Articles / Red Hat: Updated postgresql…

Red Hat: Updated postgresql packages fix several security issues

PostgreSQL is an advanced Object-Relational database management system (DBMS). Two flaws were found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit these issues. Several denial of service flaws were found in the PostgreSQL server. An authenticated user could execute certain SQL commands which could crash the PostgreSQL server. Fixed packages are available from updates.redhat.com.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: postgresql security update
Advisory ID:       RHSA-2007:0068-02
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0068.html
Issue date:        2007-03-14
Updated on:        2007-03-14
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-5540 CVE-2006-5541 CVE-2006-5542 
                   CVE-2007-0555 CVE-2007-0556 
- ---------------------------------------------------------------------

1. Summary:

Updated postgresql packages that fix several security issues are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

PostgreSQL is an advanced Object-Relational database management system
(DBMS).

Two flaws were found in the way the PostgreSQL server handles certain
SQL-language functions. An authenticated user could execute a sequence of
commands which could crash the PostgreSQL server or possibly read from
arbitrary memory locations. A user would need to have permissions to drop
and add database tables to be able to exploit these issues (CVE-2007-0555,
CVE-2007-0556).

Several denial of service flaws were found in the PostgreSQL server.  An
authenticated user could execute certain SQL commands which could crash the
PostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542).

Users of PostgreSQL should upgrade to these updated packages containing
PostgreSQL version 8.1.8 which corrects these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188


5. Bug IDs fixed (http://bugzilla.redhat.com/):

216411 - CVE-2006-5540 New version fixes three different crash vulnerabilities (CVE-2006-5541 CVE-2006-5542)
225496 - CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556)
227688 - Attribute type error when updating varchar column

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.8-1.el5.src.rpm
cbe3803061100a0e21ae2fd662fa7eec  postgresql-8.1.8-1.el5.src.rpm

i386:
b6db34e9da1560e8d87418b71316488b  postgresql-8.1.8-1.el5.i386.rpm
ab9966173a10d19568e58e18b1ea0f14  postgresql-contrib-8.1.8-1.el5.i386.rpm
1c3e5af7702d47f7ef9c7f0fb28fc3c3  postgresql-debuginfo-8.1.8-1.el5.i386.rpm
09ea8f2dd49c03f536e55fe71cbfb765  postgresql-docs-8.1.8-1.el5.i386.rpm
4aa40a7562d94ff450525f5180e62634  postgresql-libs-8.1.8-1.el5.i386.rpm
ef42f820e437712576af6a360c96dca9  postgresql-python-8.1.8-1.el5.i386.rpm
a353d60a9972b8bbc04c81629776fe8e  postgresql-tcl-8.1.8-1.el5.i386.rpm

x86_64:
71580dff758d16cb17f2e8eb35e753fa  postgresql-8.1.8-1.el5.x86_64.rpm
757e8ddce97ada5ac9b60c2d464e2482  postgresql-contrib-8.1.8-1.el5.x86_64.rpm
1c3e5af7702d47f7ef9c7f0fb28fc3c3  postgresql-debuginfo-8.1.8-1.el5.i386.rpm
1d3eaf63b87efaec54bb380faa0b6af8  postgresql-debuginfo-8.1.8-1.el5.x86_64.rpm
e41349d11f081cc57019c748e4a4575a  postgresql-docs-8.1.8-1.el5.x86_64.rpm
4aa40a7562d94ff450525f5180e62634  postgresql-libs-8.1.8-1.el5.i386.rpm
efe6c80e7a5e02930f7caba1aa85f958  postgresql-libs-8.1.8-1.el5.x86_64.rpm
7ca63d34b6c49493b8649f9513002bc9  postgresql-python-8.1.8-1.el5.x86_64.rpm
45685367b978f4994a0537cc883eba06  postgresql-tcl-8.1.8-1.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.8-1.el5.src.rpm
cbe3803061100a0e21ae2fd662fa7eec  postgresql-8.1.8-1.el5.src.rpm

i386:
1c3e5af7702d47f7ef9c7f0fb28fc3c3  postgresql-debuginfo-8.1.8-1.el5.i386.rpm
050dc905b012d3bb37aebeb0b35b28f3  postgresql-devel-8.1.8-1.el5.i386.rpm
637dc59b580445b6d75aea8f39afd485  postgresql-pl-8.1.8-1.el5.i386.rpm
5c936348ca2b124bdc3fb1e71148a596  postgresql-server-8.1.8-1.el5.i386.rpm
5a97f19a7f509c5497cc6cb80dc4509b  postgresql-test-8.1.8-1.el5.i386.rpm

x86_64:
1c3e5af7702d47f7ef9c7f0fb28fc3c3  postgresql-debuginfo-8.1.8-1.el5.i386.rpm
1d3eaf63b87efaec54bb380faa0b6af8  postgresql-debuginfo-8.1.8-1.el5.x86_64.rpm
050dc905b012d3bb37aebeb0b35b28f3  postgresql-devel-8.1.8-1.el5.i386.rpm
7aaa7f414d6e671f4968794850335fad  postgresql-devel-8.1.8-1.el5.x86_64.rpm
aa5b02ec78b80e448a372148dea67b7d  postgresql-pl-8.1.8-1.el5.x86_64.rpm
bb0db5228c0a8ce2eb3041964221d55e  postgresql-server-8.1.8-1.el5.x86_64.rpm
02ed854afee1e8a3ea80c6e22d04e046  postgresql-test-8.1.8-1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postgresql-8.1.8-1.el5.src.rpm
cbe3803061100a0e21ae2fd662fa7eec  postgresql-8.1.8-1.el5.src.rpm

i386:
b6db34e9da1560e8d87418b71316488b  postgresql-8.1.8-1.el5.i386.rpm
ab9966173a10d19568e58e18b1ea0f14  postgresql-contrib-8.1.8-1.el5.i386.rpm
1c3e5af7702d47f7ef9c7f0fb28fc3c3  postgresql-debuginfo-8.1.8-1.el5.i386.rpm
050dc905b012d3bb37aebeb0b35b28f3  postgresql-devel-8.1.8-1.el5.i386.rpm
09ea8f2dd49c03f536e55fe71cbfb765  postgresql-docs-8.1.8-1.el5.i386.rpm
4aa40a7562d94ff450525f5180e62634  postgresql-libs-8.1.8-1.el5.i386.rpm
637dc59b580445b6d75aea8f39afd485  postgresql-pl-8.1.8-1.el5.i386.rpm
ef42f820e437712576af6a360c96dca9  postgresql-python-8.1.8-1.el5.i386.rpm
5c936348ca2b124bdc3fb1e71148a596  postgresql-server-8.1.8-1.el5.i386.rpm
a353d60a9972b8bbc04c81629776fe8e  postgresql-tcl-8.1.8-1.el5.i386.rpm
5a97f19a7f509c5497cc6cb80dc4509b  postgresql-test-8.1.8-1.el5.i386.rpm

ia64:
69b9f1aebf6e94690b80b83f5700debd  postgresql-8.1.8-1.el5.ia64.rpm
4443f12ea700f736cae4573ee71535d9  postgresql-contrib-8.1.8-1.el5.ia64.rpm
1c3e5af7702d47f7ef9c7f0fb28fc3c3  postgresql-debuginfo-8.1.8-1.el5.i386.rpm
9f6166066c76dbf5b8e80a5df4f1306d  postgresql-debuginfo-8.1.8-1.el5.ia64.rpm
28e491bc8660859a6e2aa1bbb46786f1  postgresql-devel-8.1.8-1.el5.ia64.rpm
88416d3c56adf49a917d51e2b91ea7c3  postgresql-docs-8.1.8-1.el5.ia64.rpm
4aa40a7562d94ff450525f5180e62634  postgresql-libs-8.1.8-1.el5.i386.rpm
c4b91e856696f5323b841b408e46ba83  postgresql-libs-8.1.8-1.el5.ia64.rpm
ed7b489614fd4528a67b13141bcaf1fc  postgresql-pl-8.1.8-1.el5.ia64.rpm
10c6a0917434ef8d67ddad76b1b44206  postgresql-python-8.1.8-1.el5.ia64.rpm
8fa5384e95f449d23d2de200db0f7cfb  postgresql-server-8.1.8-1.el5.ia64.rpm
070894787ea2b1b13631cabf482fbd3a  postgresql-tcl-8.1.8-1.el5.ia64.rpm
1342f6611941d28abcdf3ba8d0a0e784  postgresql-test-8.1.8-1.el5.ia64.rpm

ppc:
d1c81aa14ae57ffec2680083752f42e6  postgresql-8.1.8-1.el5.ppc.rpm
4778d8e5d47fee840bb5a4b3aa042e11  postgresql-contrib-8.1.8-1.el5.ppc.rpm
7b2a14f3f31631edb91186b64e00f758  postgresql-debuginfo-8.1.8-1.el5.ppc.rpm
651dfd132da8213c6725f6917a6ee2ad  postgresql-debuginfo-8.1.8-1.el5.ppc64.rpm
d0032a7370c9167cae64c67e0f7ea6d6  postgresql-devel-8.1.8-1.el5.ppc.rpm
c51291a491ebfece7db693fd81de862c  postgresql-devel-8.1.8-1.el5.ppc64.rpm
970f6d985d97a9b6e313c4ef40adc5f6  postgresql-docs-8.1.8-1.el5.ppc.rpm
fd4110388418d06d7e3302d0881b76a5  postgresql-libs-8.1.8-1.el5.ppc.rpm
af622184701cc32ba37e8710ab234c67  postgresql-libs-8.1.8-1.el5.ppc64.rpm
fab13773ae902a2aa7801b84b6fd7d33  postgresql-pl-8.1.8-1.el5.ppc.rpm
d426d7d3c0bba88422ef8da2998df468  postgresql-python-8.1.8-1.el5.ppc.rpm
5ca4d52df094f4fa4676def66b826c30  postgresql-server-8.1.8-1.el5.ppc.rpm
eb8c8530bc6578c6e7d58e6b3de77c17  postgresql-tcl-8.1.8-1.el5.ppc.rpm
9487fc3b6de353d30641adb5a11e0895  postgresql-test-8.1.8-1.el5.ppc.rpm

s390x:
71c539c818352c876dbe70e7fc305bc1  postgresql-8.1.8-1.el5.s390x.rpm
a9bdf4729d164014bcd2e5a4c8fdbffa  postgresql-contrib-8.1.8-1.el5.s390x.rpm
143edfcf968dd6b5565794e415bdd0d2  postgresql-debuginfo-8.1.8-1.el5.s390.rpm
5b68a77f30db1d0f4527cff8a4ea2034  postgresql-debuginfo-8.1.8-1.el5.s390x.rpm
d6236894072cf2649dd916bb4044ae62  postgresql-devel-8.1.8-1.el5.s390.rpm
a5fc3740d1445473487aa0cbfe0285b5  postgresql-devel-8.1.8-1.el5.s390x.rpm
d707b3dce1cc3e989cb3e47e3f27eb78  postgresql-docs-8.1.8-1.el5.s390x.rpm
8a3a7d2384f7346da82db6106c095eb8  postgresql-libs-8.1.8-1.el5.s390.rpm
d9043731e0db99f22064f18f486bd245  postgresql-libs-8.1.8-1.el5.s390x.rpm
919619f0ff7e97311f6f708c981b0a66  postgresql-pl-8.1.8-1.el5.s390x.rpm
004f7fac0d588cf7210b6b3df88932e6  postgresql-python-8.1.8-1.el5.s390x.rpm
2693a4e47fedb583056d8ff827632b43  postgresql-server-8.1.8-1.el5.s390x.rpm
9ce9c223645d83f3444badda7e9e0a57  postgresql-tcl-8.1.8-1.el5.s390x.rpm
4d668df9c8c905bdd83f2ab05b653df3  postgresql-test-8.1.8-1.el5.s390x.rpm

x86_64:
71580dff758d16cb17f2e8eb35e753fa  postgresql-8.1.8-1.el5.x86_64.rpm
757e8ddce97ada5ac9b60c2d464e2482  postgresql-contrib-8.1.8-1.el5.x86_64.rpm
1c3e5af7702d47f7ef9c7f0fb28fc3c3  postgresql-debuginfo-8.1.8-1.el5.i386.rpm
1d3eaf63b87efaec54bb380faa0b6af8  postgresql-debuginfo-8.1.8-1.el5.x86_64.rpm
050dc905b012d3bb37aebeb0b35b28f3  postgresql-devel-8.1.8-1.el5.i386.rpm
7aaa7f414d6e671f4968794850335fad  postgresql-devel-8.1.8-1.el5.x86_64.rpm
e41349d11f081cc57019c748e4a4575a  postgresql-docs-8.1.8-1.el5.x86_64.rpm
4aa40a7562d94ff450525f5180e62634  postgresql-libs-8.1.8-1.el5.i386.rpm
efe6c80e7a5e02930f7caba1aa85f958  postgresql-libs-8.1.8-1.el5.x86_64.rpm
aa5b02ec78b80e448a372148dea67b7d  postgresql-pl-8.1.8-1.el5.x86_64.rpm
7ca63d34b6c49493b8649f9513002bc9  postgresql-python-8.1.8-1.el5.x86_64.rpm
bb0db5228c0a8ce2eb3041964221d55e  postgresql-server-8.1.8-1.el5.x86_64.rpm
45685367b978f4994a0537cc883eba06  postgresql-tcl-8.1.8-1.el5.x86_64.rpm
02ed854afee1e8a3ea80c6e22d04e046  postgresql-test-8.1.8-1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFF+BZtXlSAg2UNWIIRAkwQAKCEF/EepXvMFDfi/wJ+E+n/e0kPHACgrP/y
dVfBAriw99LG3NHjLY5cAso=
=o430
-----END PGP SIGNATURE-----
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.