SCIENTIFIC-LINUX-ERRATA Archives

October 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: postgresql on SL3.x, SL4.x, SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Thu, 8 Oct 2009 14:35:16 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (123 lines) 
Synopsis:	Moderate: postgresql security update
Issue date:	2009-10-07
CVE Names:	CVE-2009-0922 CVE-2009-3230

CVE-2009-0922 postgresql: potential DoS due to conversion functions
CVE-2009-3230 postgresql: SQL privilege escalation, incomplete fix for 
CVE-2007-6600

It was discovered that the upstream patch for CVE-2007-6600 included in 
the Scientific Linux did not include protection against misuse of the 
RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated 
user could use this flaw to install malicious code that would later 
execute with superuser privileges. (CVE-2009-3230)

A flaw was found in the way PostgreSQL handled encoding conversion. A
remote, authenticated user could trigger an encoding conversion failure,
possibly leading to a temporary denial of service. Note: To exploit this
issue, a locale and client encoding for which specific messages fail to
translate must be selected (the availability of these is determined by 
an administrator-defined locale setting). (CVE-2009-0922)

Note: For Scientific Linux 4, this update upgrades PostgreSQL to version 
7.4.26. For Scientific Linux 5, this update upgrades PostgreSQL to 
version 8.1.18. Refer to the PostgreSQL Release Notes for a list of changes:

http://www.postgresql.org/docs/7.4/static/release.html
http://www.postgresql.org/docs/8.1/static/release.html

If the postgresql service is running, it will be automatically restarted 
after installing this update.

SL 3.0.x

       SRPMS:
rh-postgresql-7.3.21-2.src.rpm
       i386:
rh-postgresql-7.3.21-2.i386.rpm
rh-postgresql-contrib-7.3.21-2.i386.rpm
rh-postgresql-devel-7.3.21-2.i386.rpm
rh-postgresql-docs-7.3.21-2.i386.rpm
rh-postgresql-jdbc-7.3.21-2.i386.rpm
rh-postgresql-libs-7.3.21-2.i386.rpm
rh-postgresql-pl-7.3.21-2.i386.rpm
rh-postgresql-python-7.3.21-2.i386.rpm
rh-postgresql-server-7.3.21-2.i386.rpm
rh-postgresql-tcl-7.3.21-2.i386.rpm
rh-postgresql-test-7.3.21-2.i386.rpm
       x86_64:
rh-postgresql-7.3.21-2.x86_64.rpm
rh-postgresql-contrib-7.3.21-2.x86_64.rpm
rh-postgresql-devel-7.3.21-2.x86_64.rpm
rh-postgresql-docs-7.3.21-2.x86_64.rpm
rh-postgresql-jdbc-7.3.21-2.x86_64.rpm
rh-postgresql-libs-7.3.21-2.i386.rpm
rh-postgresql-libs-7.3.21-2.x86_64.rpm
rh-postgresql-pl-7.3.21-2.x86_64.rpm
rh-postgresql-python-7.3.21-2.x86_64.rpm
rh-postgresql-server-7.3.21-2.x86_64.rpm
rh-postgresql-tcl-7.3.21-2.x86_64.rpm
rh-postgresql-test-7.3.21-2.x86_64.rpm

SL 4.x

       SRPMS:
postgresql-7.4.26-1.el4_8.1.src.rpm
       i386:
postgresql-7.4.26-1.el4_8.1.i386.rpm
postgresql-contrib-7.4.26-1.el4_8.1.i386.rpm
postgresql-devel-7.4.26-1.el4_8.1.i386.rpm
postgresql-docs-7.4.26-1.el4_8.1.i386.rpm
postgresql-jdbc-7.4.26-1.el4_8.1.i386.rpm
postgresql-libs-7.4.26-1.el4_8.1.i386.rpm
postgresql-pl-7.4.26-1.el4_8.1.i386.rpm
postgresql-python-7.4.26-1.el4_8.1.i386.rpm
postgresql-server-7.4.26-1.el4_8.1.i386.rpm
postgresql-tcl-7.4.26-1.el4_8.1.i386.rpm
postgresql-test-7.4.26-1.el4_8.1.i386.rpm
       x86_64:
postgresql-7.4.26-1.el4_8.1.x86_64.rpm
postgresql-contrib-7.4.26-1.el4_8.1.x86_64.rpm
postgresql-devel-7.4.26-1.el4_8.1.x86_64.rpm
postgresql-docs-7.4.26-1.el4_8.1.x86_64.rpm
postgresql-jdbc-7.4.26-1.el4_8.1.x86_64.rpm
postgresql-libs-7.4.26-1.el4_8.1.i386.rpm
postgresql-libs-7.4.26-1.el4_8.1.x86_64.rpm
postgresql-pl-7.4.26-1.el4_8.1.x86_64.rpm
postgresql-python-7.4.26-1.el4_8.1.x86_64.rpm
postgresql-server-7.4.26-1.el4_8.1.x86_64.rpm
postgresql-tcl-7.4.26-1.el4_8.1.x86_64.rpm
postgresql-test-7.4.26-1.el4_8.1.x86_64.rpm

SL 5.x

       SRPMS:
postgresql-8.1.18-2.el5_4.1.src.rpm
       i386:
postgresql-8.1.18-2.el5_4.1.i386.rpm
postgresql-contrib-8.1.18-2.el5_4.1.i386.rpm
postgresql-devel-8.1.18-2.el5_4.1.i386.rpm
postgresql-docs-8.1.18-2.el5_4.1.i386.rpm
postgresql-libs-8.1.18-2.el5_4.1.i386.rpm
postgresql-pl-8.1.18-2.el5_4.1.i386.rpm
postgresql-python-8.1.18-2.el5_4.1.i386.rpm
postgresql-server-8.1.18-2.el5_4.1.i386.rpm
postgresql-tcl-8.1.18-2.el5_4.1.i386.rpm
postgresql-test-8.1.18-2.el5_4.1.i386.rpm
       x86_64:
postgresql-8.1.18-2.el5_4.1.x86_64.rpm
postgresql-contrib-8.1.18-2.el5_4.1.x86_64.rpm
postgresql-devel-8.1.18-2.el5_4.1.i386.rpm
postgresql-devel-8.1.18-2.el5_4.1.x86_64.rpm
postgresql-docs-8.1.18-2.el5_4.1.x86_64.rpm
postgresql-libs-8.1.18-2.el5_4.1.i386.rpm
postgresql-libs-8.1.18-2.el5_4.1.x86_64.rpm
postgresql-pl-8.1.18-2.el5_4.1.x86_64.rpm
postgresql-python-8.1.18-2.el5_4.1.x86_64.rpm
postgresql-server-8.1.18-2.el5_4.1.x86_64.rpm
postgresql-tcl-8.1.18-2.el5_4.1.x86_64.rpm
postgresql-test-8.1.18-2.el5_4.1.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2