Fedora alert FEDORA-2010-8715 (postgresql)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 12 Update: postgresql-8.4.4-1.fc12 | |
| Date: | Tue, 18 May 2010 21:53:33 +0000 | |
| Message-ID: | <20100518215333.B80C8111441@bastion02.phx2.fedoraproject.org> | |
| Archive‑link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-8715 2010-05-18 20:48:20 -------------------------------------------------------------------------------- Name : postgresql Product : Fedora 12 Version : 8.4.4 Release : 1.fc12 URL : http://www.postgresql.org/ Summary : PostgreSQL client programs Description : PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the docs in HTML for the whole package, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a local or remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. -------------------------------------------------------------------------------- Update Information: Update to new minor releases, primarily to fix CVE-2010-1169 and CVE-2010-1170, but see also other fixes at * http://www.postgresql.org/docs/8.4/static/release-8-4-4.html -------------------------------------------------------------------------------- ChangeLog: * Mon May 17 2010 Tom Lane <tgl@redhat.com> 8.4.4-1 - Update to PostgreSQL 8.4.4, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-4.html including fixes for CVE-2010-1169 and CVE-2010-1170 Resolves: #593032 * Sun Mar 14 2010 Tom Lane <tgl@redhat.com> 8.4.3-1 - Update to PostgreSQL 8.4.3, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-3.html - Bring init script into some modicum of compliance with Fedora/LSB standards Resolves: #201043 - Emit explicit error message if user tries to build RPM as root Related: #558921 - Arrange for the postmaster, but not any of its child processes, to be run with oom_adj -17. This compensates for the OOM killer not being smart about accounting for shared memory usage. - Change %define to %global, per packaging guidelines * Thu Feb 18 2010 Tom "spot" Callaway <tcallawa@redhat.com> - adjust license tag to reflect OSI decision * Wed Dec 16 2009 Tom Lane <tgl@redhat.com> 8.4.2-1 - Update to PostgreSQL 8.4.2, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-2.html including two security issues Related: #546321 Related: #547662 - Use -N not the obsolete -n in useradd call Resolves: #495727 - Clean up specfile to eliminate rpmlint gripes, mainly by removing no-longer-needed provisions for superseding rh-postgresql - add sparc/sparc64 to multilib header support -------------------------------------------------------------------------------- References: [ 1 ] Bug #582615 - CVE-2010-1169 PostgreSQL: PL/Perl Intended restriction bypass https://bugzilla.redhat.com/show_bug.cgi?id=582615 [ 2 ] Bug #583072 - CVE-2010-1170 PostgreSQL: PL/Tcl Intended restriction bypass https://bugzilla.redhat.com/show_bug.cgi?id=583072 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update postgresql' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...