Oval Definition:oval:com.redhat.rhsa:def:20060164
Revision Date:2006-01-06Version:640
Title:RHSA-2006:0164: mod_auth_pgsql security update (Critical)
Description:The mod_auth_pgsql package is an httpd module that allows user authentication against information stored in a PostgreSQL database.

Several format string flaws were found in the way mod_auth_pgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if mod_auth_pgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3656 to this issue.

Please note that this issue only affects servers which have mod_auth_pgsql installed and configured to perform user authentication against a PostgreSQL database.

All users of mod_auth_pgsql should upgrade to these updated packages, which contain a backported patch to resolve this issue.

This issue does not affect the mod_auth_pgsql package supplied with Red Hat Enterprise Linux 2.1.

Red Hat would like to thank iDefense for reporting this issue.
Family:unixClass:patch
Status:Reference(s):CVE-2005-3656
RHSA-2006:0164
RHSA-2006:0164-01
RHSA-2006:0164-01
Platform(s):Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND mod_auth_pgsql is earlier than 0:2.0.1-4.ent.1
  • AND mod_auth_pgsql is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND mod_auth_pgsql is earlier than 0:2.0.1-7.1
  • AND mod_auth_pgsql is signed with Red Hat master key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND mod_auth_pgsql is earlier than 0:2.0.1-7.1
  • AND mod_auth_pgsql is signed with Red Hat redhatrelease2 key
    • BACK