Red Hat 9042 Published by

Updated rh-postgresql packages are available for Red Hat Enterprise Linux 3

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated rh-postgresql packages
Advisory ID: RHSA-2004:489-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2004-489.html
Issue date: 2004-12-20
Updated on: 2004-12-20
Product: Red Hat Enterprise Linux
Keywords: PostgreSQL
Obsoletes: RHBA-2004:307
CVE Names: CAN-2004-0977
----------------------------------------------------------------------

1. Summary:

Updated rh-postgresql packages that fix various bugs are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64



3. Problem description:

PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects, and user-defined types and functions).

Trustix has identified improper temporary file usage in the make_oidjoins_check script. It is possible that an attacker could overwrite arbitrary file contents as the user running the make_oidjoins_check script. This script has been removed from the RPM file since it has no use to ordinary users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0977 to this issue.

Additionally, the following non-security issues have been addressed:

- - Fixed a low probability risk for loss of recently committed transactions.

- - Fixed a low probability risk for loss of older data due to failure to update transaction status.

- - A lock file problem that sometimes prevented automatic restart after a system crash has been fixed.

All users of rh-postgresql should upgrade to these updated packages, which resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/):

130814 - PostgreSQL can lose committed transactions
130989 - a bug in rh-postgresql.spec file
134090 - Postgres's init script does not remove stale PID file
136300 - CAN-2004-0977 temporary file vulnerabilities in make_oidjoins_check script
136949 - PostgreSQL data loss risk and minor security issues

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/rh-postgresql-7.3.8-2.src.rpm
b6f78f4d007ff34fd27c73e8e2184b9a rh-postgresql-7.3.8-2.src.rpm

i386:
9a8e4fab3fefaa9c62adffab85d7f9dd rh-postgresql-7.3.8-2.i386.rpm
cbe1191f0e15417f42bd63ae30ccd3e5 rh-postgresql-contrib-7.3.8-2.i386.rpm
9555acf13b8ebf18dfb481cd5c6f99c1 rh-postgresql-devel-7.3.8-2.i386.rpm
dbe30f5c7d8a9dd83090857800ce4a62 rh-postgresql-docs-7.3.8-2.i386.rpm
e011a190a43641d139052255b6b3727b rh-postgresql-jdbc-7.3.8-2.i386.rpm
7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm
0365a7e9e9afe7a21d3479175ede1194 rh-postgresql-pl-7.3.8-2.i386.rpm
ba83c9b6005800cb36e31d789aea1003 rh-postgresql-python-7.3.8-2.i386.rpm
f695cfb3138039e3bfce6191d2eedba7 rh-postgresql-server-7.3.8-2.i386.rpm
a894286bfd45da019bd2f083c510c013 rh-postgresql-tcl-7.3.8-2.i386.rpm
ba1a9a7eafd9f54d5da3be6477afa91b rh-postgresql-test-7.3.8-2.i386.rpm

ia64:
b81fe8a042275a6eae8e019ed024bb52 rh-postgresql-7.3.8-2.ia64.rpm
44617417c491cd9618414cdedfad7704 rh-postgresql-contrib-7.3.8-2.ia64.rpm
d68d98d887e03743fa57c479465a2378 rh-postgresql-devel-7.3.8-2.ia64.rpm
d0f30ecba82ffbb20c9d5b5381e82697 rh-postgresql-docs-7.3.8-2.ia64.rpm
27dc30c3cf876227812759044db25829 rh-postgresql-jdbc-7.3.8-2.ia64.rpm
8f82413ed98614887bf84b90705e5f9b rh-postgresql-libs-7.3.8-2.ia64.rpm
7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm
b7c203dbbb7339d038d66e857bc3d4b9 rh-postgresql-pl-7.3.8-2.ia64.rpm
7ace5c441704b85d292405139b8cc322 rh-postgresql-python-7.3.8-2.ia64.rpm
ff98fdfb1d3bd314b3531ece1ee1914c rh-postgresql-server-7.3.8-2.ia64.rpm
6b8d0f1eaef081197b2c9206641fba8f rh-postgresql-tcl-7.3.8-2.ia64.rpm
80603313ddbdd0615de272825c4563ff rh-postgresql-test-7.3.8-2.ia64.rpm

ppc:
61cb8351f26b2d2cb1c67d35b4d54aa5 rh-postgresql-7.3.8-2.ppc.rpm
7d85d7aa8f268df2c17e1031070bb4f3 rh-postgresql-contrib-7.3.8-2.ppc.rpm
2fb726274c0ef0efd3edd3c3d09907d6 rh-postgresql-devel-7.3.8-2.ppc.rpm
78b2859d5bfd196e6b7de7bf0f4b8edd rh-postgresql-docs-7.3.8-2.ppc.rpm
77a4a4438201e52c2655c89cf93d8c2e rh-postgresql-jdbc-7.3.8-2.ppc.rpm
bfe513f316461b70e6f16e55a7239983 rh-postgresql-libs-7.3.8-2.ppc.rpm
ec6ecaecc2fad7f89fc4f252d38d0768 rh-postgresql-pl-7.3.8-2.ppc.rpm
c5d1fa31dba46003b6a1a45edd2f9a9b rh-postgresql-python-7.3.8-2.ppc.rpm
f4784bf0163b4d4d323989241049d851 rh-postgresql-server-7.3.8-2.ppc.rpm
3a806dbdaa439256b157b8405df94eb3 rh-postgresql-tcl-7.3.8-2.ppc.rpm
038f122dbc33dec81fe277d8b1fc87ed rh-postgresql-test-7.3.8-2.ppc.rpm

ppc64:
1948dd5f3925216c7ecea6bc424b288f rh-postgresql-libs-7.3.8-2.ppc64.rpm

s390:
3ec831b0bf766b9dd9880cd144e0b732 rh-postgresql-7.3.8-2.s390.rpm
5c918ccf8bdb5b5d7480ed17c1273b5f rh-postgresql-contrib-7.3.8-2.s390.rpm
f5237ab51b6eb4b3da36adc42ea16bcd rh-postgresql-devel-7.3.8-2.s390.rpm
90fc27be8ac2c65ebd7668f53276b260 rh-postgresql-docs-7.3.8-2.s390.rpm
06367e3e830c62c8afd9afca9ae99d33 rh-postgresql-jdbc-7.3.8-2.s390.rpm
1aff1b96a8d94965a12a4c9bfbbe9a11 rh-postgresql-libs-7.3.8-2.s390.rpm
644b0b229a2916b59aca7fa543e605d3 rh-postgresql-pl-7.3.8-2.s390.rpm
db08ba50321ae2ecc185b290ea36a39d rh-postgresql-python-7.3.8-2.s390.rpm
bf664bf955832af93ff862d2488db4bf rh-postgresql-server-7.3.8-2.s390.rpm
4c6e9bccebbb29c5767d4ab8172b8b55 rh-postgresql-tcl-7.3.8-2.s390.rpm
12ac81c2da135e94e9619dc71174e541 rh-postgresql-test-7.3.8-2.s390.rpm

s390x:
0fb9269140c52e80cec05f2bac2c5a45 rh-postgresql-7.3.8-2.s390x.rpm
0c9c9f6dbb68b3d637948444a57d7d9f rh-postgresql-contrib-7.3.8-2.s390x.rpm
8136241175742881a571681e8fb38418 rh-postgresql-devel-7.3.8-2.s390x.rpm
c7fdd00fc81c887cf06761366a854863 rh-postgresql-docs-7.3.8-2.s390x.rpm
0e013178fd4bfad778a346a6386d7fae rh-postgresql-jdbc-7.3.8-2.s390x.rpm
8d840586780a5443ee055c578f1cafea rh-postgresql-libs-7.3.8-2.s390x.rpm
1aff1b96a8d94965a12a4c9bfbbe9a11 rh-postgresql-libs-7.3.8-2.s390.rpm
42b5090143b89c99de862a1f43abdc19 rh-postgresql-pl-7.3.8-2.s390x.rpm
5d6925405e6086946e4ba18330f2542e rh-postgresql-python-7.3.8-2.s390x.rpm
cdd8ffee22bee31625edde4d78726bc3 rh-postgresql-server-7.3.8-2.s390x.rpm
9a1928941441bcfec612b8f529323389 rh-postgresql-tcl-7.3.8-2.s390x.rpm
0311161816e1c56ff87b8bb606865a70 rh-postgresql-test-7.3.8-2.s390x.rpm

x86_64:
58be01e12b8b73f6c7d986f085308b6f rh-postgresql-7.3.8-2.x86_64.rpm
97052514a167a5f2e177b1789ea42104 rh-postgresql-contrib-7.3.8-2.x86_64.rpm
52f4461df7735a5e617e917b406ce1fd rh-postgresql-devel-7.3.8-2.x86_64.rpm
dc3d6f4246ca53d9d5b9a7c67c2bcadf rh-postgresql-docs-7.3.8-2.x86_64.rpm
dca39c461cf73431984b28b304fa2584 rh-postgresql-jdbc-7.3.8-2.x86_64.rpm
4594237703b5e15de4219c3d7a6cf88f rh-postgresql-libs-7.3.8-2.x86_64.rpm
7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm
01bf5f97411d52a80f569c711c8631a0 rh-postgresql-pl-7.3.8-2.x86_64.rpm
0867682b553bf2a4f97bf4df13472f52 rh-postgresql-python-7.3.8-2.x86_64.rpm
c3bce4b8c1f3725f1ea74ac05c1bc0bd rh-postgresql-server-7.3.8-2.x86_64.rpm
d33a6dbd447e819993fb93d48e2429bd rh-postgresql-tcl-7.3.8-2.x86_64.rpm
24b8957973eb0ea8855318e70fc36286 rh-postgresql-test-7.3.8-2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/rh-postgresql-7.3.8-2.src.rpm
b6f78f4d007ff34fd27c73e8e2184b9a rh-postgresql-7.3.8-2.src.rpm

i386:
9a8e4fab3fefaa9c62adffab85d7f9dd rh-postgresql-7.3.8-2.i386.rpm
cbe1191f0e15417f42bd63ae30ccd3e5 rh-postgresql-contrib-7.3.8-2.i386.rpm
9555acf13b8ebf18dfb481cd5c6f99c1 rh-postgresql-devel-7.3.8-2.i386.rpm
dbe30f5c7d8a9dd83090857800ce4a62 rh-postgresql-docs-7.3.8-2.i386.rpm
e011a190a43641d139052255b6b3727b rh-postgresql-jdbc-7.3.8-2.i386.rpm
7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm
0365a7e9e9afe7a21d3479175ede1194 rh-postgresql-pl-7.3.8-2.i386.rpm
ba83c9b6005800cb36e31d789aea1003 rh-postgresql-python-7.3.8-2.i386.rpm
f695cfb3138039e3bfce6191d2eedba7 rh-postgresql-server-7.3.8-2.i386.rpm
a894286bfd45da019bd2f083c510c013 rh-postgresql-tcl-7.3.8-2.i386.rpm
ba1a9a7eafd9f54d5da3be6477afa91b rh-postgresql-test-7.3.8-2.i386.rpm

x86_64:
58be01e12b8b73f6c7d986f085308b6f rh-postgresql-7.3.8-2.x86_64.rpm
97052514a167a5f2e177b1789ea42104 rh-postgresql-contrib-7.3.8-2.x86_64.rpm
52f4461df7735a5e617e917b406ce1fd rh-postgresql-devel-7.3.8-2.x86_64.rpm
dc3d6f4246ca53d9d5b9a7c67c2bcadf rh-postgresql-docs-7.3.8-2.x86_64.rpm
dca39c461cf73431984b28b304fa2584 rh-postgresql-jdbc-7.3.8-2.x86_64.rpm
4594237703b5e15de4219c3d7a6cf88f rh-postgresql-libs-7.3.8-2.x86_64.rpm
7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm
01bf5f97411d52a80f569c711c8631a0 rh-postgresql-pl-7.3.8-2.x86_64.rpm
0867682b553bf2a4f97bf4df13472f52 rh-postgresql-python-7.3.8-2.x86_64.rpm
c3bce4b8c1f3725f1ea74ac05c1bc0bd rh-postgresql-server-7.3.8-2.x86_64.rpm
d33a6dbd447e819993fb93d48e2429bd rh-postgresql-tcl-7.3.8-2.x86_64.rpm
24b8957973eb0ea8855318e70fc36286 rh-postgresql-test-7.3.8-2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/rh-postgresql-7.3.8-2.src.rpm
b6f78f4d007ff34fd27c73e8e2184b9a rh-postgresql-7.3.8-2.src.rpm

i386:
9a8e4fab3fefaa9c62adffab85d7f9dd rh-postgresql-7.3.8-2.i386.rpm
cbe1191f0e15417f42bd63ae30ccd3e5 rh-postgresql-contrib-7.3.8-2.i386.rpm
9555acf13b8ebf18dfb481cd5c6f99c1 rh-postgresql-devel-7.3.8-2.i386.rpm
dbe30f5c7d8a9dd83090857800ce4a62 rh-postgresql-docs-7.3.8-2.i386.rpm
e011a190a43641d139052255b6b3727b rh-postgresql-jdbc-7.3.8-2.i386.rpm
7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm
0365a7e9e9afe7a21d3479175ede1194 rh-postgresql-pl-7.3.8-2.i386.rpm
ba83c9b6005800cb36e31d789aea1003 rh-postgresql-python-7.3.8-2.i386.rpm
f695cfb3138039e3bfce6191d2eedba7 rh-postgresql-server-7.3.8-2.i386.rpm
a894286bfd45da019bd2f083c510c013 rh-postgresql-tcl-7.3.8-2.i386.rpm
ba1a9a7eafd9f54d5da3be6477afa91b rh-postgresql-test-7.3.8-2.i386.rpm

ia64:
b81fe8a042275a6eae8e019ed024bb52 rh-postgresql-7.3.8-2.ia64.rpm
44617417c491cd9618414cdedfad7704 rh-postgresql-contrib-7.3.8-2.ia64.rpm
d68d98d887e03743fa57c479465a2378 rh-postgresql-devel-7.3.8-2.ia64.rpm
d0f30ecba82ffbb20c9d5b5381e82697 rh-postgresql-docs-7.3.8-2.ia64.rpm
27dc30c3cf876227812759044db25829 rh-postgresql-jdbc-7.3.8-2.ia64.rpm
8f82413ed98614887bf84b90705e5f9b rh-postgresql-libs-7.3.8-2.ia64.rpm
7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm
b7c203dbbb7339d038d66e857bc3d4b9 rh-postgresql-pl-7.3.8-2.ia64.rpm
7ace5c441704b85d292405139b8cc322 rh-postgresql-python-7.3.8-2.ia64.rpm
ff98fdfb1d3bd314b3531ece1ee1914c rh-postgresql-server-7.3.8-2.ia64.rpm
6b8d0f1eaef081197b2c9206641fba8f rh-postgresql-tcl-7.3.8-2.ia64.rpm
80603313ddbdd0615de272825c4563ff rh-postgresql-test-7.3.8-2.ia64.rpm

x86_64:
58be01e12b8b73f6c7d986f085308b6f rh-postgresql-7.3.8-2.x86_64.rpm
97052514a167a5f2e177b1789ea42104 rh-postgresql-contrib-7.3.8-2.x86_64.rpm
52f4461df7735a5e617e917b406ce1fd rh-postgresql-devel-7.3.8-2.x86_64.rpm
dc3d6f4246ca53d9d5b9a7c67c2bcadf rh-postgresql-docs-7.3.8-2.x86_64.rpm
dca39c461cf73431984b28b304fa2584 rh-postgresql-jdbc-7.3.8-2.x86_64.rpm
4594237703b5e15de4219c3d7a6cf88f rh-postgresql-libs-7.3.8-2.x86_64.rpm
7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm
01bf5f97411d52a80f569c711c8631a0 rh-postgresql-pl-7.3.8-2.x86_64.rpm
0867682b553bf2a4f97bf4df13472f52 rh-postgresql-python-7.3.8-2.x86_64.rpm
c3bce4b8c1f3725f1ea74ac05c1bc0bd rh-postgresql-server-7.3.8-2.x86_64.rpm
d33a6dbd447e819993fb93d48e2429bd rh-postgresql-tcl-7.3.8-2.x86_64.rpm
24b8957973eb0ea8855318e70fc36286 rh-postgresql-test-7.3.8-2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/rh-postgresql-7.3.8-2.src.rpm
b6f78f4d007ff34fd27c73e8e2184b9a rh-postgresql-7.3.8-2.src.rpm

i386:
9a8e4fab3fefaa9c62adffab85d7f9dd rh-postgresql-7.3.8-2.i386.rpm
cbe1191f0e15417f42bd63ae30ccd3e5 rh-postgresql-contrib-7.3.8-2.i386.rpm
9555acf13b8ebf18dfb481cd5c6f99c1 rh-postgresql-devel-7.3.8-2.i386.rpm
dbe30f5c7d8a9dd83090857800ce4a62 rh-postgresql-docs-7.3.8-2.i386.rpm
e011a190a43641d139052255b6b3727b rh-postgresql-jdbc-7.3.8-2.i386.rpm
7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm
0365a7e9e9afe7a21d3479175ede1194 rh-postgresql-pl-7.3.8-2.i386.rpm
ba83c9b6005800cb36e31d789aea1003 rh-postgresql-python-7.3.8-2.i386.rpm
f695cfb3138039e3bfce6191d2eedba7 rh-postgresql-server-7.3.8-2.i386.rpm
a894286bfd45da019bd2f083c510c013 rh-postgresql-tcl-7.3.8-2.i386.rpm
ba1a9a7eafd9f54d5da3be6477afa91b rh-postgresql-test-7.3.8-2.i386.rpm

ia64:
b81fe8a042275a6eae8e019ed024bb52 rh-postgresql-7.3.8-2.ia64.rpm
44617417c491cd9618414cdedfad7704 rh-postgresql-contrib-7.3.8-2.ia64.rpm
d68d98d887e03743fa57c479465a2378 rh-postgresql-devel-7.3.8-2.ia64.rpm
d0f30ecba82ffbb20c9d5b5381e82697 rh-postgresql-docs-7.3.8-2.ia64.rpm
27dc30c3cf876227812759044db25829 rh-postgresql-jdbc-7.3.8-2.ia64.rpm
8f82413ed98614887bf84b90705e5f9b rh-postgresql-libs-7.3.8-2.ia64.rpm
7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm
b7c203dbbb7339d038d66e857bc3d4b9 rh-postgresql-pl-7.3.8-2.ia64.rpm
7ace5c441704b85d292405139b8cc322 rh-postgresql-python-7.3.8-2.ia64.rpm
ff98fdfb1d3bd314b3531ece1ee1914c rh-postgresql-server-7.3.8-2.ia64.rpm
6b8d0f1eaef081197b2c9206641fba8f rh-postgresql-tcl-7.3.8-2.ia64.rpm
80603313ddbdd0615de272825c4563ff rh-postgresql-test-7.3.8-2.ia64.rpm

x86_64:
58be01e12b8b73f6c7d986f085308b6f rh-postgresql-7.3.8-2.x86_64.rpm
97052514a167a5f2e177b1789ea42104 rh-postgresql-contrib-7.3.8-2.x86_64.rpm
52f4461df7735a5e617e917b406ce1fd rh-postgresql-devel-7.3.8-2.x86_64.rpm
dc3d6f4246ca53d9d5b9a7c67c2bcadf rh-postgresql-docs-7.3.8-2.x86_64.rpm
dca39c461cf73431984b28b304fa2584 rh-postgresql-jdbc-7.3.8-2.x86_64.rpm
4594237703b5e15de4219c3d7a6cf88f rh-postgresql-libs-7.3.8-2.x86_64.rpm
7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm
01bf5f97411d52a80f569c711c8631a0 rh-postgresql-pl-7.3.8-2.x86_64.rpm
0867682b553bf2a4f97bf4df13472f52 rh-postgresql-python-7.3.8-2.x86_64.rpm
c3bce4b8c1f3725f1ea74ac05c1bc0bd rh-postgresql-server-7.3.8-2.x86_64.rpm
d33a6dbd447e819993fb93d48e2429bd rh-postgresql-tcl-7.3.8-2.x86_64.rpm
24b8957973eb0ea8855318e70fc36286 rh-postgresql-test-7.3.8-2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0977

8. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2004 Red Hat, Inc.