Lucene search

K
centosCentOS ProjectCESA-2010:0428
HistoryMay 21, 2010 - 10:22 p.m.

postgresql security update

2010-05-2122:22:02
CentOS Project
lists.centos.org
66

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

EPSS

0.956

Percentile

99.4%

CentOS Errata and Security Advisory CESA-2010:0428

PostgreSQL is an advanced object-relational database management system
(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the
Perl and Tcl languages, and are installed in trusted mode by default. In
trusted mode, certain operations, such as operating system level access,
are restricted.

A flaw was found in the way PostgreSQL enforced permission checks on
scripts written in PL/Perl. If the PL/Perl procedural language was
registered on a particular database, an authenticated database user running
a specially-crafted PL/Perl script could use this flaw to bypass intended
PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl
scripts with the privileges of the database server. (CVE-2010-1169)

Red Hat would like to thank Tim Bunce for responsibly reporting the
CVE-2010-1169 flaw.

A flaw was found in the way PostgreSQL enforced permission checks on
scripts written in PL/Tcl. If the PL/Tcl procedural language was registered
on a particular database, an authenticated database user running a
specially-crafted PL/Tcl script could use this flaw to bypass intended
PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl
scripts with the privileges of the database server. (CVE-2010-1170)

A buffer overflow flaw was found in the way PostgreSQL retrieved a
substring from the bit string for BIT() and BIT VARYING() SQL data types.
An authenticated database user running a specially-crafted SQL query could
use this flaw to cause a temporary denial of service (postgres daemon
crash) or, potentially, execute arbitrary code with the privileges of the
database server. (CVE-2010-0442)

An integer overflow flaw was found in the way PostgreSQL used to calculate
the size of the hash table for joined relations. An authenticated database
user could create a specially-crafted SQL query which could cause a
temporary denial of service (postgres daemon crash) or, potentially,
execute arbitrary code with the privileges of the database server.
(CVE-2010-0733)

PostgreSQL improperly protected session-local state during the execution of
an index function by a database superuser during the database maintenance
operations. An authenticated database user could use this flaw to elevate
their privileges via specially-crafted index functions. (CVE-2009-4136)

These packages upgrade PostgreSQL to version 7.4.29. Refer to the
PostgreSQL Release Notes for a list of changes:

http://www.postgresql.org/docs/7.4/static/release.html

All PostgreSQL users are advised to upgrade to these updated packages,
which correct these issues. If the postgresql service is running, it will
be automatically restarted after installing this update.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2010-May/078807.html
https://lists.centos.org/pipermail/centos-announce/2010-May/078808.html

Affected packages:
postgresql
postgresql-contrib
postgresql-devel
postgresql-docs
postgresql-jdbc
postgresql-libs
postgresql-pl
postgresql-python
postgresql-server
postgresql-tcl
postgresql-test

Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0428

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

EPSS

0.956

Percentile

99.4%