Synopsis: Moderate: postgresql security update Issue date: 2011-02-03 CVE Names: CVE-2010-4015 A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-4015) For Scientific Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.7, which includes a fix for this issue. Refer to the PostgreSQL Release Notes for a full list of changes: http://www.postgresql.org/docs/8.4/static/release.html If the postgresql service is running, it will be automatically restarted after installing this update. SL 6.x SRPMS: postgresql-8.4.7-1.el6_0.1.src.rpm i386: postgresql-8.4.7-1.el6_0.1.i686.rpm postgresql-contrib-8.4.7-1.el6_0.1.i686.rpm postgresql-devel-8.4.7-1.el6_0.1.i686.rpm postgresql-docs-8.4.7-1.el6_0.1.i686.rpm postgresql-libs-8.4.7-1.el6_0.1.i686.rpm postgresql-plperl-8.4.7-1.el6_0.1.i686.rpm postgresql-plpython-8.4.7-1.el6_0.1.i686.rpm postgresql-pltcl-8.4.7-1.el6_0.1.i686.rpm postgresql-server-8.4.7-1.el6_0.1.i686.rpm postgresql-test-8.4.7-1.el6_0.1.i686.rpm x86_64: postgresql-8.4.7-1.el6_0.1.x86_64.rpm postgresql-contrib-8.4.7-1.el6_0.1.x86_64.rpm postgresql-devel-8.4.7-1.el6_0.1.i686.rpm postgresql-devel-8.4.7-1.el6_0.1.x86_64.rpm postgresql-docs-8.4.7-1.el6_0.1.x86_64.rpm postgresql-libs-8.4.7-1.el6_0.1.i686.rpm postgresql-libs-8.4.7-1.el6_0.1.x86_64.rpm postgresql-plperl-8.4.7-1.el6_0.1.x86_64.rpm postgresql-plpython-8.4.7-1.el6_0.1.x86_64.rpm postgresql-pltcl-8.4.7-1.el6_0.1.x86_64.rpm postgresql-server-8.4.7-1.el6_0.1.x86_64.rpm postgresql-test-8.4.7-1.el6_0.1.x86_64.rpm -Connie Sieh -Troy Dawson