- Issued:
- 2004-01-16
- Updated:
- 2004-01-16
RHBA-2003:352 - Bug Fix Advisory
Synopsis
Updated PostgreSQL packages fix input overrun bug
Type/Severity
Bug Fix Advisory
Topic
Updated PostgreSQL packages that correct an input overrun bug in the
to_timestamp() routine are now available.
Description
PostgreSQL is an advanced Object-Relational database management system
(DBMS).
A bug that can lead to leaks has been found in the PostgreSQL string to
timestamp abstract data type conversion routine. If the input string to
the to_timestamp() routine is shorter than what the template string is
expecting, the routine will run off the end of the input string, which can
result in a leak of previous timestamp behavior and cause instability. This
issue affects PostgreSQL 7.3.4.
Users of PostgreSQL are advised to upgrade to these erratum packages, which
contain a patch that corrects this issue.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
Please note that this update is available via Red Hat Network. To use Red
Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Note that no initdb will be necessary from previous PostgreSQL packages.
Affected Products
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 3 ppc
Fixes
- BZ - 109067 - to_timestamp not stable if date string shorter than template
CVEs
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.