Security Advisory Important: postgresql security update

Advisory: RHSA-2014:0249-2
Type: Security Advisory
Severity: Important
Issued on: 2014-03-04
Last updated on: 2014-03-04
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2014-0060
CVE-2014-0061
CVE-2014-0062
CVE-2014-0063
CVE-2014-0064
CVE-2014-0065
CVE-2014-0066

Details

Updated postgresql packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

PostgreSQL is an advanced object-relational database management system
(DBMS).

Multiple stack-based buffer overflow flaws were found in the date/time
implementation of PostgreSQL. An authenticated database user could provide
a specially crafted date/time value that, when processed, could cause
PostgreSQL to crash or, potentially, execute arbitrary code with the
permissions of the user running PostgreSQL. (CVE-2014-0063)

Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in various type input functions in PostgreSQL. An authenticated
database user could possibly use these flaws to crash PostgreSQL or,
potentially, execute arbitrary code with the permissions of the user
running PostgreSQL. (CVE-2014-0064)

Multiple potential buffer overflow flaws were found in PostgreSQL.
An authenticated database user could possibly use these flaws to crash
PostgreSQL or, potentially, execute arbitrary code with the permissions of
the user running PostgreSQL. (CVE-2014-0065)

It was found that granting an SQL role to a database user in a PostgreSQL
database without specifying the "ADMIN" option allowed the grantee to
remove other users from their granted role. An authenticated database user
could use this flaw to remove a user from an SQL role which they were
granted access to. (CVE-2014-0060)

A flaw was found in the validator functions provided by PostgreSQL's
procedural languages (PLs). An authenticated database user could possibly
use this flaw to escalate their privileges. (CVE-2014-0061)

A race condition was found in the way the CREATE INDEX command performed
multiple independent lookups of a table that had to be indexed. An
authenticated database user could possibly use this flaw to escalate their
privileges. (CVE-2014-0062)

It was found that the chkpass extension of PostgreSQL did not check the
return value of the crypt() function. An authenticated database user could
possibly use this flaw to crash PostgreSQL via a null pointer dereference.
(CVE-2014-0066)

Red Hat would like to thank the PostgreSQL project for reporting these
issues. Upstream acknowledges Noah Misch as the original reporter of
CVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the
original reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as
the original reporters of CVE-2014-0065, Andres Freund as the original
reporter of CVE-2014-0061, Robert Haas and Andres Freund as the original
reporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the
original reporters of CVE-2014-0066.

All PostgreSQL users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. If the postgresql
service is running, it will be automatically restarted after installing
this update.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
postgresql-8.1.23-10.el5_10.src.rpm     MD5: fab2fdc4e6e0345aff9e66c175c71228
SHA-256: 8af46074ad3f4bc0acbfe39ae1d35875a474f4bb2888d1fa68fc34f9c5c652f0
 
IA-32:
postgresql-debuginfo-8.1.23-10.el5_10.i386.rpm     MD5: fccc917476bce2e7c998747494e33a21
SHA-256: 01acaf67ede10747277cea95cff8b7d3cbf85555bb9db540768999e760e80a98
postgresql-devel-8.1.23-10.el5_10.i386.rpm     MD5: 695e58246fc9909aee4a51f8c044b6ec
SHA-256: 08b31850a464beba946510f0353ce519b7fcabef094c10852233be819f13d210
postgresql-pl-8.1.23-10.el5_10.i386.rpm     MD5: 499e565cae0882fb8ef1002d0b1bb2fc
SHA-256: 37307e862760efd356d05249bcf3945e34daf9dcb56907e072e3f690ac271666
postgresql-server-8.1.23-10.el5_10.i386.rpm     MD5: 38c47e0ca8ef19399cc7fa1116b390d1
SHA-256: 11df050e97590368a61d9233bf116c4d6211ee91f451e52df9fae06c8690c5fe
postgresql-test-8.1.23-10.el5_10.i386.rpm     MD5: 981e6da17751f1937847519b94b22d2b
SHA-256: f8e7e2aa57e656e273dc91cefb04319e4a308841128e93e2d2f0aafb15e979ff
 
x86_64:
postgresql-debuginfo-8.1.23-10.el5_10.i386.rpm     MD5: fccc917476bce2e7c998747494e33a21
SHA-256: 01acaf67ede10747277cea95cff8b7d3cbf85555bb9db540768999e760e80a98
postgresql-debuginfo-8.1.23-10.el5_10.x86_64.rpm     MD5: c07053700dfc9d3e9998a36be93ce9dc
SHA-256: eea50fb54f47dcb8f36e9875cbb18c1dd7581bee11b81d6907185ed33849a5e0
postgresql-devel-8.1.23-10.el5_10.i386.rpm     MD5: 695e58246fc9909aee4a51f8c044b6ec
SHA-256: 08b31850a464beba946510f0353ce519b7fcabef094c10852233be819f13d210
postgresql-devel-8.1.23-10.el5_10.x86_64.rpm     MD5: 92755e30cbfd769fcc5dd7a763dd62b4
SHA-256: 6cdd59febc2bd1c140dffb21b345adcdbbcfb6f9b0c1b2bc8361c0a752b70d66
postgresql-pl-8.1.23-10.el5_10.x86_64.rpm     MD5: bfc0ec21a22cfc0fa94a8df0c0e2416d
SHA-256: 4efeb4e01abe33774b29d896e62a0630c0286acd005d74db63667a9c05e11800
postgresql-server-8.1.23-10.el5_10.x86_64.rpm     MD5: 7cd6a5f73257cdebb397cd1569e78630
SHA-256: a9333abaae5452b545e6b53a1b0841798a10cf038601fa0fd16e832536f2dcf5
postgresql-test-8.1.23-10.el5_10.x86_64.rpm     MD5: c1182660ff643d35504ba3dec203db16
SHA-256: 9865f2dda286fd700df260b362e84fa75806ce8dcfcaf19b6d275161fd09fa57
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
postgresql-8.1.23-10.el5_10.src.rpm     MD5: fab2fdc4e6e0345aff9e66c175c71228
SHA-256: 8af46074ad3f4bc0acbfe39ae1d35875a474f4bb2888d1fa68fc34f9c5c652f0
 
IA-32:
postgresql-8.1.23-10.el5_10.i386.rpm     MD5: 3aa3da94ab2754c1a2ee7cf28a984f94
SHA-256: 65c2dacf4ca3e3c1808e41a0445c2e903a74f68065255d20ff08b141caf2b8e2
postgresql-contrib-8.1.23-10.el5_10.i386.rpm     MD5: beaca0ff712784bb4e4d4e26708bc155
SHA-256: dcf7b4237ae3604a179a3d81d8724b9eda252ca6b99368ff264dfc51cf081474
postgresql-debuginfo-8.1.23-10.el5_10.i386.rpm     MD5: fccc917476bce2e7c998747494e33a21
SHA-256: 01acaf67ede10747277cea95cff8b7d3cbf85555bb9db540768999e760e80a98
postgresql-devel-8.1.23-10.el5_10.i386.rpm     MD5: 695e58246fc9909aee4a51f8c044b6ec
SHA-256: 08b31850a464beba946510f0353ce519b7fcabef094c10852233be819f13d210
postgresql-docs-8.1.23-10.el5_10.i386.rpm     MD5: fec5f46c2f9b69a60120ac13327ba05a
SHA-256: 68b85a15a58a80ece258ce808748fdbcb297e3b5670e3b3af7ec6ea37d8d49c1
postgresql-libs-8.1.23-10.el5_10.i386.rpm     MD5: a20489206ecb17878d029a74b41e2971
SHA-256: 57ea71b9b7ae5eaae2791c77729387e00838f2bf9a6bad137db8bc2f1e1a5443
postgresql-pl-8.1.23-10.el5_10.i386.rpm     MD5: 499e565cae0882fb8ef1002d0b1bb2fc
SHA-256: 37307e862760efd356d05249bcf3945e34daf9dcb56907e072e3f690ac271666
postgresql-python-8.1.23-10.el5_10.i386.rpm     MD5: 64f5169d1fe2c816ea950362b6c834c7
SHA-256: 20ca6bbd473bd151b8c656bdd2276ba4c7bb48adfa53bc0096ad506b6f312d60
postgresql-server-8.1.23-10.el5_10.i386.rpm     MD5: 38c47e0ca8ef19399cc7fa1116b390d1
SHA-256: 11df050e97590368a61d9233bf116c4d6211ee91f451e52df9fae06c8690c5fe
postgresql-tcl-8.1.23-10.el5_10.i386.rpm     MD5: 0eb4cfeb125b274fc147c89194f2d2ff
SHA-256: e39297e6e4510c18a0ab9947931c9e9d28167f87e99c61676b25d5c915b7e229
postgresql-test-8.1.23-10.el5_10.i386.rpm     MD5: 981e6da17751f1937847519b94b22d2b
SHA-256: f8e7e2aa57e656e273dc91cefb04319e4a308841128e93e2d2f0aafb15e979ff
 
IA-64:
postgresql-8.1.23-10.el5_10.ia64.rpm     MD5: e1f1e9764e15e7540810851e0c526ada
SHA-256: 4a224d71fe66d95c30d063449f535dda4c24655c7bd3f50f24ae8b30bbc65302
postgresql-contrib-8.1.23-10.el5_10.ia64.rpm     MD5: 50f85b050d442abfe882385e940a8907
SHA-256: fb58676e987da7b0f6e28b2ea21dfd84f2225ae2fc1489cdea29744f284d9603
postgresql-debuginfo-8.1.23-10.el5_10.i386.rpm     MD5: fccc917476bce2e7c998747494e33a21
SHA-256: 01acaf67ede10747277cea95cff8b7d3cbf85555bb9db540768999e760e80a98
postgresql-debuginfo-8.1.23-10.el5_10.ia64.rpm     MD5: a7e72f2812d08bebabf14e4983540cb6
SHA-256: fe0fe73f3969ba990e39089434238e6ab2288f18cc23b34997f21033c08f3171
postgresql-devel-8.1.23-10.el5_10.ia64.rpm     MD5: 2fe0a614015b262c4c4e2a1342b69458
SHA-256: 06a2267eb56ca521ac67fb87c1c5e5347653c914fa7e3b7a94c894e4a4e539c5
postgresql-docs-8.1.23-10.el5_10.ia64.rpm     MD5: fd03bbb1bc1dbbfaf5f05e1f2115c30b
SHA-256: 3fd2527240f7d7b9a6c52d7eb65a4927f1f3eb02bc45b0e75554d5756046d989
postgresql-libs-8.1.23-10.el5_10.i386.rpm     MD5: a20489206ecb17878d029a74b41e2971
SHA-256: 57ea71b9b7ae5eaae2791c77729387e00838f2bf9a6bad137db8bc2f1e1a5443
postgresql-libs-8.1.23-10.el5_10.ia64.rpm     MD5: dde039b021b3c4399cfd408c2368c776
SHA-256: 24e595ea60de378eff139e8e0cd4ca14495847ebae4b6c314e30fc6527713346
postgresql-pl-8.1.23-10.el5_10.ia64.rpm     MD5: 271bae4230ebd6568ee003baed944925
SHA-256: 0aa4c2e6603dcaf2645bb7ff9934e51b260d1c05162d57aa94efd30e5da377f6
postgresql-python-8.1.23-10.el5_10.ia64.rpm     MD5: f564609171a9879506310c445c66a426
SHA-256: d781c764901d529d3a63b6d0aab80f8630a0f55fda2967823c629811bda9d1ba
postgresql-server-8.1.23-10.el5_10.ia64.rpm     MD5: 91b1961bdc9fb0ba4376f520198ada72
SHA-256: ecc3ed45fdd7dd06672b34429288edbf9f1f9b35cc75c3859ef5118ebea9fcbd
postgresql-tcl-8.1.23-10.el5_10.ia64.rpm     MD5: bd22eaca7c87b7d9b4424fd7d21ca6f9
SHA-256: 151e129512c9d5046907f569b25057c170b767de7ef90ef4ee7cdc7270fbabe1
postgresql-test-8.1.23-10.el5_10.ia64.rpm     MD5: 3f68164dcb9c863552ad94075686cd86
SHA-256: e9090677289121c08888a0d929fe27cc0c4dbdd26b48aa4a26ed8aba439fc8e1
 
PPC:
postgresql-8.1.23-10.el5_10.ppc.rpm     MD5: bebc59d0874d8a428d19f6a8721f31ef
SHA-256: d1bce5ad6f4552d9e2da172b4d4055804698e5d711cbf439c0e0b0cf7e8fb22b
postgresql-8.1.23-10.el5_10.ppc64.rpm     MD5: 0d8d39913dcba8dc1b57f3e250bc5bbd
SHA-256: 1082b6b25c1e085d8d5e9806e9c59d1f0dc97eb38de151c2621b4b8fb1ef1e79
postgresql-contrib-8.1.23-10.el5_10.ppc.rpm     MD5: 02dac225d7656fe0adaf0a68ceb4beb2
SHA-256: bd2007ed2f1532257944ef600a90c8f5f4ec06ef64efff2b2db77fb8e5c7f082
postgresql-debuginfo-8.1.23-10.el5_10.ppc.rpm     MD5: dae204145d79b32f43cfe30fd5d39bc2
SHA-256: bfeea907bb6aa707ccbb677e6f338ae84ce60e057c1a9e3e2f21c11fad86e4e4
postgresql-debuginfo-8.1.23-10.el5_10.ppc64.rpm     MD5: cb4bd90cffc02e8ba6a99a646be19e3f
SHA-256: ce8a854885cb1ed0d06a20b281073c6a3f0b1feb99a207bc9ceea9da64fdbeee
postgresql-devel-8.1.23-10.el5_10.ppc.rpm     MD5: a2c543877655b7509d9b67f57165d694
SHA-256: dcd152d810e4c0e2e523dfbbdb8da90dacbc40aeff154d50db79c205288dafcc
postgresql-devel-8.1.23-10.el5_10.ppc64.rpm     MD5: eccce5403b97d53045236e88ee38846c
SHA-256: 1d6caba6d329877a6c7ad5408b3f593b688998b5f54af3086a1a9304336a9ff9
postgresql-docs-8.1.23-10.el5_10.ppc.rpm     MD5: ac3b03abd3cf629f01e29c9e5b121df3
SHA-256: 6de9dac0279bc295513de01d8ebd678d4534748fcd036f7a6b9d9f1a3798ee1a
postgresql-libs-8.1.23-10.el5_10.ppc.rpm     MD5: 91a775a1eca92336d911c6d1cadba5cd
SHA-256: 66f7068c05253d3d05e45003cb25a5922c645466e874e74598094595c56ddd69
postgresql-libs-8.1.23-10.el5_10.ppc64.rpm     MD5: a3aca9fa771219764e93702497a42362
SHA-256: 643ae405e6f676a0a98a6330b097bfdc181520e26fd500714bf1fc1c5c3a7f1b
postgresql-pl-8.1.23-10.el5_10.ppc.rpm     MD5: 83c406b1fb60cd60887d35555f19a36c
SHA-256: 9162a0be7c6fc869242977037fac13ddc43dbc04e37433d6d493ff88c6e35ff9
postgresql-python-8.1.23-10.el5_10.ppc.rpm     MD5: 4f52ce49acf8418fff2d4d81808e877a
SHA-256: c2ed0d87c874947cd2baabc29ec9b269f1c24e98d4b384551e83644f9b90b443
postgresql-server-8.1.23-10.el5_10.ppc.rpm     MD5: 711e64b0ee942351e034f09e283fc44f
SHA-256: 18bb48bc61e80098e3e1b4d3e334f422072d92d5cfdf6036a543c4cb1c6f46f3
postgresql-tcl-8.1.23-10.el5_10.ppc.rpm     MD5: bc970c90c40db01ab7b308732c509c90
SHA-256: e664aae7f8e2db349e5cefe52ceeefa7090e1b9622299fb4c640932a927a7e4f
postgresql-test-8.1.23-10.el5_10.ppc.rpm     MD5: 20895dadaa54146e0b960a21d9991a26
SHA-256: f639cae4f40ba29a63825c0b75128a3921b5659fe775ce4bf54651784bea092f
 
s390x:
postgresql-8.1.23-10.el5_10.s390x.rpm     MD5: 17841af110680e06d0226e136014139f
SHA-256: 01e49fdd88c989cb0f5db2969fd96e0cda85409681e7916baa62155bf9b12ede
postgresql-contrib-8.1.23-10.el5_10.s390x.rpm     MD5: 4fa88838fdc998077473766dfc41efd3
SHA-256: 0181b07828d71fdacc77f5bf805123b645fad189a365211851c8d379bfa9196a
postgresql-debuginfo-8.1.23-10.el5_10.s390.rpm     MD5: edfd2c57b0ad25d60cbad8f5b1309f72
SHA-256: 6b191eeb66803d998ec325330c3b88f83f04f7a99ac1ece5ce3165a4db1f26f8
postgresql-debuginfo-8.1.23-10.el5_10.s390x.rpm     MD5: 7ed69be34156aa21ec3fc50f82671258
SHA-256: 730a90cc0212f2d05f6b68179c3f978973de924e5197ced323d6e14db90f3d29
postgresql-devel-8.1.23-10.el5_10.s390.rpm     MD5: 4ecee37263e140e7f9f76ce6c67bac55
SHA-256: db549d60d5c735f448d52539bc3f358a6605ece3d1f9e7e05d844f25d40e2c09
postgresql-devel-8.1.23-10.el5_10.s390x.rpm     MD5: 8b17b5eba16f3f5d6b7e1ab1b16feeae
SHA-256: 42a81f4ac001f3d2d48c4d072f0fbdfa2eb42b5a5775c846ee6c11a870ae35ea
postgresql-docs-8.1.23-10.el5_10.s390x.rpm     MD5: a715913ef57ca001b12ee0ba96524f75
SHA-256: 32351383bdef35ba821cb6e731baf05bf5664a6974ee723a3b7adf3cc81481b0
postgresql-libs-8.1.23-10.el5_10.s390.rpm     MD5: 941c9ed76391a3f29d1d9ffefd083a08
SHA-256: 001477de9e13a9c864a5827638dca19e01b304ebceac191a977cfe5cbf5e897f
postgresql-libs-8.1.23-10.el5_10.s390x.rpm     MD5: 841da5432837af4a8b19f0ca4fc83fbb
SHA-256: 4857b1952ab7ba9483f600e85071040397cdc8a76db968242c6919d4e097b0e5
postgresql-pl-8.1.23-10.el5_10.s390x.rpm     MD5: 8ae4bdea23d0e22dfcaa565437373fa9
SHA-256: abfe0a708a19d9253b269903d4fa7f22e3649dcb4873a433c62925479e967ad8
postgresql-python-8.1.23-10.el5_10.s390x.rpm     MD5: 25b061ed72cbbecc5477bfc2b5e920c2
SHA-256: 4dee6ff1006250916d283295e25500a0500b5736e28ad2028c6a80968dd58058
postgresql-server-8.1.23-10.el5_10.s390x.rpm     MD5: 1d2f30356decc8e370e4e64f4ac109b4
SHA-256: 0312d3305c5667f0a942b6d164cb19e60a3ea48459ae4571e4d2463d1c799625
postgresql-tcl-8.1.23-10.el5_10.s390x.rpm     MD5: 44c29d4d66d9b4e2a9d308e8cfaad119
SHA-256: 877675bfe83957f84fa4a5647b53878765513476b7a58a3fbfeaf33c32d32033
postgresql-test-8.1.23-10.el5_10.s390x.rpm     MD5: 441349fa672bf46b5e22b34bed15e203
SHA-256: bc6de0942d2bacc3a7fcd47db9b4347307fc1c428cc5109b79731afbd70082d2
 
x86_64:
postgresql-8.1.23-10.el5_10.x86_64.rpm     MD5: e96db4fef479983ea499c3a4d889883c
SHA-256: 3edb4de8af62f459316db2e61e975571ca0c44e0a535af18937ba8789db92021
postgresql-contrib-8.1.23-10.el5_10.x86_64.rpm     MD5: 512693c38d90e8d5cb64cc8bc4cb88d2
SHA-256: 91dcba4909d6dd5ca4cc8797ddd85fc52994cf8c22a25f4a7725e3f9e1fb8bf6
postgresql-debuginfo-8.1.23-10.el5_10.i386.rpm     MD5: fccc917476bce2e7c998747494e33a21
SHA-256: 01acaf67ede10747277cea95cff8b7d3cbf85555bb9db540768999e760e80a98
postgresql-debuginfo-8.1.23-10.el5_10.x86_64.rpm     MD5: c07053700dfc9d3e9998a36be93ce9dc
SHA-256: eea50fb54f47dcb8f36e9875cbb18c1dd7581bee11b81d6907185ed33849a5e0
postgresql-devel-8.1.23-10.el5_10.i386.rpm     MD5: 695e58246fc9909aee4a51f8c044b6ec
SHA-256: 08b31850a464beba946510f0353ce519b7fcabef094c10852233be819f13d210
postgresql-devel-8.1.23-10.el5_10.x86_64.rpm     MD5: 92755e30cbfd769fcc5dd7a763dd62b4
SHA-256: 6cdd59febc2bd1c140dffb21b345adcdbbcfb6f9b0c1b2bc8361c0a752b70d66
postgresql-docs-8.1.23-10.el5_10.x86_64.rpm     MD5: 090c668a7e694722869bc3a8febd8202
SHA-256: 1c44a9ec3e0b67e290dc33f89deac488beb34411341aa84772c0a119522f0860
postgresql-libs-8.1.23-10.el5_10.i386.rpm     MD5: a20489206ecb17878d029a74b41e2971
SHA-256: 57ea71b9b7ae5eaae2791c77729387e00838f2bf9a6bad137db8bc2f1e1a5443
postgresql-libs-8.1.23-10.el5_10.x86_64.rpm     MD5: c03023133f4a375577798f19cebc5192
SHA-256: 7059ebaa368b44530e3a8860696619b57c47f0ec5c48c298a5bdaa5ef5addccf
postgresql-pl-8.1.23-10.el5_10.x86_64.rpm     MD5: bfc0ec21a22cfc0fa94a8df0c0e2416d
SHA-256: 4efeb4e01abe33774b29d896e62a0630c0286acd005d74db63667a9c05e11800
postgresql-python-8.1.23-10.el5_10.x86_64.rpm     MD5: acef5f68c1b969032c48a13bf7411a43
SHA-256: c2bd2536a89bea4989557067832d6c7fa11e812e0d0dfdd073f4b652e6ac32fc
postgresql-server-8.1.23-10.el5_10.x86_64.rpm     MD5: 7cd6a5f73257cdebb397cd1569e78630
SHA-256: a9333abaae5452b545e6b53a1b0841798a10cf038601fa0fd16e832536f2dcf5
postgresql-tcl-8.1.23-10.el5_10.x86_64.rpm     MD5: 387c26d9fe608a15d2a2ef2424e2c7be
SHA-256: 8be05bff9cd4814b72f5783b3f1cef0468da389ce2e0a64143d840e03f059eb7
postgresql-test-8.1.23-10.el5_10.x86_64.rpm     MD5: c1182660ff643d35504ba3dec203db16
SHA-256: 9865f2dda286fd700df260b362e84fa75806ce8dcfcaf19b6d275161fd09fa57
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
postgresql-8.1.23-10.el5_10.src.rpm     MD5: fab2fdc4e6e0345aff9e66c175c71228
SHA-256: 8af46074ad3f4bc0acbfe39ae1d35875a474f4bb2888d1fa68fc34f9c5c652f0
 
IA-32:
postgresql-8.1.23-10.el5_10.i386.rpm     MD5: 3aa3da94ab2754c1a2ee7cf28a984f94
SHA-256: 65c2dacf4ca3e3c1808e41a0445c2e903a74f68065255d20ff08b141caf2b8e2
postgresql-contrib-8.1.23-10.el5_10.i386.rpm     MD5: beaca0ff712784bb4e4d4e26708bc155
SHA-256: dcf7b4237ae3604a179a3d81d8724b9eda252ca6b99368ff264dfc51cf081474
postgresql-debuginfo-8.1.23-10.el5_10.i386.rpm     MD5: fccc917476bce2e7c998747494e33a21
SHA-256: 01acaf67ede10747277cea95cff8b7d3cbf85555bb9db540768999e760e80a98
postgresql-docs-8.1.23-10.el5_10.i386.rpm     MD5: fec5f46c2f9b69a60120ac13327ba05a
SHA-256: 68b85a15a58a80ece258ce808748fdbcb297e3b5670e3b3af7ec6ea37d8d49c1
postgresql-libs-8.1.23-10.el5_10.i386.rpm     MD5: a20489206ecb17878d029a74b41e2971
SHA-256: 57ea71b9b7ae5eaae2791c77729387e00838f2bf9a6bad137db8bc2f1e1a5443
postgresql-python-8.1.23-10.el5_10.i386.rpm     MD5: 64f5169d1fe2c816ea950362b6c834c7
SHA-256: 20ca6bbd473bd151b8c656bdd2276ba4c7bb48adfa53bc0096ad506b6f312d60
postgresql-tcl-8.1.23-10.el5_10.i386.rpm     MD5: 0eb4cfeb125b274fc147c89194f2d2ff
SHA-256: e39297e6e4510c18a0ab9947931c9e9d28167f87e99c61676b25d5c915b7e229
 
x86_64:
postgresql-8.1.23-10.el5_10.x86_64.rpm     MD5: e96db4fef479983ea499c3a4d889883c
SHA-256: 3edb4de8af62f459316db2e61e975571ca0c44e0a535af18937ba8789db92021
postgresql-contrib-8.1.23-10.el5_10.x86_64.rpm     MD5: 512693c38d90e8d5cb64cc8bc4cb88d2
SHA-256: 91dcba4909d6dd5ca4cc8797ddd85fc52994cf8c22a25f4a7725e3f9e1fb8bf6
postgresql-debuginfo-8.1.23-10.el5_10.i386.rpm     MD5: fccc917476bce2e7c998747494e33a21
SHA-256: 01acaf67ede10747277cea95cff8b7d3cbf85555bb9db540768999e760e80a98
postgresql-debuginfo-8.1.23-10.el5_10.x86_64.rpm     MD5: c07053700dfc9d3e9998a36be93ce9dc
SHA-256: eea50fb54f47dcb8f36e9875cbb18c1dd7581bee11b81d6907185ed33849a5e0
postgresql-docs-8.1.23-10.el5_10.x86_64.rpm     MD5: 090c668a7e694722869bc3a8febd8202
SHA-256: 1c44a9ec3e0b67e290dc33f89deac488beb34411341aa84772c0a119522f0860
postgresql-libs-8.1.23-10.el5_10.i386.rpm     MD5: a20489206ecb17878d029a74b41e2971
SHA-256: 57ea71b9b7ae5eaae2791c77729387e00838f2bf9a6bad137db8bc2f1e1a5443
postgresql-libs-8.1.23-10.el5_10.x86_64.rpm     MD5: c03023133f4a375577798f19cebc5192
SHA-256: 7059ebaa368b44530e3a8860696619b57c47f0ec5c48c298a5bdaa5ef5addccf
postgresql-python-8.1.23-10.el5_10.x86_64.rpm     MD5: acef5f68c1b969032c48a13bf7411a43
SHA-256: c2bd2536a89bea4989557067832d6c7fa11e812e0d0dfdd073f4b652e6ac32fc
postgresql-tcl-8.1.23-10.el5_10.x86_64.rpm     MD5: 387c26d9fe608a15d2a2ef2424e2c7be
SHA-256: 8be05bff9cd4814b72f5783b3f1cef0468da389ce2e0a64143d840e03f059eb7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1065219 - CVE-2014-0060 postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members
1065220 - CVE-2014-0061 postgresql: privilege escalation via procedural language validator functions
1065222 - CVE-2014-0062 postgresql: CREATE INDEX race condition possibly leading to privilege escalation
1065226 - CVE-2014-0063 postgresql: stack-based buffer overflow in datetime input/output
1065230 - CVE-2014-0064 postgresql: integer overflows leading to buffer overflows
1065235 - CVE-2014-0065 postgresql: possible buffer overflow flaws
1065236 - CVE-2014-0066 postgresql: NULL pointer dereference


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/