--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2260 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2260 2005-03-07 ---------------------------------------------------------------------
Name : postgresql Versions : rh7.3: postgresql-7.2.7-1.2.legacy Versions : rh9: postgresql-7.3.9-0.90.2.legacy Versions : fc1: postgresql-7.3.9-1.2.legacy Summary : PostgreSQL client programs and libraries. Description : PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs, including transactions, subselects, and user-defined types and functions. The postgresql package includes the client programs and libraries that you need to access a PostgreSQL DBMS server.
--------------------------------------------------------------------- Update Information:
Updated PostgreSQL packages to fix various security flaws are now available.
PostgreSQL is an advanced Object-Relational database management system (DBMS).
Trustix has identified improper temporary file usage in the make_oidjoins_check script. It is possible that an attacker could overwrite arbitrary file contents as the user running the make_oidjoins_check script. This script has been removed from the RPM file since it has no use to ordinary users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0977 to this issue.
A flaw in the LOAD command in PostgreSQL was discovered. A local user could use this flaw to load arbitrary shared librarys and therefore execute arbitrary code, gaining the privileges of the PostgreSQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0227 to this issue.
A permission checking flaw in PostgreSQL was discovered. A local user could bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0244 to this issue.
Multiple buffer overflows were found in PL/PgSQL. A database user who has permissions to create plpgsql functions could trigger this flaw which could lead to arbitrary code execution, gaining the privileges of the PostgreSQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0245 and CAN-2005-0247 to these issues.
A flaw in the integer aggregator (intagg) contrib module for PostgreSQL was found. A user could create carefully crafted arrays and cause a denial of service (crash). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0246 to this issue.
Users of PostgreSQL are advised to update to these erratum packages which are not vulnerable to these issues.
--------------------------------------------------------------------- Changelogs
rh73:
* Mon Mar 07 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 7.2.7-1.2.legacy
- Added missing XFree86-devel, bison, libtermcap-devel, flex
perl-SGMLSpm, openjade, e2fsprogs-devel and docbook-utils BuildRequires
* Fri Mar 04 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 7.2.7-1.1.legacy
- Update to 7.2.7 to fix multiple security issues (CAN-2005-0227,
CAN-2005-0245, and other issues)
- Patch additional buffer overruns in plpgsql (CAN-2005-0247)
- Remove contrib/oidjoins stuff from installed fileset; it's of no use
to ordinary users and has a security issue (RH bugs 136300, 136301)
rh9:
* Mon Mar 07 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 7.3.9-1.2.legacy
- Added missing autoconf, libtermcap-devel, perl-SGMLSpm, docbook-utils
and docbook-style-dsssl to BuildRequires
* Fri Mar 04 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 7.3.9-1.1.legacy
- Update to PostgreSQL 7.3.9 (fixes CAN-2005-0227, CAN-2005-0244,
CAN-2005-0245, CAN-2005-0246, CAN-2004-0977 and other issues).
- Patch additional buffer overruns in plpgsql (CAN-2005-0247)
- Remove contrib/oidjoins stuff from installed fileset; it's of no use
to ordinary users and has a security issue (RH bugs 136300, 136301)
fc1:
* Mon Mar 07 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 7.3.9-1.2.legacy
- Added missing libtermcap-devel, perl-SGMLSpm, openjade, docbook-utils
and docbook-style-dsssl to BuildRequires
* Fri Mar 04 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 7.3.9-1.1.legacy
- Rebuilt as Fedora Legacy security update for FC1
* Tue Feb 08 2005 Tom Lane <tgl@xxxxxxxxxx> 7.3.9-2 - Patch additional buffer overruns in plpgsql (CAN-2005-0247)
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums)
rh7.3:
d31c189c8a7deff6956075bf77e2b1d65ec5c4a7 redhat/7.3/updates-testing/i386/postgresql-7.2.7-1.2.legacy.i386.rpm
2f0d1bf43ce424777839a4114c1586de17003028 redhat/7.3/updates-testing/i386/postgresql-contrib-7.2.7-1.2.legacy.i386.rpm
3c8ca3b49b600ee328d376509ba2fa81178bc785 redhat/7.3/updates-testing/i386/postgresql-devel-7.2.7-1.2.legacy.i386.rpm
69f068253ca62dbfecf102e4599ad592fe07d654 redhat/7.3/updates-testing/i386/postgresql-docs-7.2.7-1.2.legacy.i386.rpm
0aef7d8c5eaa0f9acbbf6bbdb9aa325ff993094c redhat/7.3/updates-testing/i386/postgresql-jdbc-7.2.7-1.2.legacy.i386.rpm
4ddd20835495bf19a00665136b3e7634e3e29da4 redhat/7.3/updates-testing/i386/postgresql-libs-7.2.7-1.2.legacy.i386.rpm
11a5ef1ad11f2cbd11344aa225c4685ecffe56c1 redhat/7.3/updates-testing/i386/postgresql-odbc-7.2.7-1.2.legacy.i386.rpm
5cafe5600b825fcbf96eebc390ac0f2024b2a2be redhat/7.3/updates-testing/i386/postgresql-perl-7.2.7-1.2.legacy.i386.rpm
a00ed6283f7b0b4878be4a5d33c4d08c6cecd032 redhat/7.3/updates-testing/i386/postgresql-python-7.2.7-1.2.legacy.i386.rpm
022b23b4f4f7942220a8ca069b739089873685b2 redhat/7.3/updates-testing/i386/postgresql-server-7.2.7-1.2.legacy.i386.rpm
77156886ec28350b6dffef06f96fcb3ee1ee7ebf redhat/7.3/updates-testing/i386/postgresql-tcl-7.2.7-1.2.legacy.i386.rpm
2c3cc238af77cee13a342c677c965c5d57c34bb9 redhat/7.3/updates-testing/i386/postgresql-test-7.2.7-1.2.legacy.i386.rpm
f150672bd8473dc450010b436e557a46761f5c57 redhat/7.3/updates-testing/i386/postgresql-tk-7.2.7-1.2.legacy.i386.rpm
35222d526cd08e720a50d5f441a152fc6d93056f redhat/7.3/updates-testing/SRPMS/postgresql-7.2.7-1.2.legacy.src.rpm
rh9:
97c1e38c06d6bb16a76e346aad2a9ae9f4dbe4de redhat/9/updates-testing/i386/postgresql-7.3.9-0.90.2.legacy.i386.rpm
44dc64014d89dd84cb7dbc7077adcb0b8d382233 redhat/9/updates-testing/i386/postgresql-contrib-7.3.9-0.90.2.legacy.i386.rpm
12fea917971b79931ab833c7725e2fed9ee737f5 redhat/9/updates-testing/i386/postgresql-devel-7.3.9-0.90.2.legacy.i386.rpm
db0d341829ca4d29dfefa049939efea2f0a7b966 redhat/9/updates-testing/i386/postgresql-docs-7.3.9-0.90.2.legacy.i386.rpm
882789ef9a838332b16477f4c217c9c61517ac97 redhat/9/updates-testing/i386/postgresql-jdbc-7.3.9-0.90.2.legacy.i386.rpm
9247cee701af231b2c5a29d880c347a2a9d99399 redhat/9/updates-testing/i386/postgresql-libs-7.3.9-0.90.2.legacy.i386.rpm
7afd9c0344c6b340d77fd74be9ba2f7b078d7a8a redhat/9/updates-testing/i386/postgresql-pl-7.3.9-0.90.2.legacy.i386.rpm
11889c69f5ecafcbf8d75905d8452ae3a8f8227f redhat/9/updates-testing/i386/postgresql-python-7.3.9-0.90.2.legacy.i386.rpm
1446eb258819fb54beb7c4cafd53ad828b445eab redhat/9/updates-testing/i386/postgresql-server-7.3.9-0.90.2.legacy.i386.rpm
9d367f4e478199a6d186633f302c706ba2a6dbd6 redhat/9/updates-testing/i386/postgresql-tcl-7.3.9-0.90.2.legacy.i386.rpm
8c06644a98389f11fa1a5a13f5a4d6c9558b8d0f redhat/9/updates-testing/i386/postgresql-test-7.3.9-0.90.2.legacy.i386.rpm
7855eeced400cfeaf85b478c69810099eb304826 redhat/9/updates-testing/SRPMS/postgresql-7.3.9-0.90.2.legacy.src.rpm
fc1:
e41bd8377a22b935f44202ddc785fc9185355234 fedora/1/updates-testing/i386/postgresql-7.3.9-1.2.legacy.i386.rpm
efab40afd8fe5c92a7d68a5a41d01fcec96430c6 fedora/1/updates-testing/i386/postgresql-contrib-7.3.9-1.2.legacy.i386.rpm
9044550eed20628c22f4f75bb13afcddfd0d724a fedora/1/updates-testing/i386/postgresql-devel-7.3.9-1.2.legacy.i386.rpm
8c689dc13b2be91d97a235a389f85f615d1d1ee6 fedora/1/updates-testing/i386/postgresql-docs-7.3.9-1.2.legacy.i386.rpm
2da174ac3fd08fa4e5dda831054d1e541f7226fb fedora/1/updates-testing/i386/postgresql-jdbc-7.3.9-1.2.legacy.i386.rpm
d6a0eb0d12ebc73b5fde3bd45e6eb9061f56ca00 fedora/1/updates-testing/i386/postgresql-libs-7.3.9-1.2.legacy.i386.rpm
a1bccc43dffd3bbb0bcd1351f4b75965f8e24e6d fedora/1/updates-testing/i386/postgresql-pl-7.3.9-1.2.legacy.i386.rpm
4a4d1bf5cfa876b0303a4eefb4df4aea7f90cea3 fedora/1/updates-testing/i386/postgresql-python-7.3.9-1.2.legacy.i386.rpm
62e0287827577a799f586b0815cbbe5544952207 fedora/1/updates-testing/i386/postgresql-server-7.3.9-1.2.legacy.i386.rpm
c993c8888856a89603116de70a8f6f5de8422c7a fedora/1/updates-testing/i386/postgresql-tcl-7.3.9-1.2.legacy.i386.rpm
766dd53d0ef9761c986373f7c9626ecb85635893 fedora/1/updates-testing/i386/postgresql-test-7.3.9-1.2.legacy.i386.rpm
993c2134e2a29ecde59935afa87b6d11a1d3a108 fedora/1/updates-testing/SRPMS/postgresql-7.3.9-1.2.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list