Skip to navigation

Security Advisory Moderate: postgresql security update

Advisory: RHSA-2010:0429-1
Type: Security Advisory
Severity: Moderate
Issued on: 2010-05-19
Last updated on: 2010-05-19
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2009-4136
CVE-2010-0442
CVE-2010-0733
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975

Details

Updated postgresql packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

PostgreSQL is an advanced object-relational database management system
(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the
Perl and Tcl languages, and are installed in trusted mode by default. In
trusted mode, certain operations, such as operating system level access,
are restricted.

A flaw was found in the way PostgreSQL enforced permission checks on
scripts written in PL/Perl. If the PL/Perl procedural language was
registered on a particular database, an authenticated database user running
a specially-crafted PL/Perl script could use this flaw to bypass intended
PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl
scripts with the privileges of the database server. (CVE-2010-1169)

Red Hat would like to thank Tim Bunce for responsibly reporting the
CVE-2010-1169 flaw.

A flaw was found in the way PostgreSQL enforced permission checks on
scripts written in PL/Tcl. If the PL/Tcl procedural language was registered
on a particular database, an authenticated database user running a
specially-crafted PL/Tcl script could use this flaw to bypass intended
PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl
scripts with the privileges of the database server. (CVE-2010-1170)

A buffer overflow flaw was found in the way PostgreSQL retrieved a
substring from the bit string for BIT() and BIT VARYING() SQL data types.
An authenticated database user running a specially-crafted SQL query could
use this flaw to cause a temporary denial of service (postgres daemon
crash) or, potentially, execute arbitrary code with the privileges of the
database server. (CVE-2010-0442)

An integer overflow flaw was found in the way PostgreSQL used to calculate
the size of the hash table for joined relations. An authenticated database
user could create a specially-crafted SQL query which could cause a
temporary denial of service (postgres daemon crash) or, potentially,
execute arbitrary code with the privileges of the database server.
(CVE-2010-0733)

PostgreSQL improperly protected session-local state during the execution of
an index function by a database superuser during the database maintenance
operations. An authenticated database user could use this flaw to elevate
their privileges via specially-crafted index functions. (CVE-2009-4136)

These packages upgrade PostgreSQL to version 8.1.21. Refer to the
PostgreSQL Release Notes for a list of changes:

http://www.postgresql.org/docs/8.1/static/release.html

All PostgreSQL users are advised to upgrade to these updated packages,
which correct these issues. If the postgresql service is running, it will
be automatically restarted after installing this update.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
postgresql-8.1.21-1.el5_5.1.src.rpm
File outdated by:  RHSA-2012:1264		     MD5: 93150705c1693074e86748f1b92f8e1c
SHA-256: ea647c1aa56e0375e304d348d015e51f2f435f4b951c3c65a212fd4cc430eda7
 
IA-32:
postgresql-devel-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: 81b1dc417f380c94a123f58dd71fee11
SHA-256: de6a5c4126ea6bf9eafcaaad0a8532e7b4c8dd1f289d2b4820eab224fd0b5c09
postgresql-pl-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: 822c0c2f5ef27419dae0417953f3764e
SHA-256: 3e1b318582aa3557ce51e9952ca9e116e1fca91c4ade60bfbf70c3d3e872b62b
postgresql-server-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: 9693346f54959eda009069ef1be7af8c
SHA-256: 364e2d7a700ae7eab8b81c25fd3b128ac31cdc0193402d1391898dcc93b0ea20
postgresql-test-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: 64ffc7113e24f9a2ee7340f9e78125da
SHA-256: e3be57e4ce6ba4042d594bda0cfb214a842d25bce15ab6117f6c862f5d6e2154
 
x86_64:
postgresql-devel-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: 81b1dc417f380c94a123f58dd71fee11
SHA-256: de6a5c4126ea6bf9eafcaaad0a8532e7b4c8dd1f289d2b4820eab224fd0b5c09
postgresql-devel-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 5c8c82df70e44baee73815de1fad6123
SHA-256: 336830b454821f4bb491ada08ad6f34f1f7ea360d79e2601a2897c955b0e597a
postgresql-pl-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 59efb06ca02b9730eb72265133633c27
SHA-256: cd71594f8a9ceeebb267c5124b4abb85e7ea1442b55d8dc44c1a8178b818e478
postgresql-server-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 17eda78ca1f85b6b12b2442f56793d5f
SHA-256: e03a11238ec913c69f6a7e90f4a4a974465c6cf74e383824c3185c27cdc2e72b
postgresql-test-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: b20c3f821feb149e526de8723558e452
SHA-256: 161ebb75458c8ac8756d188f94b0cac9d6b8fb07371c8491f7985c4cf3be4a4d
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
postgresql-8.1.21-1.el5_5.1.src.rpm
File outdated by:  RHSA-2012:1264		     MD5: 93150705c1693074e86748f1b92f8e1c
SHA-256: ea647c1aa56e0375e304d348d015e51f2f435f4b951c3c65a212fd4cc430eda7
 
IA-32:
postgresql-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: bf533a93a015671c6ffe43d3579b4b77
SHA-256: 893cacad99dbcbef34d7bca100e4ea6e09de4f99251f3fe89276c2dc5e6fcf9f
postgresql-contrib-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: e7cf3d1f837bf53205f5464de6653582
SHA-256: ff4636980df969347817c86eafe11f1b8153c35c0cf4ea64a96bdcba0be73a04
postgresql-devel-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: 81b1dc417f380c94a123f58dd71fee11
SHA-256: de6a5c4126ea6bf9eafcaaad0a8532e7b4c8dd1f289d2b4820eab224fd0b5c09
postgresql-docs-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: 52c3c255b04b155557b143e6ae00f072
SHA-256: 9c0c2c27dfb8105535bacfead3cb2d3b698fb523b5b98ff5e12c6eb2c639d914
postgresql-libs-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: e719c0a913f97e9ac9cf9dc3070f042d
SHA-256: 3e9091ca8d512784933cc5763f24d0fde52c04d0f428e59111771821acd11cd2
postgresql-pl-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: 822c0c2f5ef27419dae0417953f3764e
SHA-256: 3e1b318582aa3557ce51e9952ca9e116e1fca91c4ade60bfbf70c3d3e872b62b
postgresql-python-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: eeb374ee7ccba988583b0062aa248949
SHA-256: 01afd089926508d7440fb3b2b900e8e4ddd9127dae518fb613621ac4b5442ed8
postgresql-server-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: 9693346f54959eda009069ef1be7af8c
SHA-256: 364e2d7a700ae7eab8b81c25fd3b128ac31cdc0193402d1391898dcc93b0ea20
postgresql-tcl-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: 125b828660899ff09a58213fe1f4df9d
SHA-256: a8c98595f186653a6678c123bdb556329332a70f58a80f18e99f399d6ba5eb27
postgresql-test-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: 64ffc7113e24f9a2ee7340f9e78125da
SHA-256: e3be57e4ce6ba4042d594bda0cfb214a842d25bce15ab6117f6c862f5d6e2154
 
IA-64:
postgresql-8.1.21-1.el5_5.1.ia64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 613f289e1830565ce99fa39ca8d452db
SHA-256: 8aea380c61cc0d7009a99676c3ae36c59a2f2b0c47b13a093506bd9cb1e2213a
postgresql-contrib-8.1.21-1.el5_5.1.ia64.rpm
File outdated by:  RHSA-2012:1264		     MD5: d2d67a2cf496071b3a0b3281f12c2dfe
SHA-256: 62dd4fe6faa5a6fc30c648ff06b6f6db1ec6dc743f1eb7756e1f647883a52da6
postgresql-devel-8.1.21-1.el5_5.1.ia64.rpm
File outdated by:  RHSA-2012:1264		     MD5: fcb61c1500142674cd8dfb7170b9bb7d
SHA-256: 37cca3be51c7291ca1fc0b1af36ff76ebdb3a2d2681ef3a58c2b2ab619dd8244
postgresql-docs-8.1.21-1.el5_5.1.ia64.rpm
File outdated by:  RHSA-2012:1264		     MD5: c161620778b0d16804dcb45119fd8caf
SHA-256: f5d0722c33e1c487af048e2dd117eef9d5a934737322017b187269525b929250
postgresql-libs-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: e719c0a913f97e9ac9cf9dc3070f042d
SHA-256: 3e9091ca8d512784933cc5763f24d0fde52c04d0f428e59111771821acd11cd2
postgresql-libs-8.1.21-1.el5_5.1.ia64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 785a1f6369a67e094b0c3cd93de09d07
SHA-256: bfc45f2436dbb6eb1c77225894a5814f75e079feaddc65f33dce2e328ea0bdd0
postgresql-pl-8.1.21-1.el5_5.1.ia64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 04630aff2ac515d5fce55bcad4718536
SHA-256: ee98e28c704ebffda2a8f026aa39e38b9aad0a2ff763469b8e0121604be15496
postgresql-python-8.1.21-1.el5_5.1.ia64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 84a81d978bdcb0bad7334bf51b6fbe2c
SHA-256: d6d3406d700270e5ba05c38219a4d9e1ad39297dc45d5bb7a3a14af97051b8bb
postgresql-server-8.1.21-1.el5_5.1.ia64.rpm
File outdated by:  RHSA-2012:1264		     MD5: ceeb51b31f565492e1799835f57001fb
SHA-256: 46742bc97fed9b82dfcf6f75597b6177342d7704a94fab0e8edf595a6df2d38b
postgresql-tcl-8.1.21-1.el5_5.1.ia64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 450f30d94d0a40c79b6c9411ad5904ab
SHA-256: dff560331978e315a94d25f92700291c663163d06d1e918bcdea3b41641c48d4
postgresql-test-8.1.21-1.el5_5.1.ia64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 086f26c57072687b56ddf3872c7be17c
SHA-256: feae4f22f5415fb639224360aa45029496860fb890bcb58c1f63de887ba4eb41
 
PPC:
postgresql-8.1.21-1.el5_5.1.ppc.rpm
File outdated by:  RHSA-2012:1264		     MD5: 380a7466cc2d42bfe7592b944cee4078
SHA-256: 20b0a43a88dd6e6c3887714e2dc8a440bd5032817319ae1a0e364c632875b72e
postgresql-8.1.21-1.el5_5.1.ppc64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 414bde66f270175451ba7a9d199f9d82
SHA-256: 48af8bfad22a3ff53fe8d4d2c2060a42b9a701906342ea81c438c705e3539aed
postgresql-contrib-8.1.21-1.el5_5.1.ppc.rpm
File outdated by:  RHSA-2012:1264		     MD5: 54b3ba7afdbbed3e1057209bcce8b3d5
SHA-256: f5f0f155b49f6dcb9803437fc135986b0f06cc66ef6fd446a735e99686d0dbef
postgresql-devel-8.1.21-1.el5_5.1.ppc.rpm
File outdated by:  RHSA-2012:1264		     MD5: 4fa25324aee71ee17755e98f2800820d
SHA-256: 58b2782601a6f9021571bc41935029909994cf84ce888f3621c7c54e19df81fd
postgresql-devel-8.1.21-1.el5_5.1.ppc64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 804ad860151fb1b7e1e96c2837d78355
SHA-256: c15fc684be4a79c227ea4f3df0eb048d581e963ff24c1384309b624415e6936a
postgresql-docs-8.1.21-1.el5_5.1.ppc.rpm
File outdated by:  RHSA-2012:1264		     MD5: 908efead0340353f9fb178f2a86d6a29
SHA-256: 369abc34b44b89613fbf7133ca6d6054e4c5dd518bd708fb2f7096812f986f42
postgresql-libs-8.1.21-1.el5_5.1.ppc.rpm
File outdated by:  RHSA-2012:1264		     MD5: 8ce8a686276753df828eb01482f98bb1
SHA-256: a681f6c1d966722720649538fca5a2cb9d0668853847b1081b9eea1a22bdc92a
postgresql-libs-8.1.21-1.el5_5.1.ppc64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 418a54e827f6ccf97aafca2ef1ad950a
SHA-256: da3f9f9dfaa0629ecf6dd2b4d987e117bae60e2197e8c8a63fd1437d2158d7f3
postgresql-pl-8.1.21-1.el5_5.1.ppc.rpm
File outdated by:  RHSA-2012:1264		     MD5: 2814e1e1b1b2f2f6bc5c2903bbc1c0ba
SHA-256: e77b1d4a926f653fc1292a6d4d1db2138e29a7609c95b27747e72a508e10a421
postgresql-python-8.1.21-1.el5_5.1.ppc.rpm
File outdated by:  RHSA-2012:1264		     MD5: eaad5fc39645e1a418733beb4d6e4989
SHA-256: a44a0022fb9f740a799f35e07a74c7b019251e0e75e651246708351fb9b19311
postgresql-server-8.1.21-1.el5_5.1.ppc.rpm
File outdated by:  RHSA-2012:1264		     MD5: 5f09d0d9766e4a81c1471131dbdfe1e6
SHA-256: 39f03be648d6d80827c7016ad9bc979b58c461d009021c4b41f521b389fa76f2
postgresql-tcl-8.1.21-1.el5_5.1.ppc.rpm
File outdated by:  RHSA-2012:1264		     MD5: da62d722bfdf0f3d972840017b8a8dd6
SHA-256: 1c732e416bd1753981562a5a082e2a56dceaeb84485a6e3671244ac19ebe20d5
postgresql-test-8.1.21-1.el5_5.1.ppc.rpm
File outdated by:  RHSA-2012:1264		     MD5: 656b063b71abe1cd3e141d778ecb0c40
SHA-256: 86e4364d217c02a6a6d23a6d54e4f7ce99556a0a024d9eb1769203d79e43add4
 
s390x:
postgresql-8.1.21-1.el5_5.1.s390x.rpm
File outdated by:  RHSA-2012:1264		     MD5: b495f9bb2ae43e5c100decfb2517c27a
SHA-256: fe169556c163d1d08172bf44056a821fce91ee37ed20e3152d257109c886bbd0
postgresql-contrib-8.1.21-1.el5_5.1.s390x.rpm
File outdated by:  RHSA-2012:1264		     MD5: 54c98acce00fd384bfca7d5f698b498d
SHA-256: bd68c8c91e8b5d332d70f5db94f155eea3f7b4765b3d4db593728a9f7b14209a
postgresql-devel-8.1.21-1.el5_5.1.s390.rpm
File outdated by:  RHSA-2012:1264		     MD5: 3e7376b7fe01f95a2940b7425bcc2783
SHA-256: 8f09e2c0860e0c506d23088c723543fcd3a24f3f28f70c417e868ab2ef2f3872
postgresql-devel-8.1.21-1.el5_5.1.s390x.rpm
File outdated by:  RHSA-2012:1264		     MD5: 42035c186081e9c9a183cf54d7fb0cb0
SHA-256: f061cc6d810b9155b7595e33be7bda58b6cd61f55f6960fb034cdaaf50be5f8c
postgresql-docs-8.1.21-1.el5_5.1.s390x.rpm
File outdated by:  RHSA-2012:1264		     MD5: 894aeea7af8a854e74bc526a8c8f2d21
SHA-256: 9189397a1ef8679f2692dd9ec0d7e81de58e53f7f7ae7371f7974bfa6cbab94f
postgresql-libs-8.1.21-1.el5_5.1.s390.rpm
File outdated by:  RHSA-2012:1264		     MD5: 1c0e786cafb1bbcaef616d481c1be59c
SHA-256: 87eee80cc79100e2ea98c002940dad143d79a551553cee79fcc296aff3744cc0
postgresql-libs-8.1.21-1.el5_5.1.s390x.rpm
File outdated by:  RHSA-2012:1264		     MD5: 994cadd00ea984823b022d4222ecb085
SHA-256: bdeb502e0ae2b840a8e1a52dfe60dcef208d8aa239cdf496a1acc2bbd126051a
postgresql-pl-8.1.21-1.el5_5.1.s390x.rpm
File outdated by:  RHSA-2012:1264		     MD5: b09399a2c156cb42bc8c45fd32df0af6
SHA-256: fdfdfa8db5584b191c69bb7c976938c240192bc00a7ad90b19c4705d096d28d8
postgresql-python-8.1.21-1.el5_5.1.s390x.rpm
File outdated by:  RHSA-2012:1264		     MD5: 2b628afb9df721907e22083b726f9be1
SHA-256: a58a8b23470069816ab62a92a34204b9101d0f9cd2dd1ffed842ab0d3ada5fe8
postgresql-server-8.1.21-1.el5_5.1.s390x.rpm
File outdated by:  RHSA-2012:1264		     MD5: 5967e8f1e92a23d3b297ff5fbbe53a2d
SHA-256: cb995f3def9553d1bc48ef5b11cf308659520cc9a1e5ae66ef7ad6772c08dc97
postgresql-tcl-8.1.21-1.el5_5.1.s390x.rpm
File outdated by:  RHSA-2012:1264		     MD5: f82c52996e4c9674d89a3d8015f2fd8f
SHA-256: aa26f1dc68a27e0e08ac7578acd75c4609d789a2ae0f7dc69121e5e24efde19d
postgresql-test-8.1.21-1.el5_5.1.s390x.rpm
File outdated by:  RHSA-2012:1264		     MD5: 5e030f37fc0d4421bcfb2c997f2cea42
SHA-256: 4896f22b4c14a7523bbb9142269b370d044a1217a45911ab4ac09c2ee43ef68d
 
x86_64:
postgresql-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 7dbf169eb8228d55d89a78dcfaecbc61
SHA-256: 471d60bcf82ee2a3e2daadb2a00f21baf1a9b50a480f8c23432005dc1c0748a6
postgresql-contrib-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 790170b0aa373a2160380321848f81a4
SHA-256: fcf90f24a0319615b834e75ec0fb378e47ecddfa46aa29e0b6affd8f63c10cc4
postgresql-devel-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: 81b1dc417f380c94a123f58dd71fee11
SHA-256: de6a5c4126ea6bf9eafcaaad0a8532e7b4c8dd1f289d2b4820eab224fd0b5c09
postgresql-devel-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 5c8c82df70e44baee73815de1fad6123
SHA-256: 336830b454821f4bb491ada08ad6f34f1f7ea360d79e2601a2897c955b0e597a
postgresql-docs-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 93bdcfd8f7413d81827312ae2364cd2e
SHA-256: 02b5d44bbfb7164a89d17f0d28f7d830dda1d198637c86559d59aa65d0c8bd38
postgresql-libs-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: e719c0a913f97e9ac9cf9dc3070f042d
SHA-256: 3e9091ca8d512784933cc5763f24d0fde52c04d0f428e59111771821acd11cd2
postgresql-libs-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 111e9ee9cbbca2aa5849387e968942a8
SHA-256: 2433b47ba8075e7106fb7d90cad1851b1bd28e323e86dbe72a87cd58e6f444a8
postgresql-pl-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 59efb06ca02b9730eb72265133633c27
SHA-256: cd71594f8a9ceeebb267c5124b4abb85e7ea1442b55d8dc44c1a8178b818e478
postgresql-python-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 4d8bc63154313bba9100e054e1aa257e
SHA-256: 0c4edb2fe5f109a22c517605d2d5b906683684d48e4a5139a2a5983ecfcfe79b
postgresql-server-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 17eda78ca1f85b6b12b2442f56793d5f
SHA-256: e03a11238ec913c69f6a7e90f4a4a974465c6cf74e383824c3185c27cdc2e72b
postgresql-tcl-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: b7bf376119e90cf2fa594a989ba515d4
SHA-256: 85abaaaf0cc814d7efc9c8f1b17835a736bd34946cfa310ce6d30bacf3a7a2ba
postgresql-test-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: b20c3f821feb149e526de8723558e452
SHA-256: 161ebb75458c8ac8756d188f94b0cac9d6b8fb07371c8491f7985c4cf3be4a4d
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
postgresql-8.1.21-1.el5_5.1.src.rpm
File outdated by:  RHSA-2012:1264		     MD5: 93150705c1693074e86748f1b92f8e1c
SHA-256: ea647c1aa56e0375e304d348d015e51f2f435f4b951c3c65a212fd4cc430eda7
 
IA-32:
postgresql-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: bf533a93a015671c6ffe43d3579b4b77
SHA-256: 893cacad99dbcbef34d7bca100e4ea6e09de4f99251f3fe89276c2dc5e6fcf9f
postgresql-contrib-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: e7cf3d1f837bf53205f5464de6653582
SHA-256: ff4636980df969347817c86eafe11f1b8153c35c0cf4ea64a96bdcba0be73a04
postgresql-devel-8.1.21-1.el5_5.1.i386.rpm     MD5: 81b1dc417f380c94a123f58dd71fee11
SHA-256: de6a5c4126ea6bf9eafcaaad0a8532e7b4c8dd1f289d2b4820eab224fd0b5c09
postgresql-docs-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: 52c3c255b04b155557b143e6ae00f072
SHA-256: 9c0c2c27dfb8105535bacfead3cb2d3b698fb523b5b98ff5e12c6eb2c639d914
postgresql-libs-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: e719c0a913f97e9ac9cf9dc3070f042d
SHA-256: 3e9091ca8d512784933cc5763f24d0fde52c04d0f428e59111771821acd11cd2
postgresql-pl-8.1.21-1.el5_5.1.i386.rpm     MD5: 822c0c2f5ef27419dae0417953f3764e
SHA-256: 3e1b318582aa3557ce51e9952ca9e116e1fca91c4ade60bfbf70c3d3e872b62b
postgresql-python-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: eeb374ee7ccba988583b0062aa248949
SHA-256: 01afd089926508d7440fb3b2b900e8e4ddd9127dae518fb613621ac4b5442ed8
postgresql-server-8.1.21-1.el5_5.1.i386.rpm     MD5: 9693346f54959eda009069ef1be7af8c
SHA-256: 364e2d7a700ae7eab8b81c25fd3b128ac31cdc0193402d1391898dcc93b0ea20
postgresql-tcl-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: 125b828660899ff09a58213fe1f4df9d
SHA-256: a8c98595f186653a6678c123bdb556329332a70f58a80f18e99f399d6ba5eb27
postgresql-test-8.1.21-1.el5_5.1.i386.rpm     MD5: 64ffc7113e24f9a2ee7340f9e78125da
SHA-256: e3be57e4ce6ba4042d594bda0cfb214a842d25bce15ab6117f6c862f5d6e2154
 
x86_64:
postgresql-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 7dbf169eb8228d55d89a78dcfaecbc61
SHA-256: 471d60bcf82ee2a3e2daadb2a00f21baf1a9b50a480f8c23432005dc1c0748a6
postgresql-contrib-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 790170b0aa373a2160380321848f81a4
SHA-256: fcf90f24a0319615b834e75ec0fb378e47ecddfa46aa29e0b6affd8f63c10cc4
postgresql-docs-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 93bdcfd8f7413d81827312ae2364cd2e
SHA-256: 02b5d44bbfb7164a89d17f0d28f7d830dda1d198637c86559d59aa65d0c8bd38
postgresql-libs-8.1.21-1.el5_5.1.i386.rpm
File outdated by:  RHSA-2012:1264		     MD5: e719c0a913f97e9ac9cf9dc3070f042d
SHA-256: 3e9091ca8d512784933cc5763f24d0fde52c04d0f428e59111771821acd11cd2
postgresql-libs-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 111e9ee9cbbca2aa5849387e968942a8
SHA-256: 2433b47ba8075e7106fb7d90cad1851b1bd28e323e86dbe72a87cd58e6f444a8
postgresql-python-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: 4d8bc63154313bba9100e054e1aa257e
SHA-256: 0c4edb2fe5f109a22c517605d2d5b906683684d48e4a5139a2a5983ecfcfe79b
postgresql-tcl-8.1.21-1.el5_5.1.x86_64.rpm
File outdated by:  RHSA-2012:1264		     MD5: b7bf376119e90cf2fa594a989ba515d4
SHA-256: 85abaaaf0cc814d7efc9c8f1b17835a736bd34946cfa310ce6d30bacf3a7a2ba
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

546321 - CVE-2009-4136 postgresql: SQL privilege escalation via modifications to session-local state
546621 - CVE-2010-0733 postgresql: Integer overflow in hash table size calculation
559259 - CVE-2010-0442 postgresql: substring() negative length argument buffer overflow
582615 - CVE-2010-1169 PostgreSQL: PL/Perl Intended restriction bypass
583072 - CVE-2010-1170 PostgreSQL: PL/Tcl Intended restriction bypass


References

https://www.redhat.com/security/data/cve/CVE-2009-4136.html
https://www.redhat.com/security/data/cve/CVE-2010-0442.html
https://www.redhat.com/security/data/cve/CVE-2010-0733.html
https://www.redhat.com/security/data/cve/CVE-2010-1169.html
https://www.redhat.com/security/data/cve/CVE-2010-1170.html
https://www.redhat.com/security/data/cve/CVE-2010-1975.html
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/