Fedora alert FEDORA-2010-15954 (postgresql)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 12 Update: postgresql-8.4.5-1.fc12 | |
| Date: | Tue, 19 Oct 2010 07:19:06 +0000 | |
| Message-ID: | <20101019071906.4AE99111310@bastion02.phx2.fedoraproject.org> | |
| Archive‑link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-15954 2010-10-08 19:55:45 -------------------------------------------------------------------------------- Name : postgresql Product : Fedora 12 Version : 8.4.5 Release : 1.fc12 URL : http://www.postgresql.org/ Summary : PostgreSQL client programs Description : PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the docs in HTML for the whole package, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a local or remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. -------------------------------------------------------------------------------- Update Information: Update to PostgreSQL 8.4.5, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-5.html including the fix for CVE-2010-3433 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 5 2010 Tom Lane <tgl@redhat.com> 8.4.5-1 - Update to PostgreSQL 8.4.5, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-5.html including the fix for CVE-2010-3433 Related: #639371 * Mon May 17 2010 Tom Lane <tgl@redhat.com> 8.4.4-1 - Update to PostgreSQL 8.4.4, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-4.html including fixes for CVE-2010-1169 and CVE-2010-1170 Resolves: #593032 * Sun Mar 14 2010 Tom Lane <tgl@redhat.com> 8.4.3-1 - Update to PostgreSQL 8.4.3, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-3.html - Bring init script into some modicum of compliance with Fedora/LSB standards Resolves: #201043 - Emit explicit error message if user tries to build RPM as root Related: #558921 - Arrange for the postmaster, but not any of its child processes, to be run with oom_adj -17. This compensates for the OOM killer not being smart about accounting for shared memory usage. - Change %define to %global, per packaging guidelines * Thu Feb 18 2010 Tom "spot" Callaway <tcallawa@redhat.com> - adjust license tag to reflect OSI decision * Wed Dec 16 2009 Tom Lane <tgl@redhat.com> 8.4.2-1 - Update to PostgreSQL 8.4.2, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-2.html including two security issues Related: #546321 Related: #547662 - Use -N not the obsolete -n in useradd call Resolves: #495727 - Clean up specfile to eliminate rpmlint gripes, mainly by removing no-longer-needed provisions for superseding rh-postgresql - add sparc/sparc64 to multilib header support -------------------------------------------------------------------------------- References: [ 1 ] Bug #639371 - CVE-2010-3433 PostgreSQL (PL/Perl, PL/Tcl): SECURITY DEFINER function keyword bypass https://bugzilla.redhat.com/show_bug.cgi?id=639371 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update postgresql' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...