Oval Definition:oval:com.redhat.rhsa:def:20080039
Revision Date:2008-01-28Version:634
Title:RHSA-2008:0039: postgresql security update (Moderate)
Description:PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server.

  • A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600)

  • A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with "trust" or "ident" authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601)

    All postgresql users should upgrade to these updated packages, which include PostgreSQL 7.3.21 and resolve these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-3278
    CVE-2007-6600
    CVE-2007-6601
    RHSA-2008:0039
    RHSA-2008:0039-01
    RHSA-2008:0039-01
    Platform(s):Red Hat Enterprise Linux 3
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • rh-postgresql-jdbc is earlier than 0:7.3.21-1
  • AND rh-postgresql-jdbc is signed with Red Hat master key
  • rh-postgresql-pl is earlier than 0:7.3.21-1
  • AND rh-postgresql-pl is signed with Red Hat master key
  • rh-postgresql-tcl is earlier than 0:7.3.21-1
  • AND rh-postgresql-tcl is signed with Red Hat master key
  • rh-postgresql-server is earlier than 0:7.3.21-1
  • AND rh-postgresql-server is signed with Red Hat master key
  • rh-postgresql-test is earlier than 0:7.3.21-1
  • AND rh-postgresql-test is signed with Red Hat master key
  • rh-postgresql-docs is earlier than 0:7.3.21-1
  • AND rh-postgresql-docs is signed with Red Hat master key
  • rh-postgresql-python is earlier than 0:7.3.21-1
  • AND rh-postgresql-python is signed with Red Hat master key
  • rh-postgresql-contrib is earlier than 0:7.3.21-1
  • AND rh-postgresql-contrib is signed with Red Hat master key
  • rh-postgresql-devel is earlier than 0:7.3.21-1
  • AND rh-postgresql-devel is signed with Red Hat master key
  • rh-postgresql is earlier than 0:7.3.21-1
  • AND rh-postgresql is signed with Red Hat master key
  • rh-postgresql-libs is earlier than 0:7.3.21-1
  • AND rh-postgresql-libs is signed with Red Hat master key
    • BACK