__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
PostgreSQL Security Update
[Red Hat RHSA-2008:0038-7]
January 11, 2008 19:00 GMT Number S-108
[REVISED 14 Jan 2008]
[REVISED 16 Jan 2008]
[REVISED 22 Feb 2008]
[REVISED 2 Apr 2008]
______________________________________________________________________________
PROBLEM: There are multiple flaws in PostgreSQL.
PLATFORM: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3, v. 4)
Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v.3, v.4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
Red Hat Enterprise Linux (v. 5 server)
RHEL Desktop Workstation (v. 5 Client)
Red Hat Enterprise Linux Desktop (v. 5 client)
Debian GNU/Linux 3.1 (oldstable) and 4.0 (stable)
HP Internet Express for Tru64 UNIX v 6.7 and v 6.6
DAMAGE: An authenticated attaker could use these flaws to cause a
denial of service by causing the PostgreSQL server to crash,
enter an infininte loop, or use extensive CPU and memory
resources while processing queries containing specially crafted
regular expressions. Applications that accept regular
expressions from untrusted sources may explose this problem to
unauthorized attackers.
SOLUTION: Upgrade to the appropriate version.
______________________________________________________________________________
VULNERABILITY The risk is MEDIUM. Could cause a denial of service and an
ASSESSMENT: authenticated attacker could gain privilege escalation.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-108.shtml
ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2008-0038.html
ADDITIONAL LINKS: https://rhn.redhat.com/errata/RHSA-2008-0039.html
http://rhn.redhat.com/errata/RHSA-2008-0134.html
http://www.debian.org/security/2008/dsa-1460
http://www.debian.org/security/2008/dsa-1463
Visit Hewlett-Packard Subscription Service for:
HPSBTU02325 SSRT080006 rev. 1
CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067
CVE-2007-6600 CVE-2007-6601
______________________________________________________________________________
REVISION HISTORY:
01/14/2008 - revised S-108 to add a link to Debian Security Advisory DSA-1460-1 for
Debian GNU/Linux 4.0 (stable).
01/16/2008 - revised S-108 to add a link to Debian Security Advisory DSA-1463-1 for
Debian GNU/Linux 3.1 (oldstable) and 4.0 (stable).
02/22/2008 - revised S-108 to add a link to Red Hat RHSA-2008:0134-3 for Red Hat Desktop
(v. 3, v. 4), Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v.3, v.4), and
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor.
04/02/2008 - revised S-108 to add a link to Hewlett-Packard Subscription Service for
HPSBTU02325 SSRT080006 rev. 1 for HP Internet Express for Tru64 UNIX v 6.7
and v 6.6.
[***** Start Red Hat RHSA-2008:0038-7 *****]
Moderate: postgresql security update
Advisory: RHSA-2008:0038-7
Type: Security Advisory
Severity: Moderate
Issued on: 2008-01-11
Last updated on: 2008-01-11
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20080038.xml
CVEs (cve.mitre.org): CVE-2007-3278
CVE-2007-4769
CVE-2007-4772
CVE-2007-6067
CVE-2007-6600
CVE-2007-6601
Details
Updated postgresql packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
PostgreSQL is an advanced Object-Relational database management system
(DBMS). The postgresql packages include the client programs and libraries
needed to access a PostgreSQL DBMS server.
Will Drewry discovered multiple flaws in PostgreSQL's regular expression
engine. An authenticated attacker could use these flaws to cause a denial
of service by causing the PostgreSQL server to crash, enter an infinite
loop, or use extensive CPU and memory resources while processing queries
containing specially crafted regular expressions. Applications that accept
regular expressions from untrusted sources may expose this problem to
unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)
A privilege escalation flaw was discovered in PostgreSQL. An authenticated
attacker could create an index function that would be executed with
administrator privileges during database maintenance tasks, such as
database vacuuming. (CVE-2007-6600)
A privilege escalation flaw was discovered in PostgreSQL's Database Link
library (dblink). An authenticated attacker could use dblink to possibly
escalate privileges on systems with "trust" or "ident" authentication
configured. Please note that dblink functionality is not enabled by
default, and can only by enabled by a database administrator on systems
with the postgresql-contrib package installed. (CVE-2007-3278,
CVE-2007-6601)
All postgresql users should upgrade to these updated packages, which
include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Updated packages
RHEL Desktop Workstation (v. 5 client)
--------------------------------------------------------------------------------
IA-32:
postgresql-devel-8.1.11-1.el5_1.1.i386.rpm 9f5e16d9e2d4aaf2abdbf69c6aac5c37
postgresql-pl-8.1.11-1.el5_1.1.i386.rpm 427dfc958021f5dfef0a89118d003623
postgresql-server-8.1.11-1.el5_1.1.i386.rpm 392e142e686f223c0a402059032ced14
postgresql-test-8.1.11-1.el5_1.1.i386.rpm 8916de8c89b8689cc1085e627eff85b6
x86_64:
postgresql-devel-8.1.11-1.el5_1.1.i386.rpm 9f5e16d9e2d4aaf2abdbf69c6aac5c37
postgresql-devel-8.1.11-1.el5_1.1.x86_64.rpm 1d89d3f92dd9bbaa039f4a93d3bdc6de
postgresql-pl-8.1.11-1.el5_1.1.x86_64.rpm ad102dbe8f50bf8da3a82596d9a8a82c
postgresql-server-8.1.11-1.el5_1.1.x86_64.rpm 84ca45f7082f4efa73cb3913eea808cd
postgresql-test-8.1.11-1.el5_1.1.x86_64.rpm 859cb07ae1488245e16f9709703cbdc9
Red Hat Desktop (v. 4)
--------------------------------------------------------------------------------
SRPMS:
postgresql-7.4.19-1.el4_6.1.src.rpm 67a3b7c3801d0375ecba2c8a02637824
IA-32:
postgresql-7.4.19-1.el4_6.1.i386.rpm 62559ac39a562a55b682fe902812756e
postgresql-contrib-7.4.19-1.el4_6.1.i386.rpm 532c45ca232d8b30e23dc48cea31e23f
postgresql-devel-7.4.19-1.el4_6.1.i386.rpm de0a08685f3c1c24ea463abb39187559
postgresql-docs-7.4.19-1.el4_6.1.i386.rpm c038d53938a6675e454f5e2125c14867
postgresql-jdbc-7.4.19-1.el4_6.1.i386.rpm 665e417d378c2c4613725d9bc57d325b
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm d39717ebc2946b1d198ea587fff2cf44
postgresql-pl-7.4.19-1.el4_6.1.i386.rpm d7f4e1d55451e95b6f1ee0f3e4dc15fc
postgresql-python-7.4.19-1.el4_6.1.i386.rpm 0fdfc971966aa258f5f4f60d4c03a0b7
postgresql-server-7.4.19-1.el4_6.1.i386.rpm 1268c6338420fdb0a278377ac00b3b3a
postgresql-tcl-7.4.19-1.el4_6.1.i386.rpm 136983a23016e1de06fb86b093e6a372
postgresql-test-7.4.19-1.el4_6.1.i386.rpm af42af3663f6ac77f024d85732bd0627
x86_64:
postgresql-7.4.19-1.el4_6.1.x86_64.rpm 965b4e6d272bab2537a56a16e3b055c6
postgresql-contrib-7.4.19-1.el4_6.1.x86_64.rpm 8fdb2e855700cd3bcc93a3d9e666834d
postgresql-devel-7.4.19-1.el4_6.1.x86_64.rpm 777a81bba53a63fc3a232c50ecf363c4
postgresql-docs-7.4.19-1.el4_6.1.x86_64.rpm 30ac8beac4c9bc4a4071ec566d5760ad
postgresql-jdbc-7.4.19-1.el4_6.1.x86_64.rpm bb438646d3e84a3f8fe207f934bcd1a7
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm d39717ebc2946b1d198ea587fff2cf44
postgresql-libs-7.4.19-1.el4_6.1.x86_64.rpm 02b0ce9e55856a12566d36ae0858725d
postgresql-pl-7.4.19-1.el4_6.1.x86_64.rpm a745aa7617931cdb22594c88b6de6116
postgresql-python-7.4.19-1.el4_6.1.x86_64.rpm 8fd9be23a7b1b2aece7b007c2e86d107
postgresql-server-7.4.19-1.el4_6.1.x86_64.rpm ae2f4eec6a308026dad00198d8a4f1eb
postgresql-tcl-7.4.19-1.el4_6.1.x86_64.rpm d423ae74537e582a5bb34fdbc6474162
postgresql-test-7.4.19-1.el4_6.1.x86_64.rpm 348bba254291c84773482e91d5c658ed
Red Hat Enterprise Linux (v. 5 server)
--------------------------------------------------------------------------------
SRPMS:
postgresql-8.1.11-1.el5_1.1.src.rpm 5eae5d61da4e8fef27eb9fd3a80d7982
IA-32:
postgresql-8.1.11-1.el5_1.1.i386.rpm a00ec675e2fb394b2ac29b43a8a5e0a4
postgresql-contrib-8.1.11-1.el5_1.1.i386.rpm f344ce9a4564180f687d1cdb700e3ea9
postgresql-devel-8.1.11-1.el5_1.1.i386.rpm 9f5e16d9e2d4aaf2abdbf69c6aac5c37
postgresql-docs-8.1.11-1.el5_1.1.i386.rpm a5ff1c16023bac31164f9f2786d283b4
postgresql-libs-8.1.11-1.el5_1.1.i386.rpm 396e9512c057a47c5877e79b8752f714
postgresql-pl-8.1.11-1.el5_1.1.i386.rpm 427dfc958021f5dfef0a89118d003623
postgresql-python-8.1.11-1.el5_1.1.i386.rpm 9ad0e5e0421c47e464eac737c4258521
postgresql-server-8.1.11-1.el5_1.1.i386.rpm 392e142e686f223c0a402059032ced14
postgresql-tcl-8.1.11-1.el5_1.1.i386.rpm 8b753018f05a4b35e224ef75fe2bf99d
postgresql-test-8.1.11-1.el5_1.1.i386.rpm 8916de8c89b8689cc1085e627eff85b6
IA-64:
postgresql-8.1.11-1.el5_1.1.ia64.rpm b0bb11b6fb8cbbc63596bb6a1752aac3
postgresql-contrib-8.1.11-1.el5_1.1.ia64.rpm 86f67a1881eaaaee710c8e4f90ffd25b
postgresql-devel-8.1.11-1.el5_1.1.ia64.rpm 46919f9fbfc717bd4377dc88a27e8e08
postgresql-docs-8.1.11-1.el5_1.1.ia64.rpm cac4872eccbdc53baabf98e78062b42a
postgresql-libs-8.1.11-1.el5_1.1.i386.rpm 396e9512c057a47c5877e79b8752f714
postgresql-libs-8.1.11-1.el5_1.1.ia64.rpm 47c3517aa6dc4052c51a24c003f9e4ed
postgresql-pl-8.1.11-1.el5_1.1.ia64.rpm 295d79bb831c98ec9866015bc57ab102
postgresql-python-8.1.11-1.el5_1.1.ia64.rpm 778e36cc94a16719c48431ff9cb1e3f8
postgresql-server-8.1.11-1.el5_1.1.ia64.rpm 2ac2de901412f632ec918b298eb4a669
postgresql-tcl-8.1.11-1.el5_1.1.ia64.rpm a3cc901087df762f6c2635d346e4c04f
postgresql-test-8.1.11-1.el5_1.1.ia64.rpm d907980b8e1784a40f0951e580ed676f
PPC:
postgresql-8.1.11-1.el5_1.1.ppc.rpm acd4dc842d762e8ac34ee7677918422c
postgresql-contrib-8.1.11-1.el5_1.1.ppc.rpm 06f68ab6f3a3a2fab9b0a6445fbd268c
postgresql-devel-8.1.11-1.el5_1.1.ppc.rpm 52b81a454f6e577783d83f7c8c805919
postgresql-devel-8.1.11-1.el5_1.1.ppc64.rpm 01b88742302b4efec7611b65eeb0dec2
postgresql-docs-8.1.11-1.el5_1.1.ppc.rpm 13b5c9d285fb05b11ad23994f3402df1
postgresql-libs-8.1.11-1.el5_1.1.ppc.rpm 46b2d5cc4a44070449bd65fe6f078909
postgresql-libs-8.1.11-1.el5_1.1.ppc64.rpm c15fec8996ef3762317a24a274a71306
postgresql-pl-8.1.11-1.el5_1.1.ppc.rpm 4a280a25741d2a78209b150b3781a9b4
postgresql-python-8.1.11-1.el5_1.1.ppc.rpm e4735d70460e23e63a6361a25a3d930f
postgresql-server-8.1.11-1.el5_1.1.ppc.rpm 9c4d3cbdc1c0ed0e51be07538f1fbd60
postgresql-tcl-8.1.11-1.el5_1.1.ppc.rpm cc59524503f64d4a6d60cae7dcaa567e
postgresql-test-8.1.11-1.el5_1.1.ppc.rpm d831b2ee0d9018d397a86b6617f7cb48
s390x:
postgresql-8.1.11-1.el5_1.1.s390x.rpm 983e0cc7bf8c7a6081bd3f485b9518d3
postgresql-contrib-8.1.11-1.el5_1.1.s390x.rpm 972e58113847e6cb1417a62bffbc044d
postgresql-devel-8.1.11-1.el5_1.1.s390.rpm c362e0a966d50fccaec72eaea6fd4612
postgresql-devel-8.1.11-1.el5_1.1.s390x.rpm ffaa640c459c1479d172362bbb16a44f
postgresql-docs-8.1.11-1.el5_1.1.s390x.rpm ebe95adffa2febc15b9718efb7d6bfaa
postgresql-libs-8.1.11-1.el5_1.1.s390.rpm 1a1a31a52dd3cfd2d1f1695c404a5dfc
postgresql-libs-8.1.11-1.el5_1.1.s390x.rpm 59f5bf3c2556ce50cb445827f63c8a2d
postgresql-pl-8.1.11-1.el5_1.1.s390x.rpm 1b77d80b1f2c3a3ffc523133b701a520
postgresql-python-8.1.11-1.el5_1.1.s390x.rpm b5b7068da3bb700c6e402a63bf71963d
postgresql-server-8.1.11-1.el5_1.1.s390x.rpm 2529d6cbc13cd1976a2e73ccf55b1054
postgresql-tcl-8.1.11-1.el5_1.1.s390x.rpm 3e4731312ed4248b771eb31559491e56
postgresql-test-8.1.11-1.el5_1.1.s390x.rpm 172b90360c2de1e756740726b26dafcb
x86_64:
postgresql-8.1.11-1.el5_1.1.x86_64.rpm fe6ad92b749c3dc4ae8bb119cda38e73
postgresql-contrib-8.1.11-1.el5_1.1.x86_64.rpm 0751092dcf84dcd67d5d3e9cc029b5bd
postgresql-devel-8.1.11-1.el5_1.1.i386.rpm 9f5e16d9e2d4aaf2abdbf69c6aac5c37
postgresql-devel-8.1.11-1.el5_1.1.x86_64.rpm 1d89d3f92dd9bbaa039f4a93d3bdc6de
postgresql-docs-8.1.11-1.el5_1.1.x86_64.rpm 4cfe52f4de0e1f276d1c4eef51d407dc
postgresql-libs-8.1.11-1.el5_1.1.i386.rpm 396e9512c057a47c5877e79b8752f714
postgresql-libs-8.1.11-1.el5_1.1.x86_64.rpm 549ce0273c53aa19398c166761eef56e
postgresql-pl-8.1.11-1.el5_1.1.x86_64.rpm ad102dbe8f50bf8da3a82596d9a8a82c
postgresql-python-8.1.11-1.el5_1.1.x86_64.rpm 156e3a7811a5bf42194116401e330494
postgresql-server-8.1.11-1.el5_1.1.x86_64.rpm 84ca45f7082f4efa73cb3913eea808cd
postgresql-tcl-8.1.11-1.el5_1.1.x86_64.rpm 8b47701da9b73b31a7171355f3bb0a30
postgresql-test-8.1.11-1.el5_1.1.x86_64.rpm 859cb07ae1488245e16f9709703cbdc9
Red Hat Enterprise Linux AS (v. 4)
--------------------------------------------------------------------------------
SRPMS:
postgresql-7.4.19-1.el4_6.1.src.rpm 67a3b7c3801d0375ecba2c8a02637824
IA-32:
postgresql-7.4.19-1.el4_6.1.i386.rpm 62559ac39a562a55b682fe902812756e
postgresql-contrib-7.4.19-1.el4_6.1.i386.rpm 532c45ca232d8b30e23dc48cea31e23f
postgresql-devel-7.4.19-1.el4_6.1.i386.rpm de0a08685f3c1c24ea463abb39187559
postgresql-docs-7.4.19-1.el4_6.1.i386.rpm c038d53938a6675e454f5e2125c14867
postgresql-jdbc-7.4.19-1.el4_6.1.i386.rpm 665e417d378c2c4613725d9bc57d325b
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm d39717ebc2946b1d198ea587fff2cf44
postgresql-pl-7.4.19-1.el4_6.1.i386.rpm d7f4e1d55451e95b6f1ee0f3e4dc15fc
postgresql-python-7.4.19-1.el4_6.1.i386.rpm 0fdfc971966aa258f5f4f60d4c03a0b7
postgresql-server-7.4.19-1.el4_6.1.i386.rpm 1268c6338420fdb0a278377ac00b3b3a
postgresql-tcl-7.4.19-1.el4_6.1.i386.rpm 136983a23016e1de06fb86b093e6a372
postgresql-test-7.4.19-1.el4_6.1.i386.rpm af42af3663f6ac77f024d85732bd0627
IA-64:
postgresql-7.4.19-1.el4_6.1.ia64.rpm 88b34c6cdac99a4c3da5fd4c35ce3fc6
postgresql-contrib-7.4.19-1.el4_6.1.ia64.rpm bfd11037ff4657c701b21e73f496806d
postgresql-devel-7.4.19-1.el4_6.1.ia64.rpm 13052c7abb0958151417a0c56e834de4
postgresql-docs-7.4.19-1.el4_6.1.ia64.rpm b5336086680e46387208c253c64d1b7f
postgresql-jdbc-7.4.19-1.el4_6.1.ia64.rpm 2de3a094be02b82ebb170ded95527e0f
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm d39717ebc2946b1d198ea587fff2cf44
postgresql-libs-7.4.19-1.el4_6.1.ia64.rpm af4d6d9987c640398e40c61ba1a13843
postgresql-pl-7.4.19-1.el4_6.1.ia64.rpm e72458000bbcc6dc209078c027aaf502
postgresql-python-7.4.19-1.el4_6.1.ia64.rpm 0ccd43e6b377ca718727a63de9623f1d
postgresql-server-7.4.19-1.el4_6.1.ia64.rpm 3487f765af5cbe0fe59aede983ae3cd2
postgresql-tcl-7.4.19-1.el4_6.1.ia64.rpm 7ae7d98622fa57264792857f06f10d73
postgresql-test-7.4.19-1.el4_6.1.ia64.rpm 6b668a129545c12ca5d9bbc26f11afd5
PPC:
postgresql-7.4.19-1.el4_6.1.ppc.rpm d5e4dd49d2a3f4b73760c2e067453d09
postgresql-contrib-7.4.19-1.el4_6.1.ppc.rpm 9dbb1a84f2ab73a7f7aea8857b0e0337
postgresql-devel-7.4.19-1.el4_6.1.ppc.rpm 22c7625faedccc251f8b9bead18feb9e
postgresql-docs-7.4.19-1.el4_6.1.ppc.rpm a769b42918710f3a92ee5d21badcbe50
postgresql-jdbc-7.4.19-1.el4_6.1.ppc.rpm 24eb10eaaa61c7bd64de75dcbdfa210f
postgresql-libs-7.4.19-1.el4_6.1.ppc.rpm e2d4e65ea947d8f77c18498c41dc7379
postgresql-libs-7.4.19-1.el4_6.1.ppc64.rpm 87dc93fc32fb2f7e5ec8ec49694c21fa
postgresql-pl-7.4.19-1.el4_6.1.ppc.rpm b0ca90b2bada323b2fe061de433add34
postgresql-python-7.4.19-1.el4_6.1.ppc.rpm e76197ad86d9e8a702f735870d27e70f
postgresql-server-7.4.19-1.el4_6.1.ppc.rpm d32d30de204d463a6d8eb96398c8935a
postgresql-tcl-7.4.19-1.el4_6.1.ppc.rpm 88393fcd4772f8de9741722da51ba17d
postgresql-test-7.4.19-1.el4_6.1.ppc.rpm 84559e34fcfb6aeee9e3450b315d1e25
s390:
postgresql-7.4.19-1.el4_6.1.s390.rpm 4843fe62d4cd5b11ad9dd1a4d98928da
postgresql-contrib-7.4.19-1.el4_6.1.s390.rpm e37365484912c3ada2009f0cc9fef0dd
postgresql-devel-7.4.19-1.el4_6.1.s390.rpm b4f6b505469a7600c904bc1da8d08f4f
postgresql-docs-7.4.19-1.el4_6.1.s390.rpm 5a3a98c53bd4c83134c7050a943bdb13
postgresql-jdbc-7.4.19-1.el4_6.1.s390.rpm 1f379a5fd8e4b7f3fec1fc8835831742
postgresql-libs-7.4.19-1.el4_6.1.s390.rpm 559099277c8f87a7ef8a511abc7ba55e
postgresql-pl-7.4.19-1.el4_6.1.s390.rpm 9592bf14ed8abb2a38c056f8180d5937
postgresql-python-7.4.19-1.el4_6.1.s390.rpm e5370bec9ae7a6d85556e3a2de3693e3
postgresql-server-7.4.19-1.el4_6.1.s390.rpm 7c8cd69e2c0060d983c3522eb80010fd
postgresql-tcl-7.4.19-1.el4_6.1.s390.rpm d9271ae4328c9f26f8ea74c1b30847ab
postgresql-test-7.4.19-1.el4_6.1.s390.rpm d837992bfa4006bbc69a3b666bb82fca
s390x:
postgresql-7.4.19-1.el4_6.1.s390x.rpm 7808ab5555c7dba1565838a40648cb84
postgresql-contrib-7.4.19-1.el4_6.1.s390x.rpm 89b4f4c23dd804b263d865956b8aa80f
postgresql-devel-7.4.19-1.el4_6.1.s390x.rpm eca05dfac3ad11830e149a4c8fb34754
postgresql-docs-7.4.19-1.el4_6.1.s390x.rpm e5574f23a25162f65b2ab742932b262b
postgresql-jdbc-7.4.19-1.el4_6.1.s390x.rpm e113286f23062799d2596ea896015072
postgresql-libs-7.4.19-1.el4_6.1.s390.rpm 559099277c8f87a7ef8a511abc7ba55e
postgresql-libs-7.4.19-1.el4_6.1.s390x.rpm a8544c791e86dec845fdeb017f9a8024
postgresql-pl-7.4.19-1.el4_6.1.s390x.rpm 46ae5297c98faf8f8ed8b4b91b46a167
postgresql-python-7.4.19-1.el4_6.1.s390x.rpm 197fce3047db1f4c7955b6ab70abfdf8
postgresql-server-7.4.19-1.el4_6.1.s390x.rpm 07af64f8aaa8d1b4f5be3fd2246a3f5d
postgresql-tcl-7.4.19-1.el4_6.1.s390x.rpm 5da89299655a02fb06b9d7f74d594654
postgresql-test-7.4.19-1.el4_6.1.s390x.rpm 5581a971e17c4a907be1fcb2abae03e3
x86_64:
postgresql-7.4.19-1.el4_6.1.x86_64.rpm 965b4e6d272bab2537a56a16e3b055c6
postgresql-contrib-7.4.19-1.el4_6.1.x86_64.rpm 8fdb2e855700cd3bcc93a3d9e666834d
postgresql-devel-7.4.19-1.el4_6.1.x86_64.rpm 777a81bba53a63fc3a232c50ecf363c4
postgresql-docs-7.4.19-1.el4_6.1.x86_64.rpm 30ac8beac4c9bc4a4071ec566d5760ad
postgresql-jdbc-7.4.19-1.el4_6.1.x86_64.rpm bb438646d3e84a3f8fe207f934bcd1a7
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm d39717ebc2946b1d198ea587fff2cf44
postgresql-libs-7.4.19-1.el4_6.1.x86_64.rpm 02b0ce9e55856a12566d36ae0858725d
postgresql-pl-7.4.19-1.el4_6.1.x86_64.rpm a745aa7617931cdb22594c88b6de6116
postgresql-python-7.4.19-1.el4_6.1.x86_64.rpm 8fd9be23a7b1b2aece7b007c2e86d107
postgresql-server-7.4.19-1.el4_6.1.x86_64.rpm ae2f4eec6a308026dad00198d8a4f1eb
postgresql-tcl-7.4.19-1.el4_6.1.x86_64.rpm d423ae74537e582a5bb34fdbc6474162
postgresql-test-7.4.19-1.el4_6.1.x86_64.rpm 348bba254291c84773482e91d5c658ed
Red Hat Enterprise Linux Desktop (v. 5 client)
--------------------------------------------------------------------------------
SRPMS:
postgresql-8.1.11-1.el5_1.1.src.rpm 5eae5d61da4e8fef27eb9fd3a80d7982
IA-32:
postgresql-8.1.11-1.el5_1.1.i386.rpm a00ec675e2fb394b2ac29b43a8a5e0a4
postgresql-contrib-8.1.11-1.el5_1.1.i386.rpm f344ce9a4564180f687d1cdb700e3ea9
postgresql-docs-8.1.11-1.el5_1.1.i386.rpm a5ff1c16023bac31164f9f2786d283b4
postgresql-libs-8.1.11-1.el5_1.1.i386.rpm 396e9512c057a47c5877e79b8752f714
postgresql-python-8.1.11-1.el5_1.1.i386.rpm 9ad0e5e0421c47e464eac737c4258521
postgresql-tcl-8.1.11-1.el5_1.1.i386.rpm 8b753018f05a4b35e224ef75fe2bf99d
x86_64:
postgresql-8.1.11-1.el5_1.1.x86_64.rpm fe6ad92b749c3dc4ae8bb119cda38e73
postgresql-contrib-8.1.11-1.el5_1.1.x86_64.rpm 0751092dcf84dcd67d5d3e9cc029b5bd
postgresql-docs-8.1.11-1.el5_1.1.x86_64.rpm 4cfe52f4de0e1f276d1c4eef51d407dc
postgresql-libs-8.1.11-1.el5_1.1.i386.rpm 396e9512c057a47c5877e79b8752f714
postgresql-libs-8.1.11-1.el5_1.1.x86_64.rpm 549ce0273c53aa19398c166761eef56e
postgresql-python-8.1.11-1.el5_1.1.x86_64.rpm 156e3a7811a5bf42194116401e330494
postgresql-tcl-8.1.11-1.el5_1.1.x86_64.rpm 8b47701da9b73b31a7171355f3bb0a30
Red Hat Enterprise Linux ES (v. 4)
--------------------------------------------------------------------------------
SRPMS:
postgresql-7.4.19-1.el4_6.1.src.rpm 67a3b7c3801d0375ecba2c8a02637824
IA-32:
postgresql-7.4.19-1.el4_6.1.i386.rpm 62559ac39a562a55b682fe902812756e
postgresql-contrib-7.4.19-1.el4_6.1.i386.rpm 532c45ca232d8b30e23dc48cea31e23f
postgresql-devel-7.4.19-1.el4_6.1.i386.rpm de0a08685f3c1c24ea463abb39187559
postgresql-docs-7.4.19-1.el4_6.1.i386.rpm c038d53938a6675e454f5e2125c14867
postgresql-jdbc-7.4.19-1.el4_6.1.i386.rpm 665e417d378c2c4613725d9bc57d325b
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm d39717ebc2946b1d198ea587fff2cf44
postgresql-pl-7.4.19-1.el4_6.1.i386.rpm d7f4e1d55451e95b6f1ee0f3e4dc15fc
postgresql-python-7.4.19-1.el4_6.1.i386.rpm 0fdfc971966aa258f5f4f60d4c03a0b7
postgresql-server-7.4.19-1.el4_6.1.i386.rpm 1268c6338420fdb0a278377ac00b3b3a
postgresql-tcl-7.4.19-1.el4_6.1.i386.rpm 136983a23016e1de06fb86b093e6a372
postgresql-test-7.4.19-1.el4_6.1.i386.rpm af42af3663f6ac77f024d85732bd0627
IA-64:
postgresql-7.4.19-1.el4_6.1.ia64.rpm 88b34c6cdac99a4c3da5fd4c35ce3fc6
postgresql-contrib-7.4.19-1.el4_6.1.ia64.rpm bfd11037ff4657c701b21e73f496806d
postgresql-devel-7.4.19-1.el4_6.1.ia64.rpm 13052c7abb0958151417a0c56e834de4
postgresql-docs-7.4.19-1.el4_6.1.ia64.rpm b5336086680e46387208c253c64d1b7f
postgresql-jdbc-7.4.19-1.el4_6.1.ia64.rpm 2de3a094be02b82ebb170ded95527e0f
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm d39717ebc2946b1d198ea587fff2cf44
postgresql-libs-7.4.19-1.el4_6.1.ia64.rpm af4d6d9987c640398e40c61ba1a13843
postgresql-pl-7.4.19-1.el4_6.1.ia64.rpm e72458000bbcc6dc209078c027aaf502
postgresql-python-7.4.19-1.el4_6.1.ia64.rpm 0ccd43e6b377ca718727a63de9623f1d
postgresql-server-7.4.19-1.el4_6.1.ia64.rpm 3487f765af5cbe0fe59aede983ae3cd2
postgresql-tcl-7.4.19-1.el4_6.1.ia64.rpm 7ae7d98622fa57264792857f06f10d73
postgresql-test-7.4.19-1.el4_6.1.ia64.rpm 6b668a129545c12ca5d9bbc26f11afd5
x86_64:
postgresql-7.4.19-1.el4_6.1.x86_64.rpm 965b4e6d272bab2537a56a16e3b055c6
postgresql-contrib-7.4.19-1.el4_6.1.x86_64.rpm 8fdb2e855700cd3bcc93a3d9e666834d
postgresql-devel-7.4.19-1.el4_6.1.x86_64.rpm 777a81bba53a63fc3a232c50ecf363c4
postgresql-docs-7.4.19-1.el4_6.1.x86_64.rpm 30ac8beac4c9bc4a4071ec566d5760ad
postgresql-jdbc-7.4.19-1.el4_6.1.x86_64.rpm bb438646d3e84a3f8fe207f934bcd1a7
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm d39717ebc2946b1d198ea587fff2cf44
postgresql-libs-7.4.19-1.el4_6.1.x86_64.rpm 02b0ce9e55856a12566d36ae0858725d
postgresql-pl-7.4.19-1.el4_6.1.x86_64.rpm a745aa7617931cdb22594c88b6de6116
postgresql-python-7.4.19-1.el4_6.1.x86_64.rpm 8fd9be23a7b1b2aece7b007c2e86d107
postgresql-server-7.4.19-1.el4_6.1.x86_64.rpm ae2f4eec6a308026dad00198d8a4f1eb
postgresql-tcl-7.4.19-1.el4_6.1.x86_64.rpm d423ae74537e582a5bb34fdbc6474162
postgresql-test-7.4.19-1.el4_6.1.x86_64.rpm 348bba254291c84773482e91d5c658ed
Red Hat Enterprise Linux WS (v. 4)
--------------------------------------------------------------------------------
SRPMS:
postgresql-7.4.19-1.el4_6.1.src.rpm 67a3b7c3801d0375ecba2c8a02637824
IA-32:
postgresql-7.4.19-1.el4_6.1.i386.rpm 62559ac39a562a55b682fe902812756e
postgresql-contrib-7.4.19-1.el4_6.1.i386.rpm 532c45ca232d8b30e23dc48cea31e23f
postgresql-devel-7.4.19-1.el4_6.1.i386.rpm de0a08685f3c1c24ea463abb39187559
postgresql-docs-7.4.19-1.el4_6.1.i386.rpm c038d53938a6675e454f5e2125c14867
postgresql-jdbc-7.4.19-1.el4_6.1.i386.rpm 665e417d378c2c4613725d9bc57d325b
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm d39717ebc2946b1d198ea587fff2cf44
postgresql-pl-7.4.19-1.el4_6.1.i386.rpm d7f4e1d55451e95b6f1ee0f3e4dc15fc
postgresql-python-7.4.19-1.el4_6.1.i386.rpm 0fdfc971966aa258f5f4f60d4c03a0b7
postgresql-server-7.4.19-1.el4_6.1.i386.rpm 1268c6338420fdb0a278377ac00b3b3a
postgresql-tcl-7.4.19-1.el4_6.1.i386.rpm 136983a23016e1de06fb86b093e6a372
postgresql-test-7.4.19-1.el4_6.1.i386.rpm af42af3663f6ac77f024d85732bd0627
IA-64:
postgresql-7.4.19-1.el4_6.1.ia64.rpm 88b34c6cdac99a4c3da5fd4c35ce3fc6
postgresql-contrib-7.4.19-1.el4_6.1.ia64.rpm bfd11037ff4657c701b21e73f496806d
postgresql-devel-7.4.19-1.el4_6.1.ia64.rpm 13052c7abb0958151417a0c56e834de4
postgresql-docs-7.4.19-1.el4_6.1.ia64.rpm b5336086680e46387208c253c64d1b7f
postgresql-jdbc-7.4.19-1.el4_6.1.ia64.rpm 2de3a094be02b82ebb170ded95527e0f
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm d39717ebc2946b1d198ea587fff2cf44
postgresql-libs-7.4.19-1.el4_6.1.ia64.rpm af4d6d9987c640398e40c61ba1a13843
postgresql-pl-7.4.19-1.el4_6.1.ia64.rpm e72458000bbcc6dc209078c027aaf502
postgresql-python-7.4.19-1.el4_6.1.ia64.rpm 0ccd43e6b377ca718727a63de9623f1d
postgresql-server-7.4.19-1.el4_6.1.ia64.rpm 3487f765af5cbe0fe59aede983ae3cd2
postgresql-tcl-7.4.19-1.el4_6.1.ia64.rpm 7ae7d98622fa57264792857f06f10d73
postgresql-test-7.4.19-1.el4_6.1.ia64.rpm 6b668a129545c12ca5d9bbc26f11afd5
x86_64:
postgresql-7.4.19-1.el4_6.1.x86_64.rpm 965b4e6d272bab2537a56a16e3b055c6
postgresql-contrib-7.4.19-1.el4_6.1.x86_64.rpm 8fdb2e855700cd3bcc93a3d9e666834d
postgresql-devel-7.4.19-1.el4_6.1.x86_64.rpm 777a81bba53a63fc3a232c50ecf363c4
postgresql-docs-7.4.19-1.el4_6.1.x86_64.rpm 30ac8beac4c9bc4a4071ec566d5760ad
postgresql-jdbc-7.4.19-1.el4_6.1.x86_64.rpm bb438646d3e84a3f8fe207f934bcd1a7
postgresql-libs-7.4.19-1.el4_6.1.i386.rpm d39717ebc2946b1d198ea587fff2cf44
postgresql-libs-7.4.19-1.el4_6.1.x86_64.rpm 02b0ce9e55856a12566d36ae0858725d
postgresql-pl-7.4.19-1.el4_6.1.x86_64.rpm a745aa7617931cdb22594c88b6de6116
postgresql-python-7.4.19-1.el4_6.1.x86_64.rpm 8fd9be23a7b1b2aece7b007c2e86d107
postgresql-server-7.4.19-1.el4_6.1.x86_64.rpm ae2f4eec6a308026dad00198d8a4f1eb
postgresql-tcl-7.4.19-1.el4_6.1.x86_64.rpm d423ae74537e582a5bb34fdbc6474162
postgresql-test-7.4.19-1.el4_6.1.x86_64.rpm 348bba254291c84773482e91d5c658ed
(The unlinked packages above are only available from the Red Hat Network)
Bugs fixed (see bugzilla for more information)
309141 - CVE-2007-3278 dblink allows proxying of database connections via 127.0.0.1
315231 - CVE-2007-4769 postgresql integer overflow in regex code
316511 - CVE-2007-4772 postgresql DoS via infinite loop in regex NFA optimization code
400931 - CVE-2007-6067 postgresql: tempory DoS caused by slow regex NFA cleanup
427127 - CVE-2007-6600 PostgreSQL privilege escalation
427128 - CVE-2007-6601 PostgreSQL privilege escalation via dblink
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601
http://www.redhat.com/security/updates/classification/#moderate
--------------------------------------------------------------------------------
These packages are GPG signed by Red Hat for security. Our key and details on
how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at
http://www.redhat.com/security/team/contact/
[***** End Red Hat RHSA-2008:0038-7 *****]
_______________________________________________________________________________
CIAC wishes to acknowledge the contributions of Red Hat for the
information contained in this bulletin.
_______________________________________________________________________________
CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.
CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
Voice: +1 925-422-8193 (7x24)
FAX: +1 925-423-8002
STU-III: +1 925-423-2604
E-mail: ciac@ciac.org
Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.
World Wide Web: http://www.ciac.org/
Anonymous FTP: ftp.ciac.org
PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)
S-098: HP-UX Running rpc.yppasswdd Vulnerability
S-099: PeerCast Vulnerability
S-100: GNU Tar Vulnerabilities
S-101: Flash Authoring Tool Vulnerability
S-102: TYPO3 Vulnerabilities
S-103: Wireshark Vulnerabilities
S-104: libsndfile Vulnerability
S-105: Vulnerabilitiesin Windows TCP/IP
S-106: Vulnerability in LSASS
S-107: HP Software Update Running on WIndows