Skip to navigation

Security Advisory Moderate: postgresql security update

Advisory: RHSA-2007:0067-3
Type: Security Advisory
Severity: Moderate
Issued on: 2007-02-07
Last updated on: 2007-02-07
Affected Products: Red Hat Application Stack v1 for Enterprise Linux AS (v.4)
Red Hat Application Stack v1 for Enterprise Linux ES (v.4)
CVEs (cve.mitre.org): CVE-2006-5540
CVE-2006-5541
CVE-2006-5542
CVE-2007-0555
CVE-2007-0556

Details

Updated postgresql packages that fix several security vulnerabilities are
now available for the Red Hat Application Stack.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

PostgreSQL is an advanced Object-Relational database management system
(DBMS).

Two flaws were found in the way the PostgreSQL server handles certain
SQL-language functions. An authenticated user could execute a sequence of
command which could crash the PostgreSQL server or possibly read from
arbitrary memory locations. A user must have permissions to drop and add
database tables to exploit this flaw. (CVE-2007-0555, CVE-2007-0556)

Several denial of service flaws were found in the PostgreSQL server. An
authenticated user could execute an SQL command which could crash the
PostgreSQL server. (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542)

Users of PostgreSQL should upgrade to these updated packages containing
PostgreSQL version 8.1.7, which corrects these issues.

Note: The original PostgreSQL 8.1.7 security patch contained an error; this
release includes the updated patch and so is equivalent to the
soon-to-be-released 8.1.8.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Application Stack v1 for Enterprise Linux AS (v.4)

SRPMS:
postgresql-8.1.7-3.el4s1.1.src.rpm
File outdated by:  RHEA-2008:0975
    MD5: 45bcce54c270fd2f45d2699acff84f15
 
IA-32:
postgresql-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: c6a46625d9bea44b11124d3a66d96e9b
postgresql-contrib-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: df169915db46942012553d8081a4b3e5
postgresql-devel-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 9cda736cdb9a5693ee58755e597fe642
postgresql-docs-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 3987bad06885307647eeb306343afdc4
postgresql-libs-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: f01b6879753c511e872d9a9280a17457
postgresql-pl-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: e67b3a9842f3e7df38728b039ff39a07
postgresql-python-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 07ec3d3cdab7acfd656526a2307f4f82
postgresql-server-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: e0a1a1e8fd021aa8f48525964c91d404
postgresql-tcl-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 44960f2637577c4af090044005e77d6f
postgresql-test-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: a079aa11e843f8cd39d64d12e84c4c6e
 
x86_64:
postgresql-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: c254f9f1b3f7d65b39f7e32132c94376
postgresql-contrib-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: ccdcf0cddc657b4dcf14f4a0b55cc668
postgresql-devel-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 9a93c6cf1e6e3924ea032be6e7e07716
postgresql-docs-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 5c14bb68f28ef09d925e81ca0179ce61
postgresql-libs-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: f01b6879753c511e872d9a9280a17457
postgresql-libs-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: b73d1df15aaed9c98d248e369cb36839
postgresql-pl-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 0179aa38ed819c9127f0581f6176f522
postgresql-python-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: ce253fbaf33d46734431ac4e7e02ac8a
postgresql-server-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: e9d1dd41d9b2c5b40cd675c0346c2f83
postgresql-tcl-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: d6dcb504c7775094c2de709151d9d170
postgresql-test-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 93ce219b21d4ef3611c2491c9546c35f
 
Red Hat Application Stack v1 for Enterprise Linux ES (v.4)

SRPMS:
postgresql-8.1.7-3.el4s1.1.src.rpm
File outdated by:  RHEA-2008:0975
    MD5: 45bcce54c270fd2f45d2699acff84f15
 
IA-32:
postgresql-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: c6a46625d9bea44b11124d3a66d96e9b
postgresql-contrib-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: df169915db46942012553d8081a4b3e5
postgresql-devel-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 9cda736cdb9a5693ee58755e597fe642
postgresql-docs-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 3987bad06885307647eeb306343afdc4
postgresql-libs-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: f01b6879753c511e872d9a9280a17457
postgresql-pl-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: e67b3a9842f3e7df38728b039ff39a07
postgresql-python-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 07ec3d3cdab7acfd656526a2307f4f82
postgresql-server-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: e0a1a1e8fd021aa8f48525964c91d404
postgresql-tcl-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: 44960f2637577c4af090044005e77d6f
postgresql-test-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: a079aa11e843f8cd39d64d12e84c4c6e
 
x86_64:
postgresql-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: c254f9f1b3f7d65b39f7e32132c94376
postgresql-contrib-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: ccdcf0cddc657b4dcf14f4a0b55cc668
postgresql-devel-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 9a93c6cf1e6e3924ea032be6e7e07716
postgresql-docs-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 5c14bb68f28ef09d925e81ca0179ce61
postgresql-libs-8.1.7-3.el4s1.1.i386.rpm
File outdated by:  RHEA-2008:0975
    MD5: f01b6879753c511e872d9a9280a17457
postgresql-libs-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: b73d1df15aaed9c98d248e369cb36839
postgresql-pl-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 0179aa38ed819c9127f0581f6176f522
postgresql-python-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: ce253fbaf33d46734431ac4e7e02ac8a
postgresql-server-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: e9d1dd41d9b2c5b40cd675c0346c2f83
postgresql-tcl-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: d6dcb504c7775094c2de709151d9d170
postgresql-test-8.1.7-3.el4s1.1.x86_64.rpm
File outdated by:  RHEA-2008:0975
    MD5: 93ce219b21d4ef3611c2491c9546c35f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

225543 - CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556)
227299 - CVE-2006-5540 New version fixes three different crash vulnerabilities (CVE-2006-5541, CVE-2006-5542)
227542 - Attribute type error when updating varchar column


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/