Message: 19
Date: Sun, 16 Apr 2006 18:38:27 +0900
From: Mark Sargent <powderkeg@xxxxxxxxxxxxxxxx>
Subject: Re: RPM for postgresql 8-* for CentOS4?
To: CentOS mailing list <centos@xxxxxxxxxx>
Message-ID: <44421093.7010403@xxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> furthermore, I installed postgresql-server and then did another
> updatedb and ran rpm -qa and rpm -qi,
...
> [racket@ibmlap pgsql]$ rpm -qa | grep postgresql*
> [racket@ibmlap pgsql]$
>
> Sorry, I'm a little lost with this. Cheers.
>
> Mark Sargent.
Try
$ rpm -qz postgres*
You should be running 8.1.3 which corrects a remote exploit problem:
-->
#
Fix bug that allowed any logged-in user to SET ROLE to any other database
user id (CVE-2006-0553)
Due to inadequate validity checking, a user could exploit the special case
that SET ROLE normally uses to restore the previous role setting after an
error. This allowed ordinary users to acquire superuser status, for
example. The escalation-of-privilege risk exists only in 8.1.0-8.1.2.
However, in all releases back to 7.3 there is a related bug in SET SESSION
AUTHORIZATION that allows unprivileged users to crash the server, if it
has been compiled with Asserts enabled (which is not the default). Thanks
to Akio Ishida for reporting this problem.
-->
Binaries for RH-EL4 are available through postgresql.org at
http://www.postgresql.org/ftp/binary/v8.1.3/linux/rpms/redhat/rhel-es-4/.
These work fine on CentOS as far as I can determine. You must install
compat-postgresql-libs-3-4.c4.centos to maintain CentOS-4.3 software with
dependencies on older versions of PostgeSQL.
--
*** e-mail is NOT a secure channel ***
James B. Byrne mailto:ByrneJB.<token>@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3CE delivery <token> = hal
