Red Hat 9037 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: postgresql security update
Advisory ID: RHSA-2007:0068-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0068.html
Issue date: 2007-03-14
Updated on: 2007-03-14
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-5540 CVE-2006-5541 CVE-2006-5542
CVE-2007-0555 CVE-2007-0556
- ---------------------------------------------------------------------

1. Summary:

Updated postgresql packages that fix several security issues are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

PostgreSQL is an advanced Object-Relational database management system
(DBMS).

Two flaws were found in the way the PostgreSQL server handles certain
SQL-language functions. An authenticated user could execute a sequence of
commands which could crash the PostgreSQL server or possibly read from
arbitrary memory locations. A user would need to have permissions to drop
and add database tables to be able to exploit these issues (CVE-2007-0555,
CVE-2007-0556).

Several denial of service flaws were found in the PostgreSQL server. An
authenticated user could execute certain SQL commands which could crash the
PostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542).

Users of PostgreSQL should upgrade to these updated packages containing
PostgreSQL version 8.1.8 which corrects these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188


5. Bug IDs fixed (http://bugzilla.redhat.com/):

216411 - CVE-2006-5540 New version fixes three different crash vulnerabilities (CVE-2006-5541 CVE-2006-5542)
225496 - CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556)
227688 - Attribute type error when updating varchar column

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.8-1.el5.src.rpm
cbe3803061100a0e21ae2fd662fa7eec postgresql-8.1.8-1.el5.src.rpm

i386:
b6db34e9da1560e8d87418b71316488b postgresql-8.1.8-1.el5.i386.rpm
ab9966173a10d19568e58e18b1ea0f14 postgresql-contrib-8.1.8-1.el5.i386.rpm
1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm
09ea8f2dd49c03f536e55fe71cbfb765 postgresql-docs-8.1.8-1.el5.i386.rpm
4aa40a7562d94ff450525f5180e62634 postgresql-libs-8.1.8-1.el5.i386.rpm
ef42f820e437712576af6a360c96dca9 postgresql-python-8.1.8-1.el5.i386.rpm
a353d60a9972b8bbc04c81629776fe8e postgresql-tcl-8.1.8-1.el5.i386.rpm

x86_64:
71580dff758d16cb17f2e8eb35e753fa postgresql-8.1.8-1.el5.x86_64.rpm
757e8ddce97ada5ac9b60c2d464e2482 postgresql-contrib-8.1.8-1.el5.x86_64.rpm
1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm
1d3eaf63b87efaec54bb380faa0b6af8 postgresql-debuginfo-8.1.8-1.el5.x86_64.rpm
e41349d11f081cc57019c748e4a4575a postgresql-docs-8.1.8-1.el5.x86_64.rpm
4aa40a7562d94ff450525f5180e62634 postgresql-libs-8.1.8-1.el5.i386.rpm
efe6c80e7a5e02930f7caba1aa85f958 postgresql-libs-8.1.8-1.el5.x86_64.rpm
7ca63d34b6c49493b8649f9513002bc9 postgresql-python-8.1.8-1.el5.x86_64.rpm
45685367b978f4994a0537cc883eba06 postgresql-tcl-8.1.8-1.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.8-1.el5.src.rpm
cbe3803061100a0e21ae2fd662fa7eec postgresql-8.1.8-1.el5.src.rpm

i386:
1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm
050dc905b012d3bb37aebeb0b35b28f3 postgresql-devel-8.1.8-1.el5.i386.rpm
637dc59b580445b6d75aea8f39afd485 postgresql-pl-8.1.8-1.el5.i386.rpm
5c936348ca2b124bdc3fb1e71148a596 postgresql-server-8.1.8-1.el5.i386.rpm
5a97f19a7f509c5497cc6cb80dc4509b postgresql-test-8.1.8-1.el5.i386.rpm

x86_64:
1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm
1d3eaf63b87efaec54bb380faa0b6af8 postgresql-debuginfo-8.1.8-1.el5.x86_64.rpm
050dc905b012d3bb37aebeb0b35b28f3 postgresql-devel-8.1.8-1.el5.i386.rpm
7aaa7f414d6e671f4968794850335fad postgresql-devel-8.1.8-1.el5.x86_64.rpm
aa5b02ec78b80e448a372148dea67b7d postgresql-pl-8.1.8-1.el5.x86_64.rpm
bb0db5228c0a8ce2eb3041964221d55e postgresql-server-8.1.8-1.el5.x86_64.rpm
02ed854afee1e8a3ea80c6e22d04e046 postgresql-test-8.1.8-1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postgresql-8.1.8-1.el5.src.rpm
cbe3803061100a0e21ae2fd662fa7eec postgresql-8.1.8-1.el5.src.rpm

i386:
b6db34e9da1560e8d87418b71316488b postgresql-8.1.8-1.el5.i386.rpm
ab9966173a10d19568e58e18b1ea0f14 postgresql-contrib-8.1.8-1.el5.i386.rpm
1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm
050dc905b012d3bb37aebeb0b35b28f3 postgresql-devel-8.1.8-1.el5.i386.rpm
09ea8f2dd49c03f536e55fe71cbfb765 postgresql-docs-8.1.8-1.el5.i386.rpm
4aa40a7562d94ff450525f5180e62634 postgresql-libs-8.1.8-1.el5.i386.rpm
637dc59b580445b6d75aea8f39afd485 postgresql-pl-8.1.8-1.el5.i386.rpm
ef42f820e437712576af6a360c96dca9 postgresql-python-8.1.8-1.el5.i386.rpm
5c936348ca2b124bdc3fb1e71148a596 postgresql-server-8.1.8-1.el5.i386.rpm
a353d60a9972b8bbc04c81629776fe8e postgresql-tcl-8.1.8-1.el5.i386.rpm
5a97f19a7f509c5497cc6cb80dc4509b postgresql-test-8.1.8-1.el5.i386.rpm

ia64:
69b9f1aebf6e94690b80b83f5700debd postgresql-8.1.8-1.el5.ia64.rpm
4443f12ea700f736cae4573ee71535d9 postgresql-contrib-8.1.8-1.el5.ia64.rpm
1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm
9f6166066c76dbf5b8e80a5df4f1306d postgresql-debuginfo-8.1.8-1.el5.ia64.rpm
28e491bc8660859a6e2aa1bbb46786f1 postgresql-devel-8.1.8-1.el5.ia64.rpm
88416d3c56adf49a917d51e2b91ea7c3 postgresql-docs-8.1.8-1.el5.ia64.rpm
4aa40a7562d94ff450525f5180e62634 postgresql-libs-8.1.8-1.el5.i386.rpm
c4b91e856696f5323b841b408e46ba83 postgresql-libs-8.1.8-1.el5.ia64.rpm
ed7b489614fd4528a67b13141bcaf1fc postgresql-pl-8.1.8-1.el5.ia64.rpm
10c6a0917434ef8d67ddad76b1b44206 postgresql-python-8.1.8-1.el5.ia64.rpm
8fa5384e95f449d23d2de200db0f7cfb postgresql-server-8.1.8-1.el5.ia64.rpm
070894787ea2b1b13631cabf482fbd3a postgresql-tcl-8.1.8-1.el5.ia64.rpm
1342f6611941d28abcdf3ba8d0a0e784 postgresql-test-8.1.8-1.el5.ia64.rpm

ppc:
d1c81aa14ae57ffec2680083752f42e6 postgresql-8.1.8-1.el5.ppc.rpm
4778d8e5d47fee840bb5a4b3aa042e11 postgresql-contrib-8.1.8-1.el5.ppc.rpm
7b2a14f3f31631edb91186b64e00f758 postgresql-debuginfo-8.1.8-1.el5.ppc.rpm
651dfd132da8213c6725f6917a6ee2ad postgresql-debuginfo-8.1.8-1.el5.ppc64.rpm
d0032a7370c9167cae64c67e0f7ea6d6 postgresql-devel-8.1.8-1.el5.ppc.rpm
c51291a491ebfece7db693fd81de862c postgresql-devel-8.1.8-1.el5.ppc64.rpm
970f6d985d97a9b6e313c4ef40adc5f6 postgresql-docs-8.1.8-1.el5.ppc.rpm
fd4110388418d06d7e3302d0881b76a5 postgresql-libs-8.1.8-1.el5.ppc.rpm
af622184701cc32ba37e8710ab234c67 postgresql-libs-8.1.8-1.el5.ppc64.rpm
fab13773ae902a2aa7801b84b6fd7d33 postgresql-pl-8.1.8-1.el5.ppc.rpm
d426d7d3c0bba88422ef8da2998df468 postgresql-python-8.1.8-1.el5.ppc.rpm
5ca4d52df094f4fa4676def66b826c30 postgresql-server-8.1.8-1.el5.ppc.rpm
eb8c8530bc6578c6e7d58e6b3de77c17 postgresql-tcl-8.1.8-1.el5.ppc.rpm
9487fc3b6de353d30641adb5a11e0895 postgresql-test-8.1.8-1.el5.ppc.rpm

s390x:
71c539c818352c876dbe70e7fc305bc1 postgresql-8.1.8-1.el5.s390x.rpm
a9bdf4729d164014bcd2e5a4c8fdbffa postgresql-contrib-8.1.8-1.el5.s390x.rpm
143edfcf968dd6b5565794e415bdd0d2 postgresql-debuginfo-8.1.8-1.el5.s390.rpm
5b68a77f30db1d0f4527cff8a4ea2034 postgresql-debuginfo-8.1.8-1.el5.s390x.rpm
d6236894072cf2649dd916bb4044ae62 postgresql-devel-8.1.8-1.el5.s390.rpm
a5fc3740d1445473487aa0cbfe0285b5 postgresql-devel-8.1.8-1.el5.s390x.rpm
d707b3dce1cc3e989cb3e47e3f27eb78 postgresql-docs-8.1.8-1.el5.s390x.rpm
8a3a7d2384f7346da82db6106c095eb8 postgresql-libs-8.1.8-1.el5.s390.rpm
d9043731e0db99f22064f18f486bd245 postgresql-libs-8.1.8-1.el5.s390x.rpm
919619f0ff7e97311f6f708c981b0a66 postgresql-pl-8.1.8-1.el5.s390x.rpm
004f7fac0d588cf7210b6b3df88932e6 postgresql-python-8.1.8-1.el5.s390x.rpm
2693a4e47fedb583056d8ff827632b43 postgresql-server-8.1.8-1.el5.s390x.rpm
9ce9c223645d83f3444badda7e9e0a57 postgresql-tcl-8.1.8-1.el5.s390x.rpm
4d668df9c8c905bdd83f2ab05b653df3 postgresql-test-8.1.8-1.el5.s390x.rpm

x86_64:
71580dff758d16cb17f2e8eb35e753fa postgresql-8.1.8-1.el5.x86_64.rpm
757e8ddce97ada5ac9b60c2d464e2482 postgresql-contrib-8.1.8-1.el5.x86_64.rpm
1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm
1d3eaf63b87efaec54bb380faa0b6af8 postgresql-debuginfo-8.1.8-1.el5.x86_64.rpm
050dc905b012d3bb37aebeb0b35b28f3 postgresql-devel-8.1.8-1.el5.i386.rpm
7aaa7f414d6e671f4968794850335fad postgresql-devel-8.1.8-1.el5.x86_64.rpm
e41349d11f081cc57019c748e4a4575a postgresql-docs-8.1.8-1.el5.x86_64.rpm
4aa40a7562d94ff450525f5180e62634 postgresql-libs-8.1.8-1.el5.i386.rpm
efe6c80e7a5e02930f7caba1aa85f958 postgresql-libs-8.1.8-1.el5.x86_64.rpm
aa5b02ec78b80e448a372148dea67b7d postgresql-pl-8.1.8-1.el5.x86_64.rpm
7ca63d34b6c49493b8649f9513002bc9 postgresql-python-8.1.8-1.el5.x86_64.rpm
bb0db5228c0a8ce2eb3041964221d55e postgresql-server-8.1.8-1.el5.x86_64.rpm
45685367b978f4994a0537cc883eba06 postgresql-tcl-8.1.8-1.el5.x86_64.rpm
02ed854afee1e8a3ea80c6e22d04e046 postgresql-test-8.1.8-1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFF+BZtXlSAg2UNWIIRAkwQAKCEF/EepXvMFDfi/wJ+E+n/e0kPHACgrP/y
dVfBAriw99LG3NHjLY5cAso=
=o430
-----END PGP SIGNATURE-----