1.el5_7.2.i386.rpm
postgresql-docs-8.1.23-1.el5_7.2.i386.rpm
postgresql-libs-8.1.23-1.el5_7.2.i386.rpm
postgresql-pl-8.1.23-1.el5_7.2.i386.rpm
postgresql-python-8.1.23-1.el5_7.2.i386.rpm
postgresql-server-8.1.23-1.el5_7.2.i386.rpm
postgresql-tcl-8.1.23-1.el5_7.2.i386.rpm
postgresql-test-8.1.23-1.el5_7.2.i386.rpm

ia64:
postgresql-8.1.23-1.el5_7.2.ia64.rpm
postgresql-contrib-8.1.23-1.el5_7.2.ia64.rpm
postgresql-debuginfo-8.1.23-1.el5_7.2.i386.rpm
postgresql-debuginfo-8.1.23-1.el5_7.2.ia64.rpm
postgresql-devel-8.1.23-1.el5_7.2.ia64.rpm
postgresql-docs-8.1.23-1.el5_7.2.ia64.rpm
postgresql-libs-8.1.23-1.el5_7.2.i386.rpm
postgresql-libs-8.1.23-1.el5_7.2.ia64.rpm
postgresql-pl-8.1.23-1.el5_7.2.ia64.rpm
postgresql-python-8.1.23-1.el5_7.2.ia64.rpm
postgresql-server-8.1.23-1.el5_7.2.ia64.rpm
postgresql-tcl-8.1.23-1.el5_7.2.ia64.rpm
postgresql-test-8.1.23-1.el5_7.2.ia64.rpm

ppc:
postgresql-8.1.23-1.el5_7.2.ppc.rpm
postgresql-8.1.23-1.el5_7.2.ppc64.rpm
postgresql-contrib-8.1.23-1.el5_7.2.ppc.rpm
postgresql-debuginfo-8.1.23-1.el5_7.2.ppc.rpm
postgresql-debuginfo-8.1.23-1.el5_7.2.ppc64.rpm
postgresql-devel-8.1.23-1.el5_7.2.ppc.rpm
postgresql-devel-8.1.23-1.el5_7.2.ppc64.rpm
postgresql-docs-8.1.23-1.el5_7.2.ppc.rpm
postgresql-libs-8.1.23-1.el5_7.2.ppc.rpm
postgresql-libs-8.1.23-1.el5_7.2.ppc64.rpm
postgresql-pl-8.1.23-1.el5_7.2.ppc.rpm
postgresql-python-8.1.23-1.el5_7.2.ppc.rpm
postgresql-server-8.1.23-1.el5_7.2.ppc.rpm
postgresql-tcl-8.1.23-1.el5_7.2.ppc.rpm
postgresql-test-8.1.23-1.el5_7.2.ppc.rpm

s390x:
postgresql-8.1.23-1.el5_7.2.s390x.rpm
postgresql-contrib-8.1.23-1.el5_7.2.s390x.rpm
postgresql-debuginfo-8.1.23-1.el5_7.2.s390.rpm
postgresql-debuginfo-8.1.23-1.el5_7.2.s390x.rpm
postgresql-devel-8.1.23-1.el5_7.2.s390.rpm
postgresql-devel-8.1.23-1.el5_7.2.s390x.rpm
postgresql-docs-8.1.23-1.el5_7.2.s390x.rpm
postgresql-libs-8.1.23-1.el5_7.2.s390.rpm
postgresql-libs-8.1.23-1.el5_7.2.s390x.rpm
postgresql-pl-8.1.23-1.el5_7.2.s390x.rpm
postgresql-python-8.1.23-1.el5_7.2.s390x.rpm
postgresql-server-8.1.23-1.el5_7.2.s390x.rpm
postgresql-tcl-8.1.23-1.el5_7.2.s390x.rpm
postgresql-test-8.1.23-1.el5_7.2.s390x.rpm

x86_64:
postgresql-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-contrib-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-debuginfo-8.1.23-1.el5_7.2.i386.rpm
postgresql-debuginfo-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-devel-8.1.23-1.el5_7.2.i386.rpm
postgresql-devel-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-docs-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-libs-8.1.23-1.el5_7.2.i386.rpm
postgresql-libs-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-pl-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-python-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-server-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-tcl-8.1.23-1.el5_7.2.x86_64.rpm
postgresql-test-8.1.23-1.el5_7.2.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.9-1.el6_1.1.src.rpm

i386:
postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm
postgresql-libs-8.4.9-1.el6_1.1.i686.rpm

x86_64:
postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm
postgresql-debuginfo-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-libs-8.4.9-1.el6_1.1.i686.rpm
postgresql-libs-8.4.9-1.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.9-1.el6_1.1.src.rpm

i386:
postgresql-8.4.9-1.el6_1.1.i686.rpm
postgresql-contrib-8.4.9-1.el6_1.1.i686.rpm
postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm
postgresql-devel-8.4.9-1.el6_1.1.i686.rpm
postgresql-docs-8.4.9-1.el6_1.1.i686.rpm
postgresql-plperl-8.4.9-1.el6_1.1.i686.rpm
postgresql-plpython-8.4.9-1.el6_1.1.i686.rpm
postgresql-pltcl-8.4.9-1.el6_1.1.i686.rpm
postgresql-server-8.4.9-1.el6_1.1.i686.rpm
postgresql-test-8.4.9-1.el6_1.1.i686.rpm

x86_64:
postgresql-8.4.9-1.el6_1.1.i686.rpm
postgresql-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-contrib-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm
postgresql-debuginfo-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-devel-8.4.9-1.el6_1.1.i686.rpm
postgresql-devel-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-docs-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-plperl-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-plpython-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-pltcl-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-server-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-test-8.4.9-1.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/postgresql-8.4.9-1.el6_1.1.src.rpm

x86_64:
postgresql-8.4.9-1.el6_1.1.i686.rpm
postgresql-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-contrib-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm
postgresql-debuginfo-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-devel-8.4.9-1.el6_1.1.i686.rpm
postgresql-devel-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-docs-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-libs-8.4.9-1.el6_1.1.i686.rpm
postgresql-libs-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-plperl-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-plpython-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-pltcl-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-server-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-test-8.4.9-1.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/postgresql-8.4.9-1.el6_1.1.src.rpm

i386:
postgresql-8.4.9-1.el6_1.1.i686.rpm
postgresql-contrib-8.4.9-1.el6_1.1.i686.rpm
postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm
postgresql-devel-8.4.9-1.el6_1.1.i686.rpm
postgresql-docs-8.4.9-1.el6_1.1.i686.rpm
postgresql-libs-8.4.9-1.el6_1.1.i686.rpm
postgresql-plperl-8.4.9-1.el6_1.1.i686.rpm
postgresql-plpython-8.4.9-1.el6_1.1.i686.rpm
postgresql-pltcl-8.4.9-1.el6_1.1.i686.rpm
postgresql-server-8.4.9-1.el6_1.1.i686.rpm
postgresql-test-8.4.9-1.el6_1.1.i686.rpm

ppc64:
postgresql-8.4.9-1.el6_1.1.ppc.rpm
postgresql-8.4.9-1.el6_1.1.ppc64.rpm
postgresql-contrib-8.4.9-1.el6_1.1.ppc64.rpm
postgresql-debuginfo-8.4.9-1.el6_1.1.ppc.rpm
postgresql-debuginfo-8.4.9-1.el6_1.1.ppc64.rpm
postgresql-devel-8.4.9-1.el6_1.1.ppc.rpm
postgresql-devel-8.4.9-1.el6_1.1.ppc64.rpm
postgresql-docs-8.4.9-1.el6_1.1.ppc64.rpm
postgresql-libs-8.4.9-1.el6_1.1.ppc.rpm
postgresql-libs-8.4.9-1.el6_1.1.ppc64.rpm
postgresql-plperl-8.4.9-1.el6_1.1.ppc64.rpm
postgresql-plpython-8.4.9-1.el6_1.1.ppc64.rpm
postgresql-pltcl-8.4.9-1.el6_1.1.ppc64.rpm
postgresql-server-8.4.9-1.el6_1.1.ppc64.rpm
postgresql-test-8.4.9-1.el6_1.1.ppc64.rpm

s390x:
postgresql-8.4.9-1.el6_1.1.s390.rpm
postgresql-8.4.9-1.el6_1.1.s390x.rpm
postgresql-contrib-8.4.9-1.el6_1.1.s390x.rpm
postgresql-debuginfo-8.4.9-1.el6_1.1.s390.rpm
postgresql-debuginfo-8.4.9-1.el6_1.1.s390x.rpm
postgresql-devel-8.4.9-1.el6_1.1.s390.rpm
postgresql-devel-8.4.9-1.el6_1.1.s390x.rpm
postgresql-docs-8.4.9-1.el6_1.1.s390x.rpm
postgresql-libs-8.4.9-1.el6_1.1.s390.rpm
postgresql-libs-8.4.9-1.el6_1.1.s390x.rpm
postgresql-plperl-8.4.9-1.el6_1.1.s390x.rpm
postgresql-plpython-8.4.9-1.el6_1.1.s390x.rpm
postgresql-pltcl-8.4.9-1.el6_1.1.s390x.rpm
postgresql-server-8.4.9-1.el6_1.1.s390x.rpm
postgresql-test-8.4.9-1.el6_1.1.s390x.rpm

x86_64:
postgresql-8.4.9-1.el6_1.1.i686.rpm
postgresql-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-contrib-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm
postgresql-debuginfo-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-devel-8.4.9-1.el6_1.1.i686.rpm
postgresql-devel-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-docs-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-libs-8.4.9-1.el6_1.1.i686.rpm
postgresql-libs-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-plperl-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-plpython-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-pltcl-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-server-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-test-8.4.9-1.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/postgresql-8.4.9-1.el6_1.1.src.rpm

i386:
postgresql-8.4.9-1.el6_1.1.i686.rpm
postgresql-contrib-8.4.9-1.el6_1.1.i686.rpm
postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm
postgresql-devel-8.4.9-1.el6_1.1.i686.rpm
postgresql-docs-8.4.9-1.el6_1.1.i686.rpm
postgresql-libs-8.4.9-1.el6_1.1.i686.rpm
postgresql-plperl-8.4.9-1.el6_1.1.i686.rpm
postgresql-plpython-8.4.9-1.el6_1.1.i686.rpm
postgresql-pltcl-8.4.9-1.el6_1.1.i686.rpm
postgresql-server-8.4.9-1.el6_1.1.i686.rpm
postgresql-test-8.4.9-1.el6_1.1.i686.rpm

x86_64:
postgresql-8.4.9-1.el6_1.1.i686.rpm
postgresql-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-contrib-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm
postgresql-debuginfo-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-devel-8.4.9-1.el6_1.1.i686.rpm
postgresql-devel-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-docs-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-libs-8.4.9-1.el6_1.1.i686.rpm
postgresql-libs-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-plperl-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-plpython-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-pltcl-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-server-8.4.9-1.el6_1.1.x86_64.rpm
postgresql-test-8.4.9-1.el6_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-2483.html
https://access.redhat.com/security/updates/classification/#moderate
http://www.postgresql.org/docs/8.4/static/release.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFOnKWBXlSAg2UNWIIRAqATAJsFraHvIJgu4YS2F94Y2r q27hMFhACfW8BC
e0HEFqxyPgjm46XV4jx09Ow=
=Tsb5
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

05-21-2012 05:17 PM

Moderate: postgresql security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: postgresql security update
Advisory ID: RHSA-2012:0677-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0677.html
Issue date: 2012-05-21
CVE Names: CVE-2012-0866 CVE-2012-0868
================================================== ===================

1. Summary:

Updated postgresql packages that fix two security issues are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system
(DBMS).

The pg_dump utility inserted object names literally into comments in the
SQL script it produces. An unprivileged database user could create an
object whose name includes a newline followed by an SQL command. This SQL
command might then be executed by a privileged user during later restore of
the backup dump, allowing privilege escalation. (CVE-2012-0868)

CREATE TRIGGER did not do a permissions check on the trigger function to
be called. This could possibly allow an authenticated database user to
call a privileged trigger function on data of their choosing.
(CVE-2012-0866)

All PostgreSQL users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. If the postgresql
service is running, it will be automatically restarted after installing
this update.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

797222 - CVE-2012-0866 postgresql: Absent permission checks on trigger function to be called when creating a trigger
797917 - CVE-2012-0868 postgresql: SQL injection due unsanitized newline characters in object names

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.23-4.el5_8.src.rpm

i386:
postgresql-8.1.23-4.el5_8.i386.rpm
postgresql-contrib-8.1.23-4.el5_8.i386.rpm
postgresql-debuginfo-8.1.23-4.el5_8.i386.rpm
postgresql-docs-8.1.23-4.el5_8.i386.rpm
postgresql-libs-8.1.23-4.el5_8.i386.rpm
postgresql-python-8.1.23-4.el5_8.i386.rpm
postgresql-tcl-8.1.23-4.el5_8.i386.rpm

x86_64:
postgresql-8.1.23-4.el5_8.x86_64.rpm
postgresql-contrib-8.1.23-4.el5_8.x86_64.rpm
postgresql-debuginfo-8.1.23-4.el5_8.i386.rpm
postgresql-debuginfo-8.1.23-4.el5_8.x86_64.rpm
postgresql-docs-8.1.23-4.el5_8.x86_64.rpm
postgresql-libs-8.1.23-4.el5_8.i386.rpm
postgresql-libs-8.1.23-4.el5_8.x86_64.rpm
postgresql-python-8.1.23-4.el5_8.x86_64.rpm
postgresql-tcl-8.1.23-4.el5_8.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.23-4.el5_8.src.rpm

i386:
postgresql-debuginfo-8.1.23-4.el5_8.i386.rpm
postgresql-devel-8.1.23-4.el5_8.i386.rpm
postgresql-pl-8.1.23-4.el5_8.i386.rpm
postgresql-server-8.1.23-4.el5_8.i386.rpm
postgresql-test-8.1.23-4.el5_8.i386.rpm

x86_64:
postgresql-debuginfo-8.1.23-4.el5_8.i386.rpm
postgresql-debuginfo-8.1.23-4.el5_8.x86_64.rpm
postgresql-devel-8.1.23-4.el5_8.i386.rpm
postgresql-devel-8.1.23-4.el5_8.x86_64.rpm
postgresql-pl-8.1.23-4.el5_8.x86_64.rpm
postgresql-server-8.1.23-4.el5_8.x86_64.rpm
postgresql-test-8.1.23-4.el5_8.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postgresql-8.1.23-4.el5_8.src.rpm

i386:
postgresql-8.1.23-4.el5_8.i386.rpm
postgresql-contrib-8.1.23-4.el5_8.i386.rpm
postgresql-debuginfo-8.1.23-4.el5_8.i386.rpm
postgresql-devel-8.1.23-4.el5_8.i386.rpm
postgresql-docs-8.1.23-4.el5_8.i386.rpm
postgresql-libs-8.1.23-4.el5_8.i386.rpm
postgresql-pl-8.1.23-4.el5_8.i386.rpm
postgresql-python-8.1.23-4.el5_8.i386.rpm
postgresql-server-8.1.23-4.el5_8.i386.rpm
postgresql-tcl-8.1.23-4.el5_8.i386.rpm
postgresql-test-8.1.23-4.el5_8.i386.rpm

ia64:
postgresql-8.1.23-4.el5_8.ia64.rpm
postgresql-contrib-8.1.23-4.el5_8.ia64.rpm
postgresql-debuginfo-8.1.23-4.el5_8.i386.rpm
postgresql-debuginfo-8.1.23-4.el5_8.ia64.rpm
postgresql-devel-8.1.23-4.el5_8.ia64.rpm
postgresql-docs-8.1.23-4.el5_8.ia64.rpm
postgresql-libs-8.1.23-4.el5_8.i386.rpm
postgresql-libs-8.1.23-4.el5_8.ia64.rpm
postgresql-pl-8.1.23-4.el5_8.ia64.rpm
postgresql-python-8.1.23-4.el5_8.ia64.rpm
postgresql-server-8.1.23-4.el5_8.ia64.rpm
postgresql-tcl-8.1.23-4.el5_8.ia64.rpm
postgresql-test-8.1.23-4.el5_8.ia64.rpm

ppc:
postgresql-8.1.23-4.el5_8.ppc.rpm
postgresql-8.1.23-4.el5_8.ppc64.rpm
postgresql-contrib-8.1.23-4.el5_8.ppc.rpm
postgresql-debuginfo-8.1.23-4.el5_8.ppc.rpm
postgresql-debuginfo-8.1.23-4.el5_8.ppc64.rpm
postgresql-devel-8.1.23-4.el5_8.ppc.rpm
postgresql-devel-8.1.23-4.el5_8.ppc64.rpm
postgresql-docs-8.1.23-4.el5_8.ppc.rpm
postgresql-libs-8.1.23-4.el5_8.ppc.rpm
postgresql-libs-8.1.23-4.el5_8.ppc64.rpm
postgresql-pl-8.1.23-4.el5_8.ppc.rpm
postgresql-python-8.1.23-4.el5_8.ppc.rpm
postgresql-server-8.1.23-4.el5_8.ppc.rpm
postgresql-tcl-8.1.23-4.el5_8.ppc.rpm
postgresql-test-8.1.23-4.el5_8.ppc.rpm

s390x:
postgresql-8.1.23-4.el5_8.s390x.rpm
postgresql-contrib-8.1.23-4.el5_8.s390x.rpm
postgresql-debuginfo-8.1.23-4.el5_8.s390.rpm
postgresql-debuginfo-8.1.23-4.el5_8.s390x.rpm
postgresql-devel-8.1.23-4.el5_8.s390.rpm
postgresql-devel-8.1.23-4.el5_8.s390x.rpm
postgresql-docs-8.1.23-4.el5_8.s390x.rpm
postgresql-libs-8.1.23-4.el5_8.s390.rpm
postgresql-libs-8.1.23-4.el5_8.s390x.rpm
postgresql-pl-8.1.23-4.el5_8.s390x.rpm
postgresql-python-8.1.23-4.el5_8.s390x.rpm
postgresql-server-8.1.23-4.el5_8.s390x.rpm
postgresql-tcl-8.1.23-4.el5_8.s390x.rpm
postgresql-test-8.1.23-4.el5_8.s390x.rpm

x86_64:
postgresql-8.1.23-4.el5_8.x86_64.rpm
postgresql-contrib-8.1.23-4.el5_8.x86_64.rpm
postgresql-debuginfo-8.1.23-4.el5_8.i386.rpm
postgresql-debuginfo-8.1.23-4.el5_8.x86_64.rpm
postgresql-devel-8.1.23-4.el5_8.i386.rpm
postgresql-devel-8.1.23-4.el5_8.x86_64.rpm
postgresql-docs-8.1.23-4.el5_8.x86_64.rpm
postgresql-libs-8.1.23-4.el5_8.i386.rpm
postgresql-libs-8.1.23-4.el5_8.x86_64.rpm
postgresql-pl-8.1.23-4.el5_8.x86_64.rpm
postgresql-python-8.1.23-4.el5_8.x86_64.rpm
postgresql-server-8.1.23-4.el5_8.x86_64.rpm
postgresql-tcl-8.1.23-4.el5_8.x86_64.rpm
postgresql-test-8.1.23-4.el5_8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-0866.html
https://www.redhat.com/security/data/cve/CVE-2012-0868.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPuniMXlSAg2UNWIIRAnEFAJsHEqIwbTv34djIrCFzTg ZKLvQ+bQCcC/li
MIPNfyIUQhp+R//KWA/422g=
=7uqX
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list


All times are GMT. The time now is 11:29 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.