Skip to navigation

Security Advisory Moderate: postgresql security update

Advisory: RHSA-2007:0068-4
Type: Security Advisory
Severity: Moderate
Issued on: 2007-03-14
Last updated on: 2007-03-14
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2006-5540
CVE-2006-5541
CVE-2006-5542
CVE-2007-0555
CVE-2007-0556

Details

Updated postgresql packages that fix several security issues are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

PostgreSQL is an advanced Object-Relational database management system
(DBMS).

Two flaws were found in the way the PostgreSQL server handles certain
SQL-language functions. An authenticated user could execute a sequence of
commands which could crash the PostgreSQL server or possibly read from
arbitrary memory locations. A user would need to have permissions to drop
and add database tables to be able to exploit these issues (CVE-2007-0555,
CVE-2007-0556).

Several denial of service flaws were found in the PostgreSQL server. An
authenticated user could execute certain SQL commands which could crash the
PostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542).

Users of PostgreSQL should upgrade to these updated packages containing
PostgreSQL version 8.1.8 which corrects these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
postgresql-8.1.8-1.el5.src.rpm
File outdated by:  RHSA-2014:0249
    MD5: cbe3803061100a0e21ae2fd662fa7eec
 
IA-32:
postgresql-devel-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: 050dc905b012d3bb37aebeb0b35b28f3
postgresql-pl-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: 637dc59b580445b6d75aea8f39afd485
postgresql-server-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: 5c936348ca2b124bdc3fb1e71148a596
postgresql-test-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: 5a97f19a7f509c5497cc6cb80dc4509b
 
x86_64:
postgresql-devel-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: 050dc905b012d3bb37aebeb0b35b28f3
postgresql-devel-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 7aaa7f414d6e671f4968794850335fad
postgresql-pl-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: aa5b02ec78b80e448a372148dea67b7d
postgresql-server-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: bb0db5228c0a8ce2eb3041964221d55e
postgresql-test-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 02ed854afee1e8a3ea80c6e22d04e046
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
postgresql-8.1.8-1.el5.src.rpm
File outdated by:  RHSA-2014:0249
    MD5: cbe3803061100a0e21ae2fd662fa7eec
 
IA-32:
postgresql-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: b6db34e9da1560e8d87418b71316488b
postgresql-contrib-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: ab9966173a10d19568e58e18b1ea0f14
postgresql-devel-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: 050dc905b012d3bb37aebeb0b35b28f3
postgresql-docs-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: 09ea8f2dd49c03f536e55fe71cbfb765
postgresql-libs-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: 4aa40a7562d94ff450525f5180e62634
postgresql-pl-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: 637dc59b580445b6d75aea8f39afd485
postgresql-python-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: ef42f820e437712576af6a360c96dca9
postgresql-server-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: 5c936348ca2b124bdc3fb1e71148a596
postgresql-tcl-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: a353d60a9972b8bbc04c81629776fe8e
postgresql-test-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: 5a97f19a7f509c5497cc6cb80dc4509b
 
IA-64:
postgresql-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 69b9f1aebf6e94690b80b83f5700debd
postgresql-contrib-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 4443f12ea700f736cae4573ee71535d9
postgresql-devel-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 28e491bc8660859a6e2aa1bbb46786f1
postgresql-docs-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 88416d3c56adf49a917d51e2b91ea7c3
postgresql-libs-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: 4aa40a7562d94ff450525f5180e62634
postgresql-libs-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2014:0249
    MD5: c4b91e856696f5323b841b408e46ba83
postgresql-pl-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2014:0249
    MD5: ed7b489614fd4528a67b13141bcaf1fc
postgresql-python-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 10c6a0917434ef8d67ddad76b1b44206
postgresql-server-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 8fa5384e95f449d23d2de200db0f7cfb
postgresql-tcl-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 070894787ea2b1b13631cabf482fbd3a
postgresql-test-8.1.8-1.el5.ia64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 1342f6611941d28abcdf3ba8d0a0e784
 
PPC:
postgresql-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2014:0249
    MD5: d1c81aa14ae57ffec2680083752f42e6
postgresql-contrib-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2014:0249
    MD5: 4778d8e5d47fee840bb5a4b3aa042e11
postgresql-devel-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2014:0249
    MD5: d0032a7370c9167cae64c67e0f7ea6d6
postgresql-devel-8.1.8-1.el5.ppc64.rpm
File outdated by:  RHSA-2014:0249
    MD5: c51291a491ebfece7db693fd81de862c
postgresql-docs-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2014:0249
    MD5: 970f6d985d97a9b6e313c4ef40adc5f6
postgresql-libs-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2014:0249
    MD5: fd4110388418d06d7e3302d0881b76a5
postgresql-libs-8.1.8-1.el5.ppc64.rpm
File outdated by:  RHSA-2014:0249
    MD5: af622184701cc32ba37e8710ab234c67
postgresql-pl-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2014:0249
    MD5: fab13773ae902a2aa7801b84b6fd7d33
postgresql-python-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2014:0249
    MD5: d426d7d3c0bba88422ef8da2998df468
postgresql-server-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2014:0249
    MD5: 5ca4d52df094f4fa4676def66b826c30
postgresql-tcl-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2014:0249
    MD5: eb8c8530bc6578c6e7d58e6b3de77c17
postgresql-test-8.1.8-1.el5.ppc.rpm
File outdated by:  RHSA-2014:0249
    MD5: 9487fc3b6de353d30641adb5a11e0895
 
s390x:
postgresql-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2014:0249
    MD5: 71c539c818352c876dbe70e7fc305bc1
postgresql-contrib-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2014:0249
    MD5: a9bdf4729d164014bcd2e5a4c8fdbffa
postgresql-devel-8.1.8-1.el5.s390.rpm
File outdated by:  RHSA-2014:0249
    MD5: d6236894072cf2649dd916bb4044ae62
postgresql-devel-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2014:0249
    MD5: a5fc3740d1445473487aa0cbfe0285b5
postgresql-docs-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2014:0249
    MD5: d707b3dce1cc3e989cb3e47e3f27eb78
postgresql-libs-8.1.8-1.el5.s390.rpm
File outdated by:  RHSA-2014:0249
    MD5: 8a3a7d2384f7346da82db6106c095eb8
postgresql-libs-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2014:0249
    MD5: d9043731e0db99f22064f18f486bd245
postgresql-pl-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2014:0249
    MD5: 919619f0ff7e97311f6f708c981b0a66
postgresql-python-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2014:0249
    MD5: 004f7fac0d588cf7210b6b3df88932e6
postgresql-server-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2014:0249
    MD5: 2693a4e47fedb583056d8ff827632b43
postgresql-tcl-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2014:0249
    MD5: 9ce9c223645d83f3444badda7e9e0a57
postgresql-test-8.1.8-1.el5.s390x.rpm
File outdated by:  RHSA-2014:0249
    MD5: 4d668df9c8c905bdd83f2ab05b653df3
 
x86_64:
postgresql-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 71580dff758d16cb17f2e8eb35e753fa
postgresql-contrib-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 757e8ddce97ada5ac9b60c2d464e2482
postgresql-devel-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: 050dc905b012d3bb37aebeb0b35b28f3
postgresql-devel-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 7aaa7f414d6e671f4968794850335fad
postgresql-docs-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: e41349d11f081cc57019c748e4a4575a
postgresql-libs-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: 4aa40a7562d94ff450525f5180e62634
postgresql-libs-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: efe6c80e7a5e02930f7caba1aa85f958
postgresql-pl-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: aa5b02ec78b80e448a372148dea67b7d
postgresql-python-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 7ca63d34b6c49493b8649f9513002bc9
postgresql-server-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: bb0db5228c0a8ce2eb3041964221d55e
postgresql-tcl-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 45685367b978f4994a0537cc883eba06
postgresql-test-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 02ed854afee1e8a3ea80c6e22d04e046
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
postgresql-8.1.8-1.el5.src.rpm
File outdated by:  RHSA-2014:0249
    MD5: cbe3803061100a0e21ae2fd662fa7eec
 
IA-32:
postgresql-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: b6db34e9da1560e8d87418b71316488b
postgresql-contrib-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: ab9966173a10d19568e58e18b1ea0f14
postgresql-docs-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: 09ea8f2dd49c03f536e55fe71cbfb765
postgresql-libs-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: 4aa40a7562d94ff450525f5180e62634
postgresql-python-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: ef42f820e437712576af6a360c96dca9
postgresql-tcl-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: a353d60a9972b8bbc04c81629776fe8e
 
x86_64:
postgresql-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 71580dff758d16cb17f2e8eb35e753fa
postgresql-contrib-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 757e8ddce97ada5ac9b60c2d464e2482
postgresql-docs-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: e41349d11f081cc57019c748e4a4575a
postgresql-libs-8.1.8-1.el5.i386.rpm
File outdated by:  RHSA-2014:0249
    MD5: 4aa40a7562d94ff450525f5180e62634
postgresql-libs-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: efe6c80e7a5e02930f7caba1aa85f958
postgresql-python-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 7ca63d34b6c49493b8649f9513002bc9
postgresql-tcl-8.1.8-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0249
    MD5: 45685367b978f4994a0537cc883eba06
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

216411 - CVE-2006-5540 New version fixes three different crash vulnerabilities (CVE-2006-5541 CVE-2006-5542)
225496 - CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556)
227688 - Attribute type error when updating varchar column


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/