postgresql, rh security update

2007-02-07T23:16:48
ID CESA-2007:0064
Type centos
Reporter CentOS Project
Modified 2007-02-08T12:47:40

Description

CentOS Errata and Security Advisory CESA-2007:0064

PostgreSQL is an advanced Object-Relational database management system (DBMS).

A flaw was found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit this issue (CVE-2007-0555).

A denial of service flaw was found affecting the PostgreSQL server running on Red Hat Enterprise Linux 4 systems. An authenticated user could execute an SQL command which could crash the PostgreSQL server. (CVE-2006-5540)

Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 7.4.16 or 7.3.18, which correct these issues.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2007-February/025547.html http://lists.centos.org/pipermail/centos-announce/2007-February/025548.html http://lists.centos.org/pipermail/centos-announce/2007-February/025550.html http://lists.centos.org/pipermail/centos-announce/2007-February/025552.html http://lists.centos.org/pipermail/centos-announce/2007-February/025555.html http://lists.centos.org/pipermail/centos-announce/2007-February/025556.html http://lists.centos.org/pipermail/centos-announce/2007-February/025557.html http://lists.centos.org/pipermail/centos-announce/2007-February/025558.html

Affected packages: postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-jdbc postgresql-libs postgresql-pl postgresql-python postgresql-server postgresql-tcl postgresql-test rh-postgresql rh-postgresql-contrib rh-postgresql-devel rh-postgresql-docs rh-postgresql-jdbc rh-postgresql-libs rh-postgresql-pl rh-postgresql-python rh-postgresql-server rh-postgresql-tcl rh-postgresql-test

Upstream details at: https://rhn.redhat.com/errata/RHSA-2007-0064.html