Fedora Legacy Test Update Notification: postgresql

Marc Deslauriers marcdeslauriers at videotron.ca
Tue Mar 8 03:19:52 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2260
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2260
2005-03-07
---------------------------------------------------------------------

Name        : postgresql
Versions    : rh7.3: postgresql-7.2.7-1.2.legacy
Versions    : rh9: postgresql-7.3.9-0.90.2.legacy
Versions    : fc1: postgresql-7.3.9-1.2.legacy
Summary     : PostgreSQL client programs and libraries.
Description :
PostgreSQL is an advanced Object-Relational database management system
(DBMS) that supports almost all SQL constructs, including
transactions, subselects, and user-defined types and functions. The
postgresql package includes the client programs and libraries that you
need to access a PostgreSQL DBMS server.

---------------------------------------------------------------------
Update Information:

Updated PostgreSQL packages to fix various security flaws are now available.

PostgreSQL is an advanced Object-Relational database management system
(DBMS).

Trustix has identified improper temporary file usage in the
make_oidjoins_check script. It is possible that an attacker could
overwrite arbitrary file contents as the user running the
make_oidjoins_check script. This script has been removed from the RPM file
since it has no use to ordinary users. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0977 to
this issue.

A flaw in the LOAD command in PostgreSQL was discovered. A local user
could use this flaw to load arbitrary shared librarys and therefore execute
arbitrary code, gaining the privileges of the PostgreSQL server. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0227 to this issue.

A permission checking flaw in PostgreSQL was discovered. A local user
could bypass the EXECUTE permission check for functions by using the CREATE
AGGREGATE command. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0244 to this issue.

Multiple buffer overflows were found in PL/PgSQL. A database user who has
permissions to create plpgsql functions could trigger this flaw which could
lead to arbitrary code execution, gaining the privileges of the PostgreSQL
server. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CAN-2005-0245 and CAN-2005-0247 to these issues.

A flaw in the integer aggregator (intagg) contrib module for PostgreSQL was
found. A user could create carefully crafted arrays and cause a denial of
service (crash). The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0246 to this issue.

Users of PostgreSQL are advised to update to these erratum packages which
are not vulnerable to these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Mon Mar 07 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
7.2.7-1.2.legacy
- Added missing XFree86-devel, bison, libtermcap-devel, flex
   perl-SGMLSpm, openjade, e2fsprogs-devel and docbook-utils BuildRequires

* Fri Mar 04 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
7.2.7-1.1.legacy
- Update to 7.2.7 to fix multiple security issues (CAN-2005-0227,
   CAN-2005-0245, and other issues)
- Patch additional buffer overruns in plpgsql (CAN-2005-0247)
- Remove contrib/oidjoins stuff from installed fileset; it's of no use
   to ordinary users and has a security issue (RH bugs 136300, 136301)

rh9:
* Mon Mar 07 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
7.3.9-1.2.legacy
- Added missing autoconf, libtermcap-devel, perl-SGMLSpm, docbook-utils
   and docbook-style-dsssl to BuildRequires

* Fri Mar 04 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
7.3.9-1.1.legacy
- Update to PostgreSQL 7.3.9 (fixes CAN-2005-0227, CAN-2005-0244,
   CAN-2005-0245, CAN-2005-0246, CAN-2004-0977 and other issues).
- Patch additional buffer overruns in plpgsql (CAN-2005-0247)
- Remove contrib/oidjoins stuff from installed fileset; it's of no use
   to ordinary users and has a security issue (RH bugs 136300, 136301)

fc1:
* Mon Mar 07 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
7.3.9-1.2.legacy
- Added missing libtermcap-devel, perl-SGMLSpm, openjade, docbook-utils
   and docbook-style-dsssl to BuildRequires

* Fri Mar 04 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
7.3.9-1.1.legacy
- Rebuilt as Fedora Legacy security update for FC1

* Tue Feb 08 2005 Tom Lane <tgl at redhat.com> 7.3.9-2
- Patch additional buffer overruns in plpgsql (CAN-2005-0247)

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
d31c189c8a7deff6956075bf77e2b1d65ec5c4a7 
redhat/7.3/updates-testing/i386/postgresql-7.2.7-1.2.legacy.i386.rpm
2f0d1bf43ce424777839a4114c1586de17003028 
redhat/7.3/updates-testing/i386/postgresql-contrib-7.2.7-1.2.legacy.i386.rpm
3c8ca3b49b600ee328d376509ba2fa81178bc785 
redhat/7.3/updates-testing/i386/postgresql-devel-7.2.7-1.2.legacy.i386.rpm
69f068253ca62dbfecf102e4599ad592fe07d654 
redhat/7.3/updates-testing/i386/postgresql-docs-7.2.7-1.2.legacy.i386.rpm
0aef7d8c5eaa0f9acbbf6bbdb9aa325ff993094c 
redhat/7.3/updates-testing/i386/postgresql-jdbc-7.2.7-1.2.legacy.i386.rpm
4ddd20835495bf19a00665136b3e7634e3e29da4 
redhat/7.3/updates-testing/i386/postgresql-libs-7.2.7-1.2.legacy.i386.rpm
11a5ef1ad11f2cbd11344aa225c4685ecffe56c1 
redhat/7.3/updates-testing/i386/postgresql-odbc-7.2.7-1.2.legacy.i386.rpm
5cafe5600b825fcbf96eebc390ac0f2024b2a2be 
redhat/7.3/updates-testing/i386/postgresql-perl-7.2.7-1.2.legacy.i386.rpm
a00ed6283f7b0b4878be4a5d33c4d08c6cecd032 
redhat/7.3/updates-testing/i386/postgresql-python-7.2.7-1.2.legacy.i386.rpm
022b23b4f4f7942220a8ca069b739089873685b2 
redhat/7.3/updates-testing/i386/postgresql-server-7.2.7-1.2.legacy.i386.rpm
77156886ec28350b6dffef06f96fcb3ee1ee7ebf 
redhat/7.3/updates-testing/i386/postgresql-tcl-7.2.7-1.2.legacy.i386.rpm
2c3cc238af77cee13a342c677c965c5d57c34bb9 
redhat/7.3/updates-testing/i386/postgresql-test-7.2.7-1.2.legacy.i386.rpm
f150672bd8473dc450010b436e557a46761f5c57 
redhat/7.3/updates-testing/i386/postgresql-tk-7.2.7-1.2.legacy.i386.rpm
35222d526cd08e720a50d5f441a152fc6d93056f 
redhat/7.3/updates-testing/SRPMS/postgresql-7.2.7-1.2.legacy.src.rpm

rh9:
97c1e38c06d6bb16a76e346aad2a9ae9f4dbe4de 
redhat/9/updates-testing/i386/postgresql-7.3.9-0.90.2.legacy.i386.rpm
44dc64014d89dd84cb7dbc7077adcb0b8d382233 
redhat/9/updates-testing/i386/postgresql-contrib-7.3.9-0.90.2.legacy.i386.rpm
12fea917971b79931ab833c7725e2fed9ee737f5 
redhat/9/updates-testing/i386/postgresql-devel-7.3.9-0.90.2.legacy.i386.rpm
db0d341829ca4d29dfefa049939efea2f0a7b966 
redhat/9/updates-testing/i386/postgresql-docs-7.3.9-0.90.2.legacy.i386.rpm
882789ef9a838332b16477f4c217c9c61517ac97 
redhat/9/updates-testing/i386/postgresql-jdbc-7.3.9-0.90.2.legacy.i386.rpm
9247cee701af231b2c5a29d880c347a2a9d99399 
redhat/9/updates-testing/i386/postgresql-libs-7.3.9-0.90.2.legacy.i386.rpm
7afd9c0344c6b340d77fd74be9ba2f7b078d7a8a 
redhat/9/updates-testing/i386/postgresql-pl-7.3.9-0.90.2.legacy.i386.rpm
11889c69f5ecafcbf8d75905d8452ae3a8f8227f 
redhat/9/updates-testing/i386/postgresql-python-7.3.9-0.90.2.legacy.i386.rpm
1446eb258819fb54beb7c4cafd53ad828b445eab 
redhat/9/updates-testing/i386/postgresql-server-7.3.9-0.90.2.legacy.i386.rpm
9d367f4e478199a6d186633f302c706ba2a6dbd6 
redhat/9/updates-testing/i386/postgresql-tcl-7.3.9-0.90.2.legacy.i386.rpm
8c06644a98389f11fa1a5a13f5a4d6c9558b8d0f 
redhat/9/updates-testing/i386/postgresql-test-7.3.9-0.90.2.legacy.i386.rpm
7855eeced400cfeaf85b478c69810099eb304826 
redhat/9/updates-testing/SRPMS/postgresql-7.3.9-0.90.2.legacy.src.rpm

fc1:
e41bd8377a22b935f44202ddc785fc9185355234 
fedora/1/updates-testing/i386/postgresql-7.3.9-1.2.legacy.i386.rpm
efab40afd8fe5c92a7d68a5a41d01fcec96430c6 
fedora/1/updates-testing/i386/postgresql-contrib-7.3.9-1.2.legacy.i386.rpm
9044550eed20628c22f4f75bb13afcddfd0d724a 
fedora/1/updates-testing/i386/postgresql-devel-7.3.9-1.2.legacy.i386.rpm
8c689dc13b2be91d97a235a389f85f615d1d1ee6 
fedora/1/updates-testing/i386/postgresql-docs-7.3.9-1.2.legacy.i386.rpm
2da174ac3fd08fa4e5dda831054d1e541f7226fb 
fedora/1/updates-testing/i386/postgresql-jdbc-7.3.9-1.2.legacy.i386.rpm
d6a0eb0d12ebc73b5fde3bd45e6eb9061f56ca00 
fedora/1/updates-testing/i386/postgresql-libs-7.3.9-1.2.legacy.i386.rpm
a1bccc43dffd3bbb0bcd1351f4b75965f8e24e6d 
fedora/1/updates-testing/i386/postgresql-pl-7.3.9-1.2.legacy.i386.rpm
4a4d1bf5cfa876b0303a4eefb4df4aea7f90cea3 
fedora/1/updates-testing/i386/postgresql-python-7.3.9-1.2.legacy.i386.rpm
62e0287827577a799f586b0815cbbe5544952207 
fedora/1/updates-testing/i386/postgresql-server-7.3.9-1.2.legacy.i386.rpm
c993c8888856a89603116de70a8f6f5de8422c7a 
fedora/1/updates-testing/i386/postgresql-tcl-7.3.9-1.2.legacy.i386.rpm
766dd53d0ef9761c986373f7c9626ecb85635893 
fedora/1/updates-testing/i386/postgresql-test-7.3.9-1.2.legacy.i386.rpm
993c2134e2a29ecde59935afa87b6d11a1d3a108 
fedora/1/updates-testing/SRPMS/postgresql-7.3.9-1.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050307/2fc43c1e/attachment.sig>

More information about the fedora-legacy-list mailing list