Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora: 2009-9473 Critical PostgreSQL Security Issues Fixed

fedora
Calendar Grey September 11, 2009
Dist Fedora Esm H88
Fedora 11 improves PostgreSQL by addressing important vulnerabilities and offers comprehensive package information.
Update to PostgreSQL 8.3.8, for various fixes described at https://www.postgresql.org/docs/8.3/release-8-3-8.html including three security issues

Summary

PostgreSQL is an advanced Object-Relational database management system

(DBMS) that supports almost all SQL constructs (including

transactions, subselects and user-defined types and functions). The

postgresql package includes the client programs and libraries that

you'll need to access a PostgreSQL DBMS server. These PostgreSQL

client programs are programs that directly manipulate the internal

structure of PostgreSQL databases on a PostgreSQL server. These client

programs can be located on the same machine with the PostgreSQL

server, or may be on a remote machine which accesses a PostgreSQL

server over a network connection. This package contains the docs

in HTML for the whole package, as well as command-line utilities for

managing PostgreSQL databases on a PostgreSQL server.

If you want to manipulate a PostgreSQL database on a remote PostgreSQL

server, you need this package. You also need to install this package

if you're installing the postgresql-server package.

Update Information:

Update to PostgreSQL 8.3.8, for various fixes described at https://www.postgresql.org/docs/8.3/release-8-3-8.html including three security issues

Topics%20covered

Topics Covered

security advisory DoS issue Fedora critical fix PostgreSQL SQL escalation

Change Log

* Wed Sep 9 2009 Tom Lane 8.3.8-1 - Update to PostgreSQL 8.3.8, for various fixes described at https://www.postgresql.org/docs/8.3/release-8-3-8.html including three security issues Related: #522084 Related: #522085 Related: #522092 * Thu Aug 20 2009 Tom "spot" Callaway 8.3.7-1.1 - fix license tag

References


[ 1 ] Bug #522084 - postgresql: LDAP authentication bypass when anonymous LDAP bind are allowed https://bugzilla.redhat.com/show_bug.cgi?id=522084 [ 2 ] Bug #522085 - postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600 https://bugzilla.redhat.com/show_bug.cgi?id=522085 [ 3 ] Bug #522092 - postgresql: authenticated user server DoS via plugin re-LOAD-ing https://bugzilla.redhat.com/show_bug.cgi?id=522092

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update postgresql' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: postgresql
Product: Fedora 11
Version: 8.3.8
Release: 1.fc11
URL: https://www.postgresql.org/
Summary: PostgreSQL client programs and libraries

Topics%20covered

Topics Covered

security advisory DoS issue Fedora critical fix PostgreSQL SQL escalation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here