Oval Definition:oval:com.redhat.rhsa:def:20070068
Revision Date:2008-03-20Version:637
Title:RHSA-2007:0068: postgresql security update (Moderate)
Description:PostgreSQL is an advanced Object-Relational database management system (DBMS).

Two flaws were found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit these issues (CVE-2007-0555, CVE-2007-0556).

Several denial of service flaws were found in the PostgreSQL server. An authenticated user could execute certain SQL commands which could crash the PostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542).

Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 8.1.8 which corrects these issues.
Family:unixClass:patch
Status:Reference(s):CVE-2006-5540
CVE-2006-5541
CVE-2006-5542
CVE-2007-0555
CVE-2007-0556
RHSA-2007:0068
RHSA-2007:0068-02
RHSA-2007:0068-02
Platform(s):Red Hat Enterprise Linux 5
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • postgresql is earlier than 0:8.1.8-1.el5
  • AND postgresql is signed with Red Hat redhatrelease2 key
  • postgresql-contrib is earlier than 0:8.1.8-1.el5
  • AND postgresql-contrib is signed with Red Hat redhatrelease2 key
  • postgresql-devel is earlier than 0:8.1.8-1.el5
  • AND postgresql-devel is signed with Red Hat redhatrelease2 key
  • postgresql-docs is earlier than 0:8.1.8-1.el5
  • AND postgresql-docs is signed with Red Hat redhatrelease2 key
  • postgresql-libs is earlier than 0:8.1.8-1.el5
  • AND postgresql-libs is signed with Red Hat redhatrelease2 key
  • postgresql-pl is earlier than 0:8.1.8-1.el5
  • AND postgresql-pl is signed with Red Hat redhatrelease2 key
  • postgresql-python is earlier than 0:8.1.8-1.el5
  • AND postgresql-python is signed with Red Hat redhatrelease2 key
  • postgresql-server is earlier than 0:8.1.8-1.el5
  • AND postgresql-server is signed with Red Hat redhatrelease2 key
  • postgresql-tcl is earlier than 0:8.1.8-1.el5
  • AND postgresql-tcl is signed with Red Hat redhatrelease2 key
  • postgresql-test is earlier than 0:8.1.8-1.el5
  • AND postgresql-test is signed with Red Hat redhatrelease2 key
    • BACK