Oval Definition:oval:com.redhat.rhsa:def:20080038
Revision Date:2008-01-28Version:640
Title:RHSA-2008:0038: postgresql security update (Moderate)
Description:PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server.

  • Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)

  • A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600)

  • A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with "trust" or "ident" authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601)

    All postgresql users should upgrade to these updated packages, which include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-3278
    CVE-2007-4769
    CVE-2007-4772
    CVE-2007-6067
    CVE-2007-6600
    CVE-2007-6601
    RHSA-2008:0038
    RHSA-2008:0038-01
    RHSA-2008:0038-01
    Platform(s):Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • postgresql is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql is signed with Red Hat redhatrelease2 key
  • postgresql-contrib is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-contrib is signed with Red Hat redhatrelease2 key
  • postgresql-devel is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-devel is signed with Red Hat redhatrelease2 key
  • postgresql-docs is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-docs is signed with Red Hat redhatrelease2 key
  • postgresql-jdbc is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-jdbc is signed with Red Hat redhatrelease2 key
  • postgresql-libs is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-libs is signed with Red Hat redhatrelease2 key
  • postgresql-pl is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-pl is signed with Red Hat redhatrelease2 key
  • postgresql-python is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-python is signed with Red Hat redhatrelease2 key
  • postgresql-server is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-server is signed with Red Hat redhatrelease2 key
  • postgresql-tcl is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-tcl is signed with Red Hat redhatrelease2 key
  • postgresql-test is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-test is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • postgresql is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql is signed with Red Hat redhatrelease2 key
  • postgresql-contrib is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-contrib is signed with Red Hat redhatrelease2 key
  • postgresql-devel is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-devel is signed with Red Hat redhatrelease2 key
  • postgresql-docs is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-docs is signed with Red Hat redhatrelease2 key
  • postgresql-libs is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-libs is signed with Red Hat redhatrelease2 key
  • postgresql-pl is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-pl is signed with Red Hat redhatrelease2 key
  • postgresql-python is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-python is signed with Red Hat redhatrelease2 key
  • postgresql-server is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-server is signed with Red Hat redhatrelease2 key
  • postgresql-tcl is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-tcl is signed with Red Hat redhatrelease2 key
  • postgresql-test is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-test is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • postgresql is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql is signed with Red Hat master key
  • postgresql-contrib is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-contrib is signed with Red Hat master key
  • postgresql-devel is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-devel is signed with Red Hat master key
  • postgresql-docs is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-docs is signed with Red Hat master key
  • postgresql-jdbc is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-jdbc is signed with Red Hat master key
  • postgresql-libs is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-libs is signed with Red Hat master key
  • postgresql-pl is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-pl is signed with Red Hat master key
  • postgresql-python is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-python is signed with Red Hat master key
  • postgresql-server is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-server is signed with Red Hat master key
  • postgresql-tcl is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-tcl is signed with Red Hat master key
  • postgresql-test is earlier than 0:7.4.19-1.el4_6.1
  • AND postgresql-test is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • postgresql is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql is signed with Red Hat redhatrelease key
  • postgresql-contrib is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-contrib is signed with Red Hat redhatrelease key
  • postgresql-devel is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-devel is signed with Red Hat redhatrelease key
  • postgresql-docs is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-docs is signed with Red Hat redhatrelease key
  • postgresql-libs is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-libs is signed with Red Hat redhatrelease key
  • postgresql-pl is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-pl is signed with Red Hat redhatrelease key
  • postgresql-python is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-python is signed with Red Hat redhatrelease key
  • postgresql-server is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-server is signed with Red Hat redhatrelease key
  • postgresql-tcl is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-tcl is signed with Red Hat redhatrelease key
  • postgresql-test is earlier than 0:8.1.11-1.el5_1.1
  • AND postgresql-test is signed with Red Hat redhatrelease key
    • BACK