Subject: | |
From: | |
Reply To: | |
Date: | Thu, 3 Mar 2011 16:22:52 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: postgresql security update
Issue date: 2011-02-03
CVE Names: CVE-2010-4015
A stack-based buffer overflow flaw was found in the way PostgreSQL
processed certain tokens from an SQL query when the intarray module was
enabled on a particular database. An authenticated database user running
a specially-crafted SQL query could use this flaw to cause a temporary
denial of service (postgres daemon crash) or, potentially, execute
arbitrary code with the privileges of the database server. (CVE-2010-4015)
For Scientific Linux 6, the updated postgresql packages upgrade
PostgreSQL to version 8.4.7, which includes a fix for this issue. Refer
to the PostgreSQL Release Notes for a full list of changes:
http://www.postgresql.org/docs/8.4/static/release.html
If the postgresql service is running, it will be automatically restarted
after installing this update.
SL 6.x
SRPMS:
postgresql-8.4.7-1.el6_0.1.src.rpm
i386:
postgresql-8.4.7-1.el6_0.1.i686.rpm
postgresql-contrib-8.4.7-1.el6_0.1.i686.rpm
postgresql-devel-8.4.7-1.el6_0.1.i686.rpm
postgresql-docs-8.4.7-1.el6_0.1.i686.rpm
postgresql-libs-8.4.7-1.el6_0.1.i686.rpm
postgresql-plperl-8.4.7-1.el6_0.1.i686.rpm
postgresql-plpython-8.4.7-1.el6_0.1.i686.rpm
postgresql-pltcl-8.4.7-1.el6_0.1.i686.rpm
postgresql-server-8.4.7-1.el6_0.1.i686.rpm
postgresql-test-8.4.7-1.el6_0.1.i686.rpm
x86_64:
postgresql-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-contrib-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-devel-8.4.7-1.el6_0.1.i686.rpm
postgresql-devel-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-docs-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-libs-8.4.7-1.el6_0.1.i686.rpm
postgresql-libs-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-plperl-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-plpython-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-pltcl-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-server-8.4.7-1.el6_0.1.x86_64.rpm
postgresql-test-8.4.7-1.el6_0.1.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|