RHSA-2007:0067 - Security Advisory
Moderate: postgresql security update
Security Advisory: Moderate
Updated postgresql packages that fix several security vulnerabilities are
now available for the Red Hat Application Stack.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
PostgreSQL is an advanced Object-Relational database management system
Two flaws were found in the way the PostgreSQL server handles certain
SQL-language functions. An authenticated user could execute a sequence of
command which could crash the PostgreSQL server or possibly read from
arbitrary memory locations. A user must have permissions to drop and add
database tables to exploit this flaw. (CVE-2007-0555, CVE-2007-0556)
Several denial of service flaws were found in the PostgreSQL server. An
authenticated user could execute an SQL command which could crash the
PostgreSQL server. (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542)
Users of PostgreSQL should upgrade to these updated packages containing
PostgreSQL version 8.1.7, which corrects these issues.
Note: The original PostgreSQL 8.1.7 security patch contained an error; this
release includes the updated patch and so is equivalent to the
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
- Red Hat Application Stack 1 1 x86_64
- Red Hat Application Stack 1 1 i386
- BZ - 225543 - CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556)
- BZ - 227299 - CVE-2006-5540 New version fixes three different crash vulnerabilities (CVE-2006-5541, CVE-2006-5542)
- BZ - 227542 - Attribute type error when updating varchar column
Red Hat Application Stack 1 1