mod_auth_pgsql security update

ID CESA-2006:0164
Type centos
Reporter CentOS Project
Modified 2006-01-06T13:25:25


CentOS Errata and Security Advisory CESA-2006:0164

The mod_auth_pgsql package is an httpd module that allows user authentication against information stored in a PostgreSQL database.

Several format string flaws were found in the way mod_auth_pgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if mod_auth_pgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3656 to this issue.

Please note that this issue only affects servers which have mod_auth_pgsql installed and configured to perform user authentication against a PostgreSQL database.

All users of mod_auth_pgsql should upgrade to these updated packages, which contain a backported patch to resolve this issue.

This issue does not affect the mod_auth_pgsql package supplied with Red Hat Enterprise Linux 2.1.

Red Hat would like to thank iDefense for reporting this issue.

Merged security bulletin from advisories:

Affected packages: mod_auth_pgsql

Upstream details at: