postgresql, rh security update

ID CESA-2007:0064
Type centos
Reporter CentOS Project
Modified 2007-02-08T12:47:40


CentOS Errata and Security Advisory CESA-2007:0064

PostgreSQL is an advanced Object-Relational database management system (DBMS).

A flaw was found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit this issue (CVE-2007-0555).

A denial of service flaw was found affecting the PostgreSQL server running on Red Hat Enterprise Linux 4 systems. An authenticated user could execute an SQL command which could crash the PostgreSQL server. (CVE-2006-5540)

Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 7.4.16 or 7.3.18, which correct these issues.

Merged security bulletin from advisories:

Affected packages: postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-jdbc postgresql-libs postgresql-pl postgresql-python postgresql-server postgresql-tcl postgresql-test rh-postgresql rh-postgresql-contrib rh-postgresql-devel rh-postgresql-docs rh-postgresql-jdbc rh-postgresql-libs rh-postgresql-pl rh-postgresql-python rh-postgresql-server rh-postgresql-tcl rh-postgresql-test

Upstream details at: