Fedora 10 Update: sepostgresql-8.3.6-2.1634.fc10

updates at fedoraproject.org updates at fedoraproject.org
Sat Feb 28 00:23:10 UTC 2009 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-2138
2009-02-27 23:41:51
--------------------------------------------------------------------------------

Name        : sepostgresql
Product     : Fedora 10
Version     : 8.3.6
Release     : 2.1634.fc10
URL         : http://code.google.com/p/sepgsql/
Summary     : Security Enhanced PostgreSQL
Description :
Security Enhanced PostgreSQL is an extension of PostgreSQL
based on SELinux security policy, that applies fine grained
mandatory access control to many objects within the database,
and takes advantage of user authorization integrated within
the operating system. SE-PostgreSQL works as a userspace
reference monitor to check any SQL query.

--------------------------------------------------------------------------------
Update Information:

The prior version checks row-level permission after evaluation of WHERE clause,
but it also means injecting a malicious function in WHERE clause enables to
fetch contents of invisible tuple.  This fix change the order. Row-level
permission check is done prior to WHERE clause.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 26 2009 KaiGai Kohei <kaigai at kaigai.gr.jp> - 8.3.6-2.1635
- bugfix: possible information leak by the order of permission checks
  in row level permission checks.
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 8.3.6-3.1518
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Fri Feb  6 2009 <kaigai at kaigai.gr.jp> - 8.3.6-2.1523
- upgrade base PostgreSQL version 8.3.5->8.3.6
- backport features from 8.4devel tree
- security policy fix for Fedora 9
* Sat Jan 17 2009 Tomas Mraz <tmraz at redhat.com> - 8.3.5-2.1183
- rebuild with new openssl
* Wed Nov  5 2008 <kaigai at kaigai.gr.jp> - 8.3.5-2.1182
- upgrade base PostgreSQL version 8.3.4->8.3.5
- backport cumulative bugfixes from 8.4devel series
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update sepostgresql' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list