Skip to navigation

Security Advisory Important: Red Hat Application Stack v2.4 security and enhancement update

Advisory: RHSA-2009:1461-2
Type: Security Advisory
Severity: Important
Issued on: 2009-09-23
Last updated on: 2009-09-23
Affected Products: Red Hat Application Stack v2
CVEs (cve.mitre.org): CVE-2008-4456
CVE-2009-2446
CVE-2009-2687
CVE-2009-3094
CVE-2009-3095
CVE-2009-3229
CVE-2009-3230
CVE-2009-3231

Details

Red Hat Application Stack v2.4 is now available. This update fixes several
security issues and adds various enhancements.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Red Hat Application Stack v2.4 is an integrated open source application
stack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise
Application Platform (EAP). JBoss EAP is provided through the JBoss EAP
channels on the Red Hat Network.

PostgreSQL was updated to version 8.2.14, fixing the following security
issues:

A flaw was found in the way PostgreSQL handles LDAP-based authentication.
If PostgreSQL was configured to use LDAP authentication and the LDAP server
was configured to allow anonymous binds, anyone able to connect to a given
database could use this flaw to log in as any database user, including a
PostgreSQL superuser, without supplying a password. (CVE-2009-3231)

It was discovered that the upstream patch for CVE-2007-6600 included in the
Red Hat Security Advisory RHSA-2008:0040 did not include protection against
misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An
authenticated user could use this flaw to install malicious code that would
later execute with superuser privileges. (CVE-2009-3230)

A flaw was found in the way PostgreSQL handles external plug-ins. This flaw
could allow remote, authenticated users without superuser privileges to
crash the back-end server by using the LOAD command on libraries in
"/var/lib/pgsql/plugins/" that have already been loaded, causing a
temporary denial of service during crash recovery. (CVE-2009-3229)

MySQL was updated to version 5.0.84, fixing the following security issues:

An insufficient HTML entities quoting flaw was found in the mysql command
line client's HTML output mode. If an attacker was able to inject arbitrary
HTML tags into data stored in a MySQL database, which was later retrieved
using the mysql command line client and its HTML output mode, they could
perform a cross-site scripting (XSS) attack against victims viewing the
HTML output in a web browser. (CVE-2008-4456)

Multiple format string flaws were found in the way the MySQL server logs
user commands when creating and deleting databases. A remote, authenticated
attacker with permissions to CREATE and DROP databases could use these
flaws to formulate a specifically-crafted SQL command that would cause a
temporary denial of service (open connections to mysqld are terminated).
(CVE-2009-2446)

Note: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld
"--log" command line option or the "log" option in "/etc/my.cnf") must be
enabled. This logging is not enabled by default.

PHP was updated to version 5.2.10, fixing the following security issue:

An insufficient input validation flaw was discovered in the PHP
exif_read_data() function, used to read Exchangeable image file format
(Exif) metadata from images. An attacker could create a specially-crafted
image that could cause the PHP interpreter to crash or disclose portions of
its memory while reading the Exif metadata from the image. (CVE-2009-2687)

Apache httpd has been updated with backported patches to correct the
following security issues:

A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp
module. A malicious FTP server to which requests are being proxied could
use this flaw to crash an httpd child process via a malformed reply to the
EPSV or PASV commands, resulting in a limited denial of service.
(CVE-2009-3094)

A second flaw was found in the Apache mod_proxy_ftp module. In a reverse
proxy configuration, a remote attacker could use this flaw to bypass
intended access restrictions by creating a carefully-crafted HTTP
Authorization header, allowing the attacker to send arbitrary commands to
the FTP server. (CVE-2009-3095)

Also, the following packages have been updated:

* postgresql-jdbc to 8.2.510
* php-pear to 1.8.1
* perl-DBI to 1.609
* perl-DBD-MySQL to 4.012

All users should upgrade to these updated packages, which resolve these
issues. Users must restart the individual services, including postgresql,
mysqld, and httpd, for this update to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Application Stack v2

SRPMS:
httpd-2.2.13-2.el5s2.src.rpm
File outdated by:  RHSA-2011:1369
    MD5: 512dbdc10faa6da5e2bd89457c6990e5
mysql-5.0.84-2.el5s2.src.rpm     MD5: 304b928a8687186ca22344f5fe75367a
perl-DBD-MySQL-4.012-1.el5s2.src.rpm     MD5: 8ca817345413c6cbb69c692fb06deeb8
perl-DBI-1.609-1.el5s2.src.rpm     MD5: 5c3e47a548f1231bff67d1471137af71
php-pear-1.8.1-2.el5s2.src.rpm     MD5: 06febde9808697500118c50abda0a77c
postgresql-jdbc-8.2.510-1jpp.el5s2.src.rpm     MD5: 37a097a30c9a4bc63111b9f0e33aaa49
 
IA-32:
httpd-2.2.13-2.el5s2.i386.rpm
File outdated by:  RHSA-2011:1369
    MD5: 0d9fc0525ff48a07cacd874b9923bc0c
httpd-devel-2.2.13-2.el5s2.i386.rpm
File outdated by:  RHSA-2011:1369
    MD5: 7394566d32f094f2b6992a05a6d884c5
httpd-manual-2.2.13-2.el5s2.i386.rpm
File outdated by:  RHSA-2011:1369
    MD5: 6190fcda14aa7e54568c0baaa2779294
mod_ssl-2.2.13-2.el5s2.i386.rpm
File outdated by:  RHSA-2011:1369
    MD5: 05c44ea2a6307a2288ff21fc3da9bc91
mysql-5.0.84-2.el5s2.i386.rpm     MD5: 51c1cf58c52f1bb3e291cc899528a849
mysql-bench-5.0.84-2.el5s2.i386.rpm     MD5: bf4d45a0552e80a0c558cf26738d31f1
mysql-cluster-5.0.84-2.el5s2.i386.rpm     MD5: b102c057db7114261b72ba745e313b76
mysql-devel-5.0.84-2.el5s2.i386.rpm     MD5: eccc7354de7b4f1545340bd53f6d377f
mysql-libs-5.0.84-2.el5s2.i386.rpm     MD5: 545a57a1e924f72d36c770e5ad3c8409
mysql-server-5.0.84-2.el5s2.i386.rpm     MD5: 7a809e1373111d7240105cf285729d4f
mysql-test-5.0.84-2.el5s2.i386.rpm     MD5: 54edd2c4c5bf5cc3638985fafb381064
perl-DBD-MySQL-4.012-1.el5s2.i386.rpm     MD5: fdb410c2679f8a3c5f58bb290ba7ec9a
perl-DBI-1.609-1.el5s2.i386.rpm     MD5: d94e1d580e442a8a96685cfde66fa208
php-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: b923a9b73ed8b6d1e6f41d323d9d4fc0
php-bcmath-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 3f5b02942c3d2efc9e9b27fb9c0dbbf3
php-cli-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 2ad22329a9d0e91aa96bb92ed8044dce
php-common-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: e552a33ca43016add74083dac6338ff1
php-dba-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 8942833610fdf9c6c42b59bfc364ed79
php-devel-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 05463c687cff70cefe6b2695abfbe3cd
php-gd-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 7a6549db02c83c829910314a119c3c44
php-imap-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 4cecad6f87f363868b6c331b9f519fda
php-ldap-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 7fab6709acd11c190151287ca18c82be
php-mbstring-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 37a01b222c338797d45220573be92302
php-mysql-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 60dfd39955da444b76cc91ba47f2b1ba
php-ncurses-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 59d7e1a1ab87aa3039e886a3ff8d7877
php-odbc-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: bfd4b99b421de9f22093a703dc73c2ff
php-pdo-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 1978054efab13b4dde4d1988a476f73a
php-pear-1.8.1-2.el5s2.noarch.rpm     MD5: 8f4f20f4520a90d65d2c60fb49b2547a
php-pgsql-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: e41b350f57393facdebd85b6d88e7cf5
php-snmp-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: ad238c9486a082af22d907fda87380b2
php-soap-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 80d92128f114ea6867906575003718e2
php-xml-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: fcfdeea82f7ed6f771142d566379c94e
php-xmlrpc-5.2.10-1.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 0b1ad545a7b99b27d85857d96d65a643
postgresql-8.2.14-1.el5s2.i386.rpm     MD5: 3f86b1a73aed05f13446fc4a1b7c428e
postgresql-contrib-8.2.14-1.el5s2.i386.rpm     MD5: cabb06024dceb669171478d669d203a0
postgresql-devel-8.2.14-1.el5s2.i386.rpm     MD5: 105c8b5b65a1cb27f6b659fae4da3148
postgresql-docs-8.2.14-1.el5s2.i386.rpm     MD5: ab5c5b087759720d7beb47759ebb6cc4
postgresql-jdbc-8.2.510-1jpp.el5s2.i386.rpm     MD5: 6dc7c46682d9ae67729e273caaeff03f
postgresql-libs-8.2.14-1.el5s2.i386.rpm     MD5: 4a14c6af324b74d4e6350bbcab65f9ce
postgresql-plperl-8.2.14-1.el5s2.i386.rpm     MD5: 9778d5b978467e4ad4eeaf4882e50082
postgresql-plpython-8.2.14-1.el5s2.i386.rpm     MD5: 6d25e40582bb1ffaad5ad55e59eaae73
postgresql-pltcl-8.2.14-1.el5s2.i386.rpm     MD5: 60ec0e9b40676cfde97c599d3f6abb6c
postgresql-python-8.2.14-1.el5s2.i386.rpm     MD5: b0d7a98f093dd9d3a29f433e46091061
postgresql-server-8.2.14-1.el5s2.i386.rpm     MD5: eecb4e23aeec0a8932334ac6f55ea8e1
postgresql-tcl-8.2.14-1.el5s2.i386.rpm     MD5: bc48e67291a653b0cad0e73c961c2cf5
postgresql-test-8.2.14-1.el5s2.i386.rpm     MD5: 341f1c70db8a8c29491beb5c8eaeb781
 
x86_64:
httpd-2.2.13-2.el5s2.x86_64.rpm
File outdated by:  RHSA-2011:1369
    MD5: 2fb1758d2dccfe0b17c7a9fd162a6ca8
httpd-devel-2.2.13-2.el5s2.i386.rpm
File outdated by:  RHSA-2011:1369
    MD5: 7394566d32f094f2b6992a05a6d884c5
httpd-devel-2.2.13-2.el5s2.x86_64.rpm
File outdated by:  RHSA-2011:1369
    MD5: a691b7d4e616c6e4278c377d1535a014
httpd-manual-2.2.13-2.el5s2.x86_64.rpm
File outdated by:  RHSA-2011:1369
    MD5: 3501c704409d84b44d3bb0a9d142daf0
mod_ssl-2.2.13-2.el5s2.x86_64.rpm
File outdated by:  RHSA-2011:1369
    MD5: f85d7f59c1ba87907fad84edfab4f124
mysql-5.0.84-2.el5s2.i386.rpm     MD5: 51c1cf58c52f1bb3e291cc899528a849
mysql-5.0.84-2.el5s2.x86_64.rpm     MD5: b2dfcec8454163730118981bce945bfb
mysql-bench-5.0.84-2.el5s2.x86_64.rpm     MD5: c74b182d7460b6f8d42ae309fada12d5
mysql-cluster-5.0.84-2.el5s2.x86_64.rpm     MD5: 6f548f2d04d77d22be2c2a8e2f90e484
mysql-devel-5.0.84-2.el5s2.i386.rpm     MD5: eccc7354de7b4f1545340bd53f6d377f
mysql-devel-5.0.84-2.el5s2.x86_64.rpm     MD5: ac4eda615ec2aefed89ca3a223603540
mysql-libs-5.0.84-2.el5s2.i386.rpm     MD5: 545a57a1e924f72d36c770e5ad3c8409
mysql-libs-5.0.84-2.el5s2.x86_64.rpm     MD5: 6a774d7421a322cb6718a4493bd3da0f
mysql-server-5.0.84-2.el5s2.x86_64.rpm     MD5: db77988a4a3c050837eb241070532812
mysql-test-5.0.84-2.el5s2.x86_64.rpm     MD5: 7ff98174319dc1c6b5579299104251d9
perl-DBD-MySQL-4.012-1.el5s2.x86_64.rpm     MD5: e1c1956ae38ce5abbb3dce396fe0096b
perl-DBI-1.609-1.el5s2.x86_64.rpm     MD5: e8b70153f481e2ac4072b8f8efb13b64
php-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 97c0bbe2ffc2e057e642a07a6e99c574
php-bcmath-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 48558eeba40d3ab786eb93d81f826740
php-cli-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 89970212397a9bcb298f7372da4a8209
php-common-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: ac14c8f341c526bdee604e58b3479043
php-dba-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 4824abd7655249a0abfe9caa15eac20b
php-devel-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: a8d4f0c306ea40965c85fce6b6cb1144
php-gd-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 19926256ec61c31c6c8e507214223db0
php-imap-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 9ad203fa8d0aec2254d3d051e2a64c2f
php-ldap-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: b427a89e661f44d6d69262444f669dea
php-mbstring-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: fbc3fd1119c91a62a8cc377da327bafa
php-mysql-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 3123bccc9af67fc57118c124a5acb79a
php-ncurses-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 148bc71777687eed9d6fe02eda6d75f0
php-odbc-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 605a9471a3ca2c4ea93462d14239f03f
php-pdo-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 51d45bda897fba1cc00df26cf899ee7a
php-pear-1.8.1-2.el5s2.noarch.rpm     MD5: 8f4f20f4520a90d65d2c60fb49b2547a
php-pgsql-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 12655a656d2cecf8bf61569a7de54e37
php-snmp-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 0051e34fd289b8d8524d926a23c75aca
php-soap-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 5be75f4f2efb76c05e019884ae4a16a9
php-xml-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: d2359057cf01a0130e389d79d7fe8d84
php-xmlrpc-5.2.10-1.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 3aaba2c9e724dc533b285c2ef3cd72ac
postgresql-8.2.14-1.el5s2.x86_64.rpm     MD5: c15b5f833c612b7208dfdc0e6e244df0
postgresql-contrib-8.2.14-1.el5s2.x86_64.rpm     MD5: 1b6d73459713534ed901c5b20f1ff6e5
postgresql-devel-8.2.14-1.el5s2.i386.rpm     MD5: 105c8b5b65a1cb27f6b659fae4da3148
postgresql-devel-8.2.14-1.el5s2.x86_64.rpm     MD5: 764de5a901a52d45bd8675aa7147a8ab
postgresql-docs-8.2.14-1.el5s2.x86_64.rpm     MD5: 2af9962fe17adb70a1759f1807daf086
postgresql-jdbc-8.2.510-1jpp.el5s2.x86_64.rpm     MD5: 3e03d151857c9354c1282ecb71e94f49
postgresql-libs-8.2.14-1.el5s2.i386.rpm     MD5: 4a14c6af324b74d4e6350bbcab65f9ce
postgresql-libs-8.2.14-1.el5s2.x86_64.rpm     MD5: 59495138ec3d046d5529276aa4dd0be6
postgresql-plperl-8.2.14-1.el5s2.x86_64.rpm     MD5: cd64e221f720d0cfd928c455c2c7aff9
postgresql-plpython-8.2.14-1.el5s2.x86_64.rpm     MD5: 391e3c83673a2a530fa327340c929617
postgresql-pltcl-8.2.14-1.el5s2.x86_64.rpm     MD5: af0f058a583a57e7dc58f22c37488ba3
postgresql-python-8.2.14-1.el5s2.x86_64.rpm     MD5: eecf0d52c966172baa8e75328aff0119
postgresql-server-8.2.14-1.el5s2.x86_64.rpm     MD5: c7b8b7af413ae22418082f4f39641728
postgresql-tcl-8.2.14-1.el5s2.x86_64.rpm     MD5: 6bc328a00d841652daf6105d9da4f195
postgresql-test-8.2.14-1.el5s2.x86_64.rpm     MD5: b7cda13605e3df5c4f9779c37480d0d1
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

466518 - CVE-2008-4456 mysql: mysql command line client XSS flaw
506896 - CVE-2009-2687 php: exif_read_data crash on corrupted JPEG files
511020 - CVE-2009-2446 MySQL: Format string vulnerability by manipulation with database instances (crash)
521619 - CVE-2009-3094 httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply
522084 - CVE-2009-3231 postgresql: LDAP authentication bypass when anonymous LDAP bind are allowed
522085 - CVE-2009-3230 postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600
522092 - CVE-2009-3229 postgresql: authenticated user server DoS via plugin re-LOAD-ing
522209 - CVE-2009-3095 httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/