Описание
ELSA-2009-1484: postgresql security update (MODERATE)
[8.1.18-2.el5_4.1]
- Remove unnecessary .o file that confuses TPS tests Related: #525284
[8.1.18-1.el5_4.1]
- Update to PostgreSQL 8.1.18 to fix CVE-2009-0922, CVE-2009-3230, and assorted other bugs described at http://www.postgresql.org/docs/8.1/static/release.html Resolves: #525284
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
postgresql
8.1.18-2.el5_4.1
postgresql-contrib
8.1.18-2.el5_4.1
postgresql-devel
8.1.18-2.el5_4.1
postgresql-docs
8.1.18-2.el5_4.1
postgresql-libs
8.1.18-2.el5_4.1
postgresql-pl
8.1.18-2.el5_4.1
postgresql-python
8.1.18-2.el5_4.1
postgresql-server
8.1.18-2.el5_4.1
postgresql-tcl
8.1.18-2.el5_4.1
postgresql-test
8.1.18-2.el5_4.1
Oracle Linux x86_64
postgresql
8.1.18-2.el5_4.1
postgresql-contrib
8.1.18-2.el5_4.1
postgresql-devel
8.1.18-2.el5_4.1
postgresql-docs
8.1.18-2.el5_4.1
postgresql-libs
8.1.18-2.el5_4.1
postgresql-pl
8.1.18-2.el5_4.1
postgresql-python
8.1.18-2.el5_4.1
postgresql-server
8.1.18-2.el5_4.1
postgresql-tcl
8.1.18-2.el5_4.1
postgresql-test
8.1.18-2.el5_4.1
Oracle Linux i386
postgresql
8.1.18-2.el5_4.1
postgresql-contrib
8.1.18-2.el5_4.1
postgresql-devel
8.1.18-2.el5_4.1
postgresql-docs
8.1.18-2.el5_4.1
postgresql-libs
8.1.18-2.el5_4.1
postgresql-pl
8.1.18-2.el5_4.1
postgresql-python
8.1.18-2.el5_4.1
postgresql-server
8.1.18-2.el5_4.1
postgresql-tcl
8.1.18-2.el5_4.1
postgresql-test
8.1.18-2.el5_4.1
Связанные CVE
Связанные уязвимости
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8 ...
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.