Skip to navigation

Security Advisory postgresql security update

Advisory: RHSA-2005:150-04
Type: Security Advisory
Severity: Important
Issued on: 2005-02-16
Last updated on: 2005-02-16
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-0227
CVE-2005-0245
CVE-2005-0247

Details

Updated PostgreSQL packages to fix various security flaws are now available
for Red Hat Enterprise Linux 2.1AS.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

PostgreSQL is an advanced Object-Relational database management system
(DBMS).

A flaw in the LOAD command in PostgreSQL was discovered. A local user
could use this flaw to load arbitrary shared libraries and therefore
execute arbitrary code, gaining the privileges of the PostgreSQL server.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0227 to this issue.

Multiple buffer overflows were found in PL/PgSQL. A database user who has
permissions to create plpgsql functions could trigger this flaw which could
lead to arbitrary code execution, gaining the privileges of the PostgreSQL
server. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CAN-2005-0245 and CAN-2005-0247 to these issues.

Users of PostgreSQL are advised to update to these erratum packages which
are not vulnerable to these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)

IA-32:
postgresql-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: d5dd4645e60377652a3b20b8ea2075c8
postgresql-contrib-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 900fff68faddf8a4a74d9f28c1798228
postgresql-devel-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: fa7a457aca0a82c84695343029f01daa
postgresql-docs-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 6413c9dff17164013e41dfc7e9abc4fb
postgresql-jdbc-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 14052b797b37408cc83842869128602b
postgresql-libs-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 5f63b3466fad8ba0c95ca8f895c01d52
postgresql-odbc-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 44b516e32296194ee2f4087a5f1b673e
postgresql-perl-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 6b4f6323a147590a7347cbf0f92042e5
postgresql-python-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: cdbe160b61882748a38f7cc9d251ab61
postgresql-server-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: b1b051ed6aaf151c461ccf39a460f8bc
postgresql-tcl-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 24a53c8b9b10697f2cfa6c690cc8b37b
postgresql-test-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 340239bd5986f62ec040ba42b12c108d
postgresql-tk-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: a79a012ff3eadfd2630dc863b29479dc
 
IA-64:
postgresql-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: ab956518e3d0a552e193316444fdebe8
postgresql-contrib-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: 7af5314c1bfaadcf4f8837caa41b5b9b
postgresql-devel-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: 9b8d0b95c2c386dd16ca225185c70446
postgresql-docs-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: 8f178d5340ef48550351970e0954bcb6
postgresql-jdbc-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: 53a27c906e4930481e3d8bccac9b1aed
postgresql-libs-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: 9426664bacc88b2836f917c00ae8022d
postgresql-odbc-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: f764dc209d0447701ca238571d192d43
postgresql-perl-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: 59054a3ca270a50180dabf602f3fc64a
postgresql-python-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: d0f46f72f7e01f1db5f4226813bde4d9
postgresql-server-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: cfba743e7d03547bb4042a7e35821f89
postgresql-tcl-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: 39886dba0d0b65c0df5ac717eb947c38
postgresql-test-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: 7a37f6ece0ca1f03fd54c83b70379c85
postgresql-tk-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: db8137c889d035f1cf4ab47e6687cfaf
 
Red Hat Enterprise Linux ES (v. 2.1)

IA-32:
postgresql-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: d5dd4645e60377652a3b20b8ea2075c8
postgresql-contrib-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 900fff68faddf8a4a74d9f28c1798228
postgresql-devel-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: fa7a457aca0a82c84695343029f01daa
postgresql-docs-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 6413c9dff17164013e41dfc7e9abc4fb
postgresql-jdbc-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 14052b797b37408cc83842869128602b
postgresql-libs-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 5f63b3466fad8ba0c95ca8f895c01d52
postgresql-odbc-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 44b516e32296194ee2f4087a5f1b673e
postgresql-perl-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 6b4f6323a147590a7347cbf0f92042e5
postgresql-python-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: cdbe160b61882748a38f7cc9d251ab61
postgresql-server-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: b1b051ed6aaf151c461ccf39a460f8bc
postgresql-tcl-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 24a53c8b9b10697f2cfa6c690cc8b37b
postgresql-test-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 340239bd5986f62ec040ba42b12c108d
postgresql-tk-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: a79a012ff3eadfd2630dc863b29479dc
 
Red Hat Enterprise Linux WS (v. 2.1)

IA-32:
postgresql-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: d5dd4645e60377652a3b20b8ea2075c8
postgresql-contrib-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 900fff68faddf8a4a74d9f28c1798228
postgresql-devel-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: fa7a457aca0a82c84695343029f01daa
postgresql-docs-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 6413c9dff17164013e41dfc7e9abc4fb
postgresql-jdbc-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 14052b797b37408cc83842869128602b
postgresql-libs-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 5f63b3466fad8ba0c95ca8f895c01d52
postgresql-odbc-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 44b516e32296194ee2f4087a5f1b673e
postgresql-perl-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 6b4f6323a147590a7347cbf0f92042e5
postgresql-python-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: cdbe160b61882748a38f7cc9d251ab61
postgresql-server-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: b1b051ed6aaf151c461ccf39a460f8bc
postgresql-tcl-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 24a53c8b9b10697f2cfa6c690cc8b37b
postgresql-test-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: 340239bd5986f62ec040ba42b12c108d
postgresql-tk-7.1.3-6.rhel2.1AS.i386.rpm
File outdated by:  RHBA-2005:240
    MD5: a79a012ff3eadfd2630dc863b29479dc
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

IA-64:
postgresql-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: ab956518e3d0a552e193316444fdebe8
postgresql-contrib-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: 7af5314c1bfaadcf4f8837caa41b5b9b
postgresql-devel-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: 9b8d0b95c2c386dd16ca225185c70446
postgresql-docs-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: 8f178d5340ef48550351970e0954bcb6
postgresql-jdbc-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: 53a27c906e4930481e3d8bccac9b1aed
postgresql-libs-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: 9426664bacc88b2836f917c00ae8022d
postgresql-odbc-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: f764dc209d0447701ca238571d192d43
postgresql-perl-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: 59054a3ca270a50180dabf602f3fc64a
postgresql-python-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: d0f46f72f7e01f1db5f4226813bde4d9
postgresql-server-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: cfba743e7d03547bb4042a7e35821f89
postgresql-tcl-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: 39886dba0d0b65c0df5ac717eb947c38
postgresql-test-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: 7a37f6ece0ca1f03fd54c83b70379c85
postgresql-tk-7.1.3-6.rhel2.1AS.ia64.rpm
File outdated by:  RHBA-2005:240
    MD5: db8137c889d035f1cf4ab47e6687cfaf
 

Bugs fixed (see bugzilla for more information)

130818 - PostgreSQL can lose committed transactions
147703 - CAN-2005-0227 Multiple security and data-loss issues in PostgreSQL (CAN-2004-0977 CAN-2005-0245 CAN-2005-0247)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/