(RHSA-2005:150) postgresql security update

2005-02-1600:00:00

access.redhat.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.684 Medium

EPSS

Percentile

97.7%

JSON

PostgreSQL is an advanced Object-Relational database management system
(DBMS).

A flaw in the LOAD command in PostgreSQL was discovered. A local user
could use this flaw to load arbitrary shared libraries and therefore
execute arbitrary code, gaining the privileges of the PostgreSQL server.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0227 to this issue.

Multiple buffer overflows were found in PL/PgSQL. A database user who has
permissions to create plpgsql functions could trigger this flaw which could
lead to arbitrary code execution, gaining the privileges of the PostgreSQL
server. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CAN-2005-0245 and CAN-2005-0247 to these issues.

Users of PostgreSQL are advised to update to these erratum packages which
are not vulnerable to these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanyi386postgresql-server< 7.1.3-6.rhel2.1ASpostgresql-server-7.1.3-6.rhel2.1AS.i386.rpm
RedHatanyia64postgresql-odbc< 7.1.3-6.rhel2.1ASpostgresql-odbc-7.1.3-6.rhel2.1AS.ia64.rpm
RedHatanyia64postgresql-contrib< 7.1.3-6.rhel2.1ASpostgresql-contrib-7.1.3-6.rhel2.1AS.ia64.rpm
RedHatanyi386postgresql< 7.1.3-6.rhel2.1ASpostgresql-7.1.3-6.rhel2.1AS.i386.rpm
RedHatanyi386postgresql-jdbc< 7.1.3-6.rhel2.1ASpostgresql-jdbc-7.1.3-6.rhel2.1AS.i386.rpm
RedHatanyi386postgresql-tk< 7.1.3-6.rhel2.1ASpostgresql-tk-7.1.3-6.rhel2.1AS.i386.rpm
RedHatanyi386postgresql-contrib< 7.1.3-6.rhel2.1ASpostgresql-contrib-7.1.3-6.rhel2.1AS.i386.rpm
RedHatanyia64postgresql-devel< 7.1.3-6.rhel2.1ASpostgresql-devel-7.1.3-6.rhel2.1AS.ia64.rpm
RedHatanyia64postgresql-tcl< 7.1.3-6.rhel2.1ASpostgresql-tcl-7.1.3-6.rhel2.1AS.ia64.rpm
RedHatanyia64postgresql-test< 7.1.3-6.rhel2.1ASpostgresql-test-7.1.3-6.rhel2.1AS.ia64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	i386	postgresql-server	< 7.1.3-6.rhel2.1AS	postgresql-server-7.1.3-6.rhel2.1AS.i386.rpm
RedHat	any	ia64	postgresql-odbc	< 7.1.3-6.rhel2.1AS	postgresql-odbc-7.1.3-6.rhel2.1AS.ia64.rpm
RedHat	any	ia64	postgresql-contrib	< 7.1.3-6.rhel2.1AS	postgresql-contrib-7.1.3-6.rhel2.1AS.ia64.rpm
RedHat	any	i386	postgresql	< 7.1.3-6.rhel2.1AS	postgresql-7.1.3-6.rhel2.1AS.i386.rpm
RedHat	any	i386	postgresql-jdbc	< 7.1.3-6.rhel2.1AS	postgresql-jdbc-7.1.3-6.rhel2.1AS.i386.rpm
RedHat	any	i386	postgresql-tk	< 7.1.3-6.rhel2.1AS	postgresql-tk-7.1.3-6.rhel2.1AS.i386.rpm
RedHat	any	i386	postgresql-contrib	< 7.1.3-6.rhel2.1AS	postgresql-contrib-7.1.3-6.rhel2.1AS.i386.rpm
RedHat	any	ia64	postgresql-devel	< 7.1.3-6.rhel2.1AS	postgresql-devel-7.1.3-6.rhel2.1AS.ia64.rpm
RedHat	any	ia64	postgresql-tcl	< 7.1.3-6.rhel2.1AS	postgresql-tcl-7.1.3-6.rhel2.1AS.ia64.rpm
RedHat	any	ia64	postgresql-test	< 7.1.3-6.rhel2.1AS	postgresql-test-7.1.3-6.rhel2.1AS.ia64.rpm