Security Advisory Moderate: postgresql security update

Advisory: RHSA-2007:0068-4
Type: Security Advisory
Severity: Moderate
Issued on: 2007-03-14
Last updated on: 2007-03-14
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
OVAL: com.redhat.rhsa-20070068.xml
CVEs (cve.mitre.org): CVE-2006-5540
CVE-2006-5541
CVE-2006-5542
CVE-2007-0555
CVE-2007-0556

Details

Updated postgresql packages that fix several security issues are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

PostgreSQL is an advanced Object-Relational database management system
(DBMS).

Two flaws were found in the way the PostgreSQL server handles certain
SQL-language functions. An authenticated user could execute a sequence of
commands which could crash the PostgreSQL server or possibly read from
arbitrary memory locations. A user would need to have permissions to drop
and add database tables to be able to exploit these issues (CVE-2007-0555,
CVE-2007-0556).

Several denial of service flaws were found in the PostgreSQL server. An
authenticated user could execute certain SQL commands which could crash the
PostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542).

Users of PostgreSQL should upgrade to these updated packages containing
PostgreSQL version 8.1.8 which corrects these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
postgresql-8.1.8-1.el5.src.rpm
File outdated by:  RHSA-2009:1484		     cbe3803061100a0e21ae2fd662fa7eec
 
IA-32:
postgresql-devel-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     050dc905b012d3bb37aebeb0b35b28f3
postgresql-pl-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     637dc59b580445b6d75aea8f39afd485
postgresql-server-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     5c936348ca2b124bdc3fb1e71148a596
postgresql-test-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     5a97f19a7f509c5497cc6cb80dc4509b
 
x86_64:
postgresql-devel-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     050dc905b012d3bb37aebeb0b35b28f3
postgresql-devel-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     7aaa7f414d6e671f4968794850335fad
postgresql-pl-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     aa5b02ec78b80e448a372148dea67b7d
postgresql-server-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     bb0db5228c0a8ce2eb3041964221d55e
postgresql-test-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     02ed854afee1e8a3ea80c6e22d04e046
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
postgresql-8.1.8-1.el5.src.rpm
File outdated by:  RHSA-2009:1484		     cbe3803061100a0e21ae2fd662fa7eec
 
IA-32:
postgresql-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     b6db34e9da1560e8d87418b71316488b
postgresql-contrib-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     ab9966173a10d19568e58e18b1ea0f14
postgresql-devel-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     050dc905b012d3bb37aebeb0b35b28f3
postgresql-docs-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     09ea8f2dd49c03f536e55fe71cbfb765
postgresql-libs-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     4aa40a7562d94ff450525f5180e62634
postgresql-pl-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     637dc59b580445b6d75aea8f39afd485
postgresql-python-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     ef42f820e437712576af6a360c96dca9
postgresql-server-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     5c936348ca2b124bdc3fb1e71148a596
postgresql-tcl-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     a353d60a9972b8bbc04c81629776fe8e
postgresql-test-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     5a97f19a7f509c5497cc6cb80dc4509b
 
IA-64:
postgresql-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1484		     69b9f1aebf6e94690b80b83f5700debd
postgresql-contrib-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1484		     4443f12ea700f736cae4573ee71535d9
postgresql-devel-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1484		     28e491bc8660859a6e2aa1bbb46786f1
postgresql-docs-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1484		     88416d3c56adf49a917d51e2b91ea7c3
postgresql-libs-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     4aa40a7562d94ff450525f5180e62634
postgresql-libs-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1484		     c4b91e856696f5323b841b408e46ba83
postgresql-pl-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1484		     ed7b489614fd4528a67b13141bcaf1fc
postgresql-python-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1484		     10c6a0917434ef8d67ddad76b1b44206
postgresql-server-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1484		     8fa5384e95f449d23d2de200db0f7cfb
postgresql-tcl-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1484		     070894787ea2b1b13631cabf482fbd3a
postgresql-test-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1484		     1342f6611941d28abcdf3ba8d0a0e784
 
PPC:
postgresql-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1484		     d1c81aa14ae57ffec2680083752f42e6
postgresql-contrib-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1484		     4778d8e5d47fee840bb5a4b3aa042e11
postgresql-devel-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1484		     d0032a7370c9167cae64c67e0f7ea6d6
postgresql-devel-8.1.8-1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1484		     c51291a491ebfece7db693fd81de862c
postgresql-docs-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1484		     970f6d985d97a9b6e313c4ef40adc5f6
postgresql-libs-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1484		     fd4110388418d06d7e3302d0881b76a5
postgresql-libs-8.1.8-1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1484		     af622184701cc32ba37e8710ab234c67
postgresql-pl-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1484		     fab13773ae902a2aa7801b84b6fd7d33
postgresql-python-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1484		     d426d7d3c0bba88422ef8da2998df468
postgresql-server-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1484		     5ca4d52df094f4fa4676def66b826c30
postgresql-tcl-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1484		     eb8c8530bc6578c6e7d58e6b3de77c17
postgresql-test-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1484		     9487fc3b6de353d30641adb5a11e0895
 
s390x:
postgresql-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1484		     71c539c818352c876dbe70e7fc305bc1
postgresql-contrib-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1484		     a9bdf4729d164014bcd2e5a4c8fdbffa
postgresql-devel-8.1.8-1.el5.s390.rpm
File outdated by:  RHSA-2009:1484		     d6236894072cf2649dd916bb4044ae62
postgresql-devel-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1484		     a5fc3740d1445473487aa0cbfe0285b5
postgresql-docs-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1484		     d707b3dce1cc3e989cb3e47e3f27eb78
postgresql-libs-8.1.8-1.el5.s390.rpm
File outdated by:  RHSA-2009:1484		     8a3a7d2384f7346da82db6106c095eb8
postgresql-libs-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1484		     d9043731e0db99f22064f18f486bd245
postgresql-pl-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1484		     919619f0ff7e97311f6f708c981b0a66
postgresql-python-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1484		     004f7fac0d588cf7210b6b3df88932e6
postgresql-server-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1484		     2693a4e47fedb583056d8ff827632b43
postgresql-tcl-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1484		     9ce9c223645d83f3444badda7e9e0a57
postgresql-test-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1484		     4d668df9c8c905bdd83f2ab05b653df3
 
x86_64:
postgresql-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     71580dff758d16cb17f2e8eb35e753fa
postgresql-contrib-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     757e8ddce97ada5ac9b60c2d464e2482
postgresql-devel-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     050dc905b012d3bb37aebeb0b35b28f3
postgresql-devel-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     7aaa7f414d6e671f4968794850335fad
postgresql-docs-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     e41349d11f081cc57019c748e4a4575a
postgresql-libs-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     4aa40a7562d94ff450525f5180e62634
postgresql-libs-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     efe6c80e7a5e02930f7caba1aa85f958
postgresql-pl-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     aa5b02ec78b80e448a372148dea67b7d
postgresql-python-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     7ca63d34b6c49493b8649f9513002bc9
postgresql-server-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     bb0db5228c0a8ce2eb3041964221d55e
postgresql-tcl-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     45685367b978f4994a0537cc883eba06
postgresql-test-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     02ed854afee1e8a3ea80c6e22d04e046
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
postgresql-8.1.8-1.el5.src.rpm
File outdated by:  RHSA-2009:1484		     cbe3803061100a0e21ae2fd662fa7eec
 
IA-32:
postgresql-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     b6db34e9da1560e8d87418b71316488b
postgresql-contrib-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     ab9966173a10d19568e58e18b1ea0f14
postgresql-docs-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     09ea8f2dd49c03f536e55fe71cbfb765
postgresql-libs-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     4aa40a7562d94ff450525f5180e62634
postgresql-python-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     ef42f820e437712576af6a360c96dca9
postgresql-tcl-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     a353d60a9972b8bbc04c81629776fe8e
 
x86_64:
postgresql-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     71580dff758d16cb17f2e8eb35e753fa
postgresql-contrib-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     757e8ddce97ada5ac9b60c2d464e2482
postgresql-docs-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     e41349d11f081cc57019c748e4a4575a
postgresql-libs-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2009:1484		     4aa40a7562d94ff450525f5180e62634
postgresql-libs-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     efe6c80e7a5e02930f7caba1aa85f958
postgresql-python-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     7ca63d34b6c49493b8649f9513002bc9
postgresql-tcl-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1484		     45685367b978f4994a0537cc883eba06
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

216411 - CVE-2006-5540 New version fixes three different crash vulnerabilities (CVE-2006-5541 CVE-2006-5542)
225496 - CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556)
227688 - Attribute type error when updating varchar column


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/