Synopsis: Moderate: postgresql84 security update Issue date: 2011-02-03 CVE Names: CVE-2010-4015 A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-4015) These updated postgresql84 packages upgrade PostgreSQL to version 8.4.7. Refer to the PostgreSQL Release Notes for a full list of changes: http://www.postgresql.org/docs/8.4/static/release.html If the postgresql service is running, it will be automatically restarted after installing this update. SL 5.x SRPMS: postgresql84-8.4.7-1.el5_6.1.src.rpm i386: postgresql84-8.4.7-1.el5_6.1.i386.rpm postgresql84-contrib-8.4.7-1.el5_6.1.i386.rpm postgresql84-devel-8.4.7-1.el5_6.1.i386.rpm postgresql84-docs-8.4.7-1.el5_6.1.i386.rpm postgresql84-libs-8.4.7-1.el5_6.1.i386.rpm postgresql84-plperl-8.4.7-1.el5_6.1.i386.rpm postgresql84-plpython-8.4.7-1.el5_6.1.i386.rpm postgresql84-pltcl-8.4.7-1.el5_6.1.i386.rpm postgresql84-python-8.4.7-1.el5_6.1.i386.rpm postgresql84-server-8.4.7-1.el5_6.1.i386.rpm postgresql84-tcl-8.4.7-1.el5_6.1.i386.rpm postgresql84-test-8.4.7-1.el5_6.1.i386.rpm x86_64: postgresql84-8.4.7-1.el5_6.1.x86_64.rpm postgresql84-contrib-8.4.7-1.el5_6.1.x86_64.rpm postgresql84-devel-8.4.7-1.el5_6.1.i386.rpm postgresql84-devel-8.4.7-1.el5_6.1.x86_64.rpm postgresql84-docs-8.4.7-1.el5_6.1.x86_64.rpm postgresql84-libs-8.4.7-1.el5_6.1.i386.rpm postgresql84-libs-8.4.7-1.el5_6.1.x86_64.rpm postgresql84-plperl-8.4.7-1.el5_6.1.x86_64.rpm postgresql84-plpython-8.4.7-1.el5_6.1.x86_64.rpm postgresql84-pltcl-8.4.7-1.el5_6.1.x86_64.rpm postgresql84-python-8.4.7-1.el5_6.1.x86_64.rpm postgresql84-server-8.4.7-1.el5_6.1.x86_64.rpm postgresql84-tcl-8.4.7-1.el5_6.1.x86_64.rpm postgresql84-test-8.4.7-1.el5_6.1.x86_64.rpm -Connie Sieh -Troy Dawson