(RHSA-2009:1484) Moderate: postgresql security update

2009-10-0700:00:00

access.redhat.com

0.023 Low

EPSS

Percentile

89.8%

JSON

PostgreSQL is an advanced object-relational database management system
(DBMS).

It was discovered that the upstream patch for CVE-2007-6600 included in the
Red Hat Security Advisory RHSA-2008:0038 did not include protection against
misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An
authenticated user could use this flaw to install malicious code that would
later execute with superuser privileges. (CVE-2009-3230)

A flaw was found in the way PostgreSQL handled encoding conversion. A
remote, authenticated user could trigger an encoding conversion failure,
possibly leading to a temporary denial of service. Note: To exploit this
issue, a locale and client encoding for which specific messages fail to
translate must be selected (the availability of these is determined by an
administrator-defined locale setting). (CVE-2009-0922)

Note: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to
version 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades
PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a
list of changes:

http://www.postgresql.org/docs/7.4/static/release.html
http://www.postgresql.org/docs/8.1/static/release.html

All PostgreSQL users should upgrade to these updated packages, which
resolve these issues. If the postgresql service is running, it will be
automatically restarted after installing this update.

OSVersionArchitecturePackageVersionFilename
RedHat4x86_64postgresql-jdbc< 7.4.26-1.el4_8.1postgresql-jdbc-7.4.26-1.el4_8.1.x86_64.rpm
RedHat4s390xpostgresql-devel< 7.4.26-1.el4_8.1postgresql-devel-7.4.26-1.el4_8.1.s390x.rpm
RedHat5ia64postgresql< 8.1.18-2.el5_4.1postgresql-8.1.18-2.el5_4.1.ia64.rpm
RedHat4ia64postgresql-libs< 7.4.26-1.el4_8.1postgresql-libs-7.4.26-1.el4_8.1.ia64.rpm
RedHat4x86_64postgresql-test< 7.4.26-1.el4_8.1postgresql-test-7.4.26-1.el4_8.1.x86_64.rpm
RedHat5ppcpostgresql-libs< 8.1.18-2.el5_4.1postgresql-libs-8.1.18-2.el5_4.1.ppc.rpm
RedHat5s390postgresql-libs< 8.1.18-2.el5_4.1postgresql-libs-8.1.18-2.el5_4.1.s390.rpm
RedHat5x86_64postgresql-server< 8.1.18-2.el5_4.1postgresql-server-8.1.18-2.el5_4.1.x86_64.rpm
RedHat5s390xpostgresql-tcl< 8.1.18-2.el5_4.1postgresql-tcl-8.1.18-2.el5_4.1.s390x.rpm
RedHat4ia64postgresql-python< 7.4.26-1.el4_8.1postgresql-python-7.4.26-1.el4_8.1.ia64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	4	x86_64	postgresql-jdbc	< 7.4.26-1.el4_8.1	postgresql-jdbc-7.4.26-1.el4_8.1.x86_64.rpm
RedHat	4	s390x	postgresql-devel	< 7.4.26-1.el4_8.1	postgresql-devel-7.4.26-1.el4_8.1.s390x.rpm
RedHat	5	ia64	postgresql	< 8.1.18-2.el5_4.1	postgresql-8.1.18-2.el5_4.1.ia64.rpm
RedHat	4	ia64	postgresql-libs	< 7.4.26-1.el4_8.1	postgresql-libs-7.4.26-1.el4_8.1.ia64.rpm
RedHat	4	x86_64	postgresql-test	< 7.4.26-1.el4_8.1	postgresql-test-7.4.26-1.el4_8.1.x86_64.rpm
RedHat	5	ppc	postgresql-libs	< 8.1.18-2.el5_4.1	postgresql-libs-8.1.18-2.el5_4.1.ppc.rpm
RedHat	5	s390	postgresql-libs	< 8.1.18-2.el5_4.1	postgresql-libs-8.1.18-2.el5_4.1.s390.rpm
RedHat	5	x86_64	postgresql-server	< 8.1.18-2.el5_4.1	postgresql-server-8.1.18-2.el5_4.1.x86_64.rpm
RedHat	5	s390x	postgresql-tcl	< 8.1.18-2.el5_4.1	postgresql-tcl-8.1.18-2.el5_4.1.s390x.rpm
RedHat	4	ia64	postgresql-python	< 7.4.26-1.el4_8.1	postgresql-python-7.4.26-1.el4_8.1.ia64.rpm