postgresql, rh security update

CentOS Errata and Security Advisory CESA-2007:0064

PostgreSQL is an advanced Object-Relational database management system
(DBMS).

A flaw was found in the way the PostgreSQL server handles certain
SQL-language functions. An authenticated user could execute a sequence of
commands which could crash the PostgreSQL server or possibly read from
arbitrary memory locations. A user would need to have permissions to drop
and add database tables to be able to exploit this issue (CVE-2007-0555).

A denial of service flaw was found affecting the PostgreSQL server running
on Red Hat Enterprise Linux 4 systems. An authenticated user could execute
an SQL command which could crash the PostgreSQL server. (CVE-2006-5540)

Users of PostgreSQL should upgrade to these updated packages containing
PostgreSQL version 7.4.16 or 7.3.18, which correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-February/075671.html
https://lists.centos.org/pipermail/centos-announce/2007-February/075672.html
https://lists.centos.org/pipermail/centos-announce/2007-February/075674.html
https://lists.centos.org/pipermail/centos-announce/2007-February/075676.html
https://lists.centos.org/pipermail/centos-announce/2007-February/075679.html
https://lists.centos.org/pipermail/centos-announce/2007-February/075680.html
https://lists.centos.org/pipermail/centos-announce/2007-February/075681.html
https://lists.centos.org/pipermail/centos-announce/2007-February/075682.html

Affected packages:
postgresql
postgresql-contrib
postgresql-devel
postgresql-docs
postgresql-jdbc
postgresql-libs
postgresql-pl
postgresql-python
postgresql-server
postgresql-tcl
postgresql-test
rh-postgresql
rh-postgresql-contrib
rh-postgresql-devel
rh-postgresql-docs
rh-postgresql-jdbc
rh-postgresql-libs
rh-postgresql-pl
rh-postgresql-python
rh-postgresql-server
rh-postgresql-tcl
rh-postgresql-test

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0064