[arch] [security] Warning on postgresql

Mon, 12 Feb 2007 08:46:20 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------
Arch Linux Security Warning        ALSW 2007-#4
- ------------------------------------------------------------

Name:      postgresql
Date:      2007-02-12
Severity:  High
Warning #: 2007-#4

- ------------------------------------------------------------

Product Background
===================
 A sophisticated object-relational DBMS


Problem Background
===================

PostgreSQL 8.1 before 8.1.7 allows attackers to disable
certain checks for the data types of SQL function arguments, which
allows remote authenticated users to cause a denial of service (server
crash) and possibly access database content.

The query planner in PostgreSQL 8.1 before 8.1.7, does not verify that
a table is compatible with a
"previously made query plan," which allows remote authenticated users
to cause a denial of service (server crash) and possibly access
database content via an "ALTER COLUMN TYPE" SQL statement, which can
be leveraged to read arbitrary memory from the server.


Problem Packages
===================
- ------------------------------------------------------------------
Package       |   Repo    |   Group    |   Unsafe   |    Safe    |
- ------------------------------------------------------------------
  postgresql      current     daemons      < 8.1.8   >= 8.1.8

Package Fix
===================
Upgrade to postgresql 8.1.8, that contains all security patches from
8.1.7.
Source:
ftp://ftp.postgresql.org/pub/source/v8.1.8/postgresql-base-8.1.8.tar.bz2
md5sum:
5da7d5bf67e01ddc1fbd92a072ccd3f3


Reference(s)
===================

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556

Contact
===================
JJDaNiMoTh (jjdanimoth AT gmail DOT com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF0JkmcJj0HNhER0MRAj9fAJ45QA5N0toImlszuiyjC4SIzGISVQCaA8tE
P3ndvUZUKkPW6v9N9j8TWX8=
=8Em2
-----END PGP SIGNATURE-----


_______________________________________________
arch mailing list
arch@archlinux.org
http://www.archlinux.org/mailman/listinfo/arch

Reply via email to