Fedora 9: 2009-2927 Critical Advisory For PostgreSQL 8.3.7 DoS

PostgreSQL is an advanced Object-Relational database management system

(DBMS) that supports almost all SQL constructs (including

transactions, subselects and user-defined types and functions). The

postgresql package includes the client programs and libraries that

you'll need to access a PostgreSQL DBMS server. These PostgreSQL

client programs are programs that directly manipulate the internal

structure of PostgreSQL databases on a PostgreSQL server. These client

programs can be located on the same machine with the PostgreSQL

server, or may be on a remote machine which accesses a PostgreSQL

server over a network connection. This package contains the docs

in HTML for the whole package, as well as command-line utilities for

managing PostgreSQL databases on a PostgreSQL server.

If you want to manipulate a PostgreSQL database on a remote PostgreSQL

server, you need this package. You also need to install this package

if you're installing the postgresql-server package.

Update to PostgreSQL 8.3.7, for various fixes described at

https://www.postgresql.org/docs/8.3/release-8-3-7.html

* Sat Mar 21 2009 Tom Lane 8.3.7-1

- Update to PostgreSQL 8.3.7, for various fixes described at

https://www.postgresql.org/docs/8.3/release-8-3-7.html

notably the fix for CVE-2009-0922

* Mon Mar 9 2009 Oliver Falk 8.3.6-2

- Use -O1 on alpha, as on sparc64

- Renable selftests on alpha again

* Sat Feb 7 2009 Tom Lane 8.3.6-1

- Update to PostgreSQL 8.3.6, for various fixes described at

https://www.postgresql.org/docs/8.3/release-8-3-6.html

* Wed Jan 21 2009 Dennis Gilmore 8.3.5-1.1

- use -O1 on sparc64

* Sun Nov 2 2008 Tom Lane 8.3.5-1

- Update to PostgreSQL 8.3.5.

- Improve display from init script's initdb action, per Michael Schwendt

* Thu Sep 25 2008 Tom Lane 8.3.4-1

- Update to PostgreSQL 8.3.4.

* Fri Jun 20 2008 Tom Lane 8.3.3-2

- Install Pgtcl in /usr/lib/tcl$TCL_VERSION, not directly in /usr/lib.

Needed because tcl 8.5 no longer puts /usr/lib into its package search path.

NOTE: do not back-port this change into branches using pre-8.5 tcl, because

/usr/lib/tcl8.4 had been a symlink to /usr/share/tcl8.4, and /usr/share

is exactly where we must not put Pgtcl.

Resolves: #228263

* Wed Jun 11 2008 Tom Lane 8.3.3-1

- Update to PostgreSQL 8.3.3.

- Remove postgresql-prefer-ncurses.patch, no longer needed in recent

Fedora releases because libtermcap is gone.

- Enable LDAP support

Resolves: #445315

- Use -Wl,--as-needed to suppress bogus dependencies for libraries that

are really only needed by some of the subpackages

- Clean up cross-subpackage Requires: to ensure that updating any one

subpackage brings in the matching versions of others.

Resolves: #444271

* Thu May 22 2008 Dennis Gilmore 8.3.1-2

- at Tom's request remove conditionalised patch letting sparc64 builds fail

* Thu May 22 2008 Dennis Gilmore 8.3.1-2

- apply patch on sparc64 only to cover differences in output

- filed upstream as bug #4190

[ 1 ] Bug #488156 - CVE-2009-0922 postgresql: potential DoS due to conversion functions

https://bugzilla.redhat.com/show_bug.cgi?id=488156

su -c 'yum update postgresql' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/