OVAL Reference oval:com.redhat.rhsa:def:20060526

Oval Definition:

oval:com.redhat.rhsa:def:20060526

Revision Date:	2006-05-23	Version:	641
Title:	RHSA-2006:0526: postgresql security update (Important)
Description:	PostgreSQL is an advanced Object-Relational database management system (DBMS). A bug was found in the way PostgreSQL's PQescapeString function escapes strings when operating in a multibyte character encoding. It is possible for an attacker to provide an application a carefully crafted string containing invalidly-encoded characters, which may be improperly escaped, allowing the attacker to inject malicious SQL. While this update fixes how PQescapeString operates, the PostgreSQL server has also been modified to prevent such an attack occurring through unpatched clients. (CVE-2006-2313, CVE-2006-2314). More details about this issue are available in the linked PostgreSQL technical documentation. An integer signedness bug was found in the way PostgreSQL generated password salts. The actual salt size is only half the size of the expected salt, making the process of brute forcing password hashes slightly easier. This update will not strengthen already existing passwords, but all newly assigned passwords will have the proper salt length. (CVE-2006-0591) Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 7.4.13, which corrects these issues.
Family:	unix	Class:	patch
Status:		Reference(s):	CVE-2006-0591 CVE-2006-2313 CVE-2006-2314 RHSA-2006:0526 RHSA-2006:0526-02 RHSA-2006:0526-02
Platform(s):	Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4	Product(s):
Definition Synopsis
Red Hat Enterprise Linux must be installed OR Package Information Red Hat Enterprise Linux 3 is installed AND rh-postgresql-contrib is earlier than 0:7.3.15-2 AND rh-postgresql-contrib is signed with Red Hat master key rh-postgresql-test is earlier than 0:7.3.15-2 AND rh-postgresql-test is signed with Red Hat master key rh-postgresql-server is earlier than 0:7.3.15-2 AND rh-postgresql-server is signed with Red Hat master key rh-postgresql-libs is earlier than 0:7.3.15-2 AND rh-postgresql-libs is signed with Red Hat master key rh-postgresql-docs is earlier than 0:7.3.15-2 AND rh-postgresql-docs is signed with Red Hat master key rh-postgresql-jdbc is earlier than 0:7.3.15-2 AND rh-postgresql-jdbc is signed with Red Hat master key rh-postgresql-python is earlier than 0:7.3.15-2 AND rh-postgresql-python is signed with Red Hat master key rh-postgresql-pl is earlier than 0:7.3.15-2 AND rh-postgresql-pl is signed with Red Hat master key rh-postgresql-devel is earlier than 0:7.3.15-2 AND rh-postgresql-devel is signed with Red Hat master key rh-postgresql-tcl is earlier than 0:7.3.15-2 AND rh-postgresql-tcl is signed with Red Hat master key rh-postgresql is earlier than 0:7.3.15-2 AND rh-postgresql is signed with Red Hat master key OR Package Information Red Hat Enterprise Linux 4 is installed AND postgresql-pl is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-pl is signed with Red Hat master key postgresql-test is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-test is signed with Red Hat master key postgresql-python is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-python is signed with Red Hat master key postgresql-server is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-server is signed with Red Hat master key postgresql-devel is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-devel is signed with Red Hat master key postgresql-contrib is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-contrib is signed with Red Hat master key postgresql-libs is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-libs is signed with Red Hat master key postgresql-tcl is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-tcl is signed with Red Hat master key postgresql-jdbc is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-jdbc is signed with Red Hat master key postgresql-docs is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-docs is signed with Red Hat master key postgresql is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql is signed with Red Hat master key
Definition Synopsis
Release Information Red Hat Enterprise Linux 3 is installed AND rh-postgresql is earlier than 0:7.3.15-2 AND rh-postgresql is signed with Red Hat master key rh-postgresql-contrib is earlier than 0:7.3.15-2 AND rh-postgresql-contrib is signed with Red Hat master key rh-postgresql-devel is earlier than 0:7.3.15-2 AND rh-postgresql-devel is signed with Red Hat master key rh-postgresql-docs is earlier than 0:7.3.15-2 AND rh-postgresql-docs is signed with Red Hat master key rh-postgresql-jdbc is earlier than 0:7.3.15-2 AND rh-postgresql-jdbc is signed with Red Hat master key rh-postgresql-libs is earlier than 0:7.3.15-2 AND rh-postgresql-libs is signed with Red Hat master key rh-postgresql-pl is earlier than 0:7.3.15-2 AND rh-postgresql-pl is signed with Red Hat master key rh-postgresql-python is earlier than 0:7.3.15-2 AND rh-postgresql-python is signed with Red Hat master key rh-postgresql-server is earlier than 0:7.3.15-2 AND rh-postgresql-server is signed with Red Hat master key rh-postgresql-tcl is earlier than 0:7.3.15-2 AND rh-postgresql-tcl is signed with Red Hat master key rh-postgresql-test is earlier than 0:7.3.15-2 AND rh-postgresql-test is signed with Red Hat master key OR Package Information Red Hat Enterprise Linux 4 is installed AND postgresql is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql is signed with Red Hat master key postgresql-contrib is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-contrib is signed with Red Hat master key postgresql-devel is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-devel is signed with Red Hat master key postgresql-docs is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-docs is signed with Red Hat master key postgresql-jdbc is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-jdbc is signed with Red Hat master key postgresql-libs is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-libs is signed with Red Hat master key postgresql-pl is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-pl is signed with Red Hat master key postgresql-python is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-python is signed with Red Hat master key postgresql-server is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-server is signed with Red Hat master key postgresql-tcl is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-tcl is signed with Red Hat master key postgresql-test is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-test is signed with Red Hat master key
Definition Synopsis
Red Hat Enterprise Linux must be installed OR Package Information Red Hat Enterprise Linux 4 is installed AND postgresql is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql is signed with Red Hat redhatrelease2 key postgresql-contrib is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-contrib is signed with Red Hat redhatrelease2 key postgresql-devel is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-devel is signed with Red Hat redhatrelease2 key postgresql-docs is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-docs is signed with Red Hat redhatrelease2 key postgresql-jdbc is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-jdbc is signed with Red Hat redhatrelease2 key postgresql-libs is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-libs is signed with Red Hat redhatrelease2 key postgresql-pl is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-pl is signed with Red Hat redhatrelease2 key postgresql-python is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-python is signed with Red Hat redhatrelease2 key postgresql-server is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-server is signed with Red Hat redhatrelease2 key postgresql-tcl is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-tcl is signed with Red Hat redhatrelease2 key postgresql-test is earlier than 0:7.4.13-2.RHEL4.1 AND postgresql-test is signed with Red Hat redhatrelease2 key

BACK