[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[RHSA-2007:0067-01] Moderate: postgresql security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: postgresql security update
Advisory ID:       RHSA-2007:0067-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0067.html
Issue date:        2007-02-07
Updated on:        2007-02-07
Product:           Red Hat Application Stack
CVE Names:         CVE-2007-0555 CVE-2007-0556 CVE-2006-5540 
                   CVE-2006-5541 CVE-2006-5542 
- ---------------------------------------------------------------------

1. Summary:

Updated postgresql packages that fix several security vulnerabilities are
now available for the Red Hat Application Stack.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64

3. Problem description:

PostgreSQL is an advanced Object-Relational database management system
(DBMS).

Two flaws were found in the way the PostgreSQL server handles certain
SQL-language functions. An authenticated user could execute a sequence of
command which could crash the PostgreSQL server or possibly read from
arbitrary memory locations. A user must have permissions to drop and add
database tables to exploit this flaw. (CVE-2007-0555, CVE-2007-0556)

Several denial of service flaws were found in the PostgreSQL server. An
authenticated user could execute an SQL command which could crash the
PostgreSQL server. (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542)

Users of PostgreSQL should upgrade to these updated packages containing
PostgreSQL version 8.1.7, which corrects these issues.  

Note: The original PostgreSQL 8.1.7 security patch contained an error; this
release includes the updated patch and so is equivalent to the
soon-to-be-released 8.1.8.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

225543 - CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556)
227299 - CVE-2006-5540 New version fixes three different crash vulnerabilities (CVE-2006-5541, CVE-2006-5542)
227542 - Attribute type error when updating varchar column

6. RPMs required:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4):

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/postgresql-8.1.7-3.el4s1.1.src.rpm
45bcce54c270fd2f45d2699acff84f15  postgresql-8.1.7-3.el4s1.1.src.rpm

i386:
c6a46625d9bea44b11124d3a66d96e9b  postgresql-8.1.7-3.el4s1.1.i386.rpm
df169915db46942012553d8081a4b3e5  postgresql-contrib-8.1.7-3.el4s1.1.i386.rpm
5e371f2543c84a7b39114b9e2b196d50  postgresql-debuginfo-8.1.7-3.el4s1.1.i386.rpm
9cda736cdb9a5693ee58755e597fe642  postgresql-devel-8.1.7-3.el4s1.1.i386.rpm
3987bad06885307647eeb306343afdc4  postgresql-docs-8.1.7-3.el4s1.1.i386.rpm
f01b6879753c511e872d9a9280a17457  postgresql-libs-8.1.7-3.el4s1.1.i386.rpm
e67b3a9842f3e7df38728b039ff39a07  postgresql-pl-8.1.7-3.el4s1.1.i386.rpm
07ec3d3cdab7acfd656526a2307f4f82  postgresql-python-8.1.7-3.el4s1.1.i386.rpm
e0a1a1e8fd021aa8f48525964c91d404  postgresql-server-8.1.7-3.el4s1.1.i386.rpm
44960f2637577c4af090044005e77d6f  postgresql-tcl-8.1.7-3.el4s1.1.i386.rpm
a079aa11e843f8cd39d64d12e84c4c6e  postgresql-test-8.1.7-3.el4s1.1.i386.rpm

x86_64:
c254f9f1b3f7d65b39f7e32132c94376  postgresql-8.1.7-3.el4s1.1.x86_64.rpm
ccdcf0cddc657b4dcf14f4a0b55cc668  postgresql-contrib-8.1.7-3.el4s1.1.x86_64.rpm
5e371f2543c84a7b39114b9e2b196d50  postgresql-debuginfo-8.1.7-3.el4s1.1.i386.rpm
22e892be6b087d3184b6e5d9bc283a19  postgresql-debuginfo-8.1.7-3.el4s1.1.x86_64.rpm
9a93c6cf1e6e3924ea032be6e7e07716  postgresql-devel-8.1.7-3.el4s1.1.x86_64.rpm
5c14bb68f28ef09d925e81ca0179ce61  postgresql-docs-8.1.7-3.el4s1.1.x86_64.rpm
f01b6879753c511e872d9a9280a17457  postgresql-libs-8.1.7-3.el4s1.1.i386.rpm
b73d1df15aaed9c98d248e369cb36839  postgresql-libs-8.1.7-3.el4s1.1.x86_64.rpm
0179aa38ed819c9127f0581f6176f522  postgresql-pl-8.1.7-3.el4s1.1.x86_64.rpm
ce253fbaf33d46734431ac4e7e02ac8a  postgresql-python-8.1.7-3.el4s1.1.x86_64.rpm
e9d1dd41d9b2c5b40cd675c0346c2f83  postgresql-server-8.1.7-3.el4s1.1.x86_64.rpm
d6dcb504c7775094c2de709151d9d170  postgresql-tcl-8.1.7-3.el4s1.1.x86_64.rpm
93ce219b21d4ef3611c2491c9546c35f  postgresql-test-8.1.7-3.el4s1.1.x86_64.rpm

Red Hat Application Stack v1 for Enterprise Linux ES (v.4):

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/postgresql-8.1.7-3.el4s1.1.src.rpm
45bcce54c270fd2f45d2699acff84f15  postgresql-8.1.7-3.el4s1.1.src.rpm

i386:
c6a46625d9bea44b11124d3a66d96e9b  postgresql-8.1.7-3.el4s1.1.i386.rpm
df169915db46942012553d8081a4b3e5  postgresql-contrib-8.1.7-3.el4s1.1.i386.rpm
5e371f2543c84a7b39114b9e2b196d50  postgresql-debuginfo-8.1.7-3.el4s1.1.i386.rpm
9cda736cdb9a5693ee58755e597fe642  postgresql-devel-8.1.7-3.el4s1.1.i386.rpm
3987bad06885307647eeb306343afdc4  postgresql-docs-8.1.7-3.el4s1.1.i386.rpm
f01b6879753c511e872d9a9280a17457  postgresql-libs-8.1.7-3.el4s1.1.i386.rpm
e67b3a9842f3e7df38728b039ff39a07  postgresql-pl-8.1.7-3.el4s1.1.i386.rpm
07ec3d3cdab7acfd656526a2307f4f82  postgresql-python-8.1.7-3.el4s1.1.i386.rpm
e0a1a1e8fd021aa8f48525964c91d404  postgresql-server-8.1.7-3.el4s1.1.i386.rpm
44960f2637577c4af090044005e77d6f  postgresql-tcl-8.1.7-3.el4s1.1.i386.rpm
a079aa11e843f8cd39d64d12e84c4c6e  postgresql-test-8.1.7-3.el4s1.1.i386.rpm

x86_64:
c254f9f1b3f7d65b39f7e32132c94376  postgresql-8.1.7-3.el4s1.1.x86_64.rpm
ccdcf0cddc657b4dcf14f4a0b55cc668  postgresql-contrib-8.1.7-3.el4s1.1.x86_64.rpm
5e371f2543c84a7b39114b9e2b196d50  postgresql-debuginfo-8.1.7-3.el4s1.1.i386.rpm
22e892be6b087d3184b6e5d9bc283a19  postgresql-debuginfo-8.1.7-3.el4s1.1.x86_64.rpm
9a93c6cf1e6e3924ea032be6e7e07716  postgresql-devel-8.1.7-3.el4s1.1.x86_64.rpm
5c14bb68f28ef09d925e81ca0179ce61  postgresql-docs-8.1.7-3.el4s1.1.x86_64.rpm
f01b6879753c511e872d9a9280a17457  postgresql-libs-8.1.7-3.el4s1.1.i386.rpm
b73d1df15aaed9c98d248e369cb36839  postgresql-libs-8.1.7-3.el4s1.1.x86_64.rpm
0179aa38ed819c9127f0581f6176f522  postgresql-pl-8.1.7-3.el4s1.1.x86_64.rpm
ce253fbaf33d46734431ac4e7e02ac8a  postgresql-python-8.1.7-3.el4s1.1.x86_64.rpm
e9d1dd41d9b2c5b40cd675c0346c2f83  postgresql-server-8.1.7-3.el4s1.1.x86_64.rpm
d6dcb504c7775094c2de709151d9d170  postgresql-tcl-8.1.7-3.el4s1.1.x86_64.rpm
93ce219b21d4ef3611c2491c9546c35f  postgresql-test-8.1.7-3.el4s1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5542
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert redhat com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFFyjANXlSAg2UNWIIRAl0dAKCnTiii4u8LzvZ8zMVDG3ecFBSlfACfbJm+
3ivmH1ga5Yo0xZhILjJmAho=
=64QJ
-----END PGP SIGNATURE-----




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]