User: Password:
|
|
Subscribe / Log in / New account

Red Hat alert RHSA-2007:0068-02 (postgresql)

From:  bugzilla@redhat.com
To:  enterprise-watch-list@redhat.com
Subject:  [RHSA-2007:0068-02] Moderate: postgresql security update
Date:  Wed, 14 Mar 2007 11:36:26 -0400

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: postgresql security update Advisory ID: RHSA-2007:0068-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0068.html Issue date: 2007-03-14 Updated on: 2007-03-14 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-5540 CVE-2006-5541 CVE-2006-5542 CVE-2007-0555 CVE-2007-0556 - --------------------------------------------------------------------- 1. Summary: Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: PostgreSQL is an advanced Object-Relational database management system (DBMS). Two flaws were found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit these issues (CVE-2007-0555, CVE-2007-0556). Several denial of service flaws were found in the PostgreSQL server. An authenticated user could execute certain SQL commands which could crash the PostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542). Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 8.1.8 which corrects these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 216411 - CVE-2006-5540 New version fixes three different crash vulnerabilities (CVE-2006-5541 CVE-2006-5542) 225496 - CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556) 227688 - Attribute type error when updating varchar column 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/... cbe3803061100a0e21ae2fd662fa7eec postgresql-8.1.8-1.el5.src.rpm i386: b6db34e9da1560e8d87418b71316488b postgresql-8.1.8-1.el5.i386.rpm ab9966173a10d19568e58e18b1ea0f14 postgresql-contrib-8.1.8-1.el5.i386.rpm 1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm 09ea8f2dd49c03f536e55fe71cbfb765 postgresql-docs-8.1.8-1.el5.i386.rpm 4aa40a7562d94ff450525f5180e62634 postgresql-libs-8.1.8-1.el5.i386.rpm ef42f820e437712576af6a360c96dca9 postgresql-python-8.1.8-1.el5.i386.rpm a353d60a9972b8bbc04c81629776fe8e postgresql-tcl-8.1.8-1.el5.i386.rpm x86_64: 71580dff758d16cb17f2e8eb35e753fa postgresql-8.1.8-1.el5.x86_64.rpm 757e8ddce97ada5ac9b60c2d464e2482 postgresql-contrib-8.1.8-1.el5.x86_64.rpm 1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm 1d3eaf63b87efaec54bb380faa0b6af8 postgresql-debuginfo-8.1.8-1.el5.x86_64.rpm e41349d11f081cc57019c748e4a4575a postgresql-docs-8.1.8-1.el5.x86_64.rpm 4aa40a7562d94ff450525f5180e62634 postgresql-libs-8.1.8-1.el5.i386.rpm efe6c80e7a5e02930f7caba1aa85f958 postgresql-libs-8.1.8-1.el5.x86_64.rpm 7ca63d34b6c49493b8649f9513002bc9 postgresql-python-8.1.8-1.el5.x86_64.rpm 45685367b978f4994a0537cc883eba06 postgresql-tcl-8.1.8-1.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/... cbe3803061100a0e21ae2fd662fa7eec postgresql-8.1.8-1.el5.src.rpm i386: 1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm 050dc905b012d3bb37aebeb0b35b28f3 postgresql-devel-8.1.8-1.el5.i386.rpm 637dc59b580445b6d75aea8f39afd485 postgresql-pl-8.1.8-1.el5.i386.rpm 5c936348ca2b124bdc3fb1e71148a596 postgresql-server-8.1.8-1.el5.i386.rpm 5a97f19a7f509c5497cc6cb80dc4509b postgresql-test-8.1.8-1.el5.i386.rpm x86_64: 1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm 1d3eaf63b87efaec54bb380faa0b6af8 postgresql-debuginfo-8.1.8-1.el5.x86_64.rpm 050dc905b012d3bb37aebeb0b35b28f3 postgresql-devel-8.1.8-1.el5.i386.rpm 7aaa7f414d6e671f4968794850335fad postgresql-devel-8.1.8-1.el5.x86_64.rpm aa5b02ec78b80e448a372148dea67b7d postgresql-pl-8.1.8-1.el5.x86_64.rpm bb0db5228c0a8ce2eb3041964221d55e postgresql-server-8.1.8-1.el5.x86_64.rpm 02ed854afee1e8a3ea80c6e22d04e046 postgresql-test-8.1.8-1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/... cbe3803061100a0e21ae2fd662fa7eec postgresql-8.1.8-1.el5.src.rpm i386: b6db34e9da1560e8d87418b71316488b postgresql-8.1.8-1.el5.i386.rpm ab9966173a10d19568e58e18b1ea0f14 postgresql-contrib-8.1.8-1.el5.i386.rpm 1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm 050dc905b012d3bb37aebeb0b35b28f3 postgresql-devel-8.1.8-1.el5.i386.rpm 09ea8f2dd49c03f536e55fe71cbfb765 postgresql-docs-8.1.8-1.el5.i386.rpm 4aa40a7562d94ff450525f5180e62634 postgresql-libs-8.1.8-1.el5.i386.rpm 637dc59b580445b6d75aea8f39afd485 postgresql-pl-8.1.8-1.el5.i386.rpm ef42f820e437712576af6a360c96dca9 postgresql-python-8.1.8-1.el5.i386.rpm 5c936348ca2b124bdc3fb1e71148a596 postgresql-server-8.1.8-1.el5.i386.rpm a353d60a9972b8bbc04c81629776fe8e postgresql-tcl-8.1.8-1.el5.i386.rpm 5a97f19a7f509c5497cc6cb80dc4509b postgresql-test-8.1.8-1.el5.i386.rpm ia64: 69b9f1aebf6e94690b80b83f5700debd postgresql-8.1.8-1.el5.ia64.rpm 4443f12ea700f736cae4573ee71535d9 postgresql-contrib-8.1.8-1.el5.ia64.rpm 1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm 9f6166066c76dbf5b8e80a5df4f1306d postgresql-debuginfo-8.1.8-1.el5.ia64.rpm 28e491bc8660859a6e2aa1bbb46786f1 postgresql-devel-8.1.8-1.el5.ia64.rpm 88416d3c56adf49a917d51e2b91ea7c3 postgresql-docs-8.1.8-1.el5.ia64.rpm 4aa40a7562d94ff450525f5180e62634 postgresql-libs-8.1.8-1.el5.i386.rpm c4b91e856696f5323b841b408e46ba83 postgresql-libs-8.1.8-1.el5.ia64.rpm ed7b489614fd4528a67b13141bcaf1fc postgresql-pl-8.1.8-1.el5.ia64.rpm 10c6a0917434ef8d67ddad76b1b44206 postgresql-python-8.1.8-1.el5.ia64.rpm 8fa5384e95f449d23d2de200db0f7cfb postgresql-server-8.1.8-1.el5.ia64.rpm 070894787ea2b1b13631cabf482fbd3a postgresql-tcl-8.1.8-1.el5.ia64.rpm 1342f6611941d28abcdf3ba8d0a0e784 postgresql-test-8.1.8-1.el5.ia64.rpm ppc: d1c81aa14ae57ffec2680083752f42e6 postgresql-8.1.8-1.el5.ppc.rpm 4778d8e5d47fee840bb5a4b3aa042e11 postgresql-contrib-8.1.8-1.el5.ppc.rpm 7b2a14f3f31631edb91186b64e00f758 postgresql-debuginfo-8.1.8-1.el5.ppc.rpm 651dfd132da8213c6725f6917a6ee2ad postgresql-debuginfo-8.1.8-1.el5.ppc64.rpm d0032a7370c9167cae64c67e0f7ea6d6 postgresql-devel-8.1.8-1.el5.ppc.rpm c51291a491ebfece7db693fd81de862c postgresql-devel-8.1.8-1.el5.ppc64.rpm 970f6d985d97a9b6e313c4ef40adc5f6 postgresql-docs-8.1.8-1.el5.ppc.rpm fd4110388418d06d7e3302d0881b76a5 postgresql-libs-8.1.8-1.el5.ppc.rpm af622184701cc32ba37e8710ab234c67 postgresql-libs-8.1.8-1.el5.ppc64.rpm fab13773ae902a2aa7801b84b6fd7d33 postgresql-pl-8.1.8-1.el5.ppc.rpm d426d7d3c0bba88422ef8da2998df468 postgresql-python-8.1.8-1.el5.ppc.rpm 5ca4d52df094f4fa4676def66b826c30 postgresql-server-8.1.8-1.el5.ppc.rpm eb8c8530bc6578c6e7d58e6b3de77c17 postgresql-tcl-8.1.8-1.el5.ppc.rpm 9487fc3b6de353d30641adb5a11e0895 postgresql-test-8.1.8-1.el5.ppc.rpm s390x: 71c539c818352c876dbe70e7fc305bc1 postgresql-8.1.8-1.el5.s390x.rpm a9bdf4729d164014bcd2e5a4c8fdbffa postgresql-contrib-8.1.8-1.el5.s390x.rpm 143edfcf968dd6b5565794e415bdd0d2 postgresql-debuginfo-8.1.8-1.el5.s390.rpm 5b68a77f30db1d0f4527cff8a4ea2034 postgresql-debuginfo-8.1.8-1.el5.s390x.rpm d6236894072cf2649dd916bb4044ae62 postgresql-devel-8.1.8-1.el5.s390.rpm a5fc3740d1445473487aa0cbfe0285b5 postgresql-devel-8.1.8-1.el5.s390x.rpm d707b3dce1cc3e989cb3e47e3f27eb78 postgresql-docs-8.1.8-1.el5.s390x.rpm 8a3a7d2384f7346da82db6106c095eb8 postgresql-libs-8.1.8-1.el5.s390.rpm d9043731e0db99f22064f18f486bd245 postgresql-libs-8.1.8-1.el5.s390x.rpm 919619f0ff7e97311f6f708c981b0a66 postgresql-pl-8.1.8-1.el5.s390x.rpm 004f7fac0d588cf7210b6b3df88932e6 postgresql-python-8.1.8-1.el5.s390x.rpm 2693a4e47fedb583056d8ff827632b43 postgresql-server-8.1.8-1.el5.s390x.rpm 9ce9c223645d83f3444badda7e9e0a57 postgresql-tcl-8.1.8-1.el5.s390x.rpm 4d668df9c8c905bdd83f2ab05b653df3 postgresql-test-8.1.8-1.el5.s390x.rpm x86_64: 71580dff758d16cb17f2e8eb35e753fa postgresql-8.1.8-1.el5.x86_64.rpm 757e8ddce97ada5ac9b60c2d464e2482 postgresql-contrib-8.1.8-1.el5.x86_64.rpm 1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm 1d3eaf63b87efaec54bb380faa0b6af8 postgresql-debuginfo-8.1.8-1.el5.x86_64.rpm 050dc905b012d3bb37aebeb0b35b28f3 postgresql-devel-8.1.8-1.el5.i386.rpm 7aaa7f414d6e671f4968794850335fad postgresql-devel-8.1.8-1.el5.x86_64.rpm e41349d11f081cc57019c748e4a4575a postgresql-docs-8.1.8-1.el5.x86_64.rpm 4aa40a7562d94ff450525f5180e62634 postgresql-libs-8.1.8-1.el5.i386.rpm efe6c80e7a5e02930f7caba1aa85f958 postgresql-libs-8.1.8-1.el5.x86_64.rpm aa5b02ec78b80e448a372148dea67b7d postgresql-pl-8.1.8-1.el5.x86_64.rpm 7ca63d34b6c49493b8649f9513002bc9 postgresql-python-8.1.8-1.el5.x86_64.rpm bb0db5228c0a8ce2eb3041964221d55e postgresql-server-8.1.8-1.el5.x86_64.rpm 45685367b978f4994a0537cc883eba06 postgresql-tcl-8.1.8-1.el5.x86_64.rpm 02ed854afee1e8a3ea80c6e22d04e046 postgresql-test-8.1.8-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5540 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5542 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556 http://www.redhat.com/security/updates/classification/#mo... 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF+BZtXlSAg2UNWIIRAkwQAKCEF/EepXvMFDfi/wJ+E+n/e0kPHACgrP/y dVfBAriw99LG3NHjLY5cAso= =o430 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds