Red Hat: rh-postgresql update | LinuxSecurity.com

Advisories


---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated rh-postgresql packages
Advisory ID:       RHSA-2004:489-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-489.html
Issue date:        2004-12-20
Updated on:        2004-12-20
Product:           Red Hat Enterprise Linux
Keywords:          PostgreSQL
Obsoletes:         RHBA-2004:307
CVE Names:         CAN-2004-0977
---------------------------------------------------------------------

1. Summary:

Updated rh-postgresql packages that fix various bugs are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

PostgreSQL is an advanced Object-Relational database management system
(DBMS) that supports almost all SQL constructs (including transactions,
subselects, and user-defined types and functions).

Trustix has identified improper temporary file usage in the
make_oidjoins_check script.  It is possible that an attacker could
overwrite arbitrary file contents as the user running the
make_oidjoins_check script.  This script has been removed from the RPM file
since it has no use to ordinary users.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0977 to
this issue.

Additionally, the following non-security issues have been addressed:

- Fixed a low probability risk for loss of recently committed transactions.

- Fixed a low probability risk for loss of older data due to failure to
  update transaction status.

- A lock file problem that sometimes prevented automatic restart after a
  system crash has been fixed.

All users of rh-postgresql should upgrade to these updated packages, which
resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate.  The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (https://bugzilla.redhat.com/):

130814 - PostgreSQL can lose committed transactions
130989 - a bug in rh-postgresql.spec file
134090 - Postgres's init script does not remove stale PID file
136300 - CAN-2004-0977 temporary file vulnerabilities in make_oidjoins_check script
136949 - PostgreSQL data loss risk and minor security issues

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/rh-postgresql-7.3.8-2.src.rpm
b6f78f4d007ff34fd27c73e8e2184b9a  rh-postgresql-7.3.8-2.src.rpm

i386:
9a8e4fab3fefaa9c62adffab85d7f9dd  rh-postgresql-7.3.8-2.i386.rpm
cbe1191f0e15417f42bd63ae30ccd3e5  rh-postgresql-contrib-7.3.8-2.i386.rpm
9555acf13b8ebf18dfb481cd5c6f99c1  rh-postgresql-devel-7.3.8-2.i386.rpm
dbe30f5c7d8a9dd83090857800ce4a62  rh-postgresql-docs-7.3.8-2.i386.rpm
e011a190a43641d139052255b6b3727b  rh-postgresql-jdbc-7.3.8-2.i386.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
0365a7e9e9afe7a21d3479175ede1194  rh-postgresql-pl-7.3.8-2.i386.rpm
ba83c9b6005800cb36e31d789aea1003  rh-postgresql-python-7.3.8-2.i386.rpm
f695cfb3138039e3bfce6191d2eedba7  rh-postgresql-server-7.3.8-2.i386.rpm
a894286bfd45da019bd2f083c510c013  rh-postgresql-tcl-7.3.8-2.i386.rpm
ba1a9a7eafd9f54d5da3be6477afa91b  rh-postgresql-test-7.3.8-2.i386.rpm

ia64:
b81fe8a042275a6eae8e019ed024bb52  rh-postgresql-7.3.8-2.ia64.rpm
44617417c491cd9618414cdedfad7704  rh-postgresql-contrib-7.3.8-2.ia64.rpm
d68d98d887e03743fa57c479465a2378  rh-postgresql-devel-7.3.8-2.ia64.rpm
d0f30ecba82ffbb20c9d5b5381e82697  rh-postgresql-docs-7.3.8-2.ia64.rpm
27dc30c3cf876227812759044db25829  rh-postgresql-jdbc-7.3.8-2.ia64.rpm
8f82413ed98614887bf84b90705e5f9b  rh-postgresql-libs-7.3.8-2.ia64.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
b7c203dbbb7339d038d66e857bc3d4b9  rh-postgresql-pl-7.3.8-2.ia64.rpm
7ace5c441704b85d292405139b8cc322  rh-postgresql-python-7.3.8-2.ia64.rpm
ff98fdfb1d3bd314b3531ece1ee1914c  rh-postgresql-server-7.3.8-2.ia64.rpm
6b8d0f1eaef081197b2c9206641fba8f  rh-postgresql-tcl-7.3.8-2.ia64.rpm
80603313ddbdd0615de272825c4563ff  rh-postgresql-test-7.3.8-2.ia64.rpm

ppc:
61cb8351f26b2d2cb1c67d35b4d54aa5  rh-postgresql-7.3.8-2.ppc.rpm
7d85d7aa8f268df2c17e1031070bb4f3  rh-postgresql-contrib-7.3.8-2.ppc.rpm
2fb726274c0ef0efd3edd3c3d09907d6  rh-postgresql-devel-7.3.8-2.ppc.rpm
78b2859d5bfd196e6b7de7bf0f4b8edd  rh-postgresql-docs-7.3.8-2.ppc.rpm
77a4a4438201e52c2655c89cf93d8c2e  rh-postgresql-jdbc-7.3.8-2.ppc.rpm
bfe513f316461b70e6f16e55a7239983  rh-postgresql-libs-7.3.8-2.ppc.rpm
ec6ecaecc2fad7f89fc4f252d38d0768  rh-postgresql-pl-7.3.8-2.ppc.rpm
c5d1fa31dba46003b6a1a45edd2f9a9b  rh-postgresql-python-7.3.8-2.ppc.rpm
f4784bf0163b4d4d323989241049d851  rh-postgresql-server-7.3.8-2.ppc.rpm
3a806dbdaa439256b157b8405df94eb3  rh-postgresql-tcl-7.3.8-2.ppc.rpm
038f122dbc33dec81fe277d8b1fc87ed  rh-postgresql-test-7.3.8-2.ppc.rpm

ppc64:
1948dd5f3925216c7ecea6bc424b288f  rh-postgresql-libs-7.3.8-2.ppc64.rpm

s390:
3ec831b0bf766b9dd9880cd144e0b732  rh-postgresql-7.3.8-2.s390.rpm
5c918ccf8bdb5b5d7480ed17c1273b5f  rh-postgresql-contrib-7.3.8-2.s390.rpm
f5237ab51b6eb4b3da36adc42ea16bcd  rh-postgresql-devel-7.3.8-2.s390.rpm
90fc27be8ac2c65ebd7668f53276b260  rh-postgresql-docs-7.3.8-2.s390.rpm
06367e3e830c62c8afd9afca9ae99d33  rh-postgresql-jdbc-7.3.8-2.s390.rpm
1aff1b96a8d94965a12a4c9bfbbe9a11  rh-postgresql-libs-7.3.8-2.s390.rpm
644b0b229a2916b59aca7fa543e605d3  rh-postgresql-pl-7.3.8-2.s390.rpm
db08ba50321ae2ecc185b290ea36a39d  rh-postgresql-python-7.3.8-2.s390.rpm
bf664bf955832af93ff862d2488db4bf  rh-postgresql-server-7.3.8-2.s390.rpm
4c6e9bccebbb29c5767d4ab8172b8b55  rh-postgresql-tcl-7.3.8-2.s390.rpm
12ac81c2da135e94e9619dc71174e541  rh-postgresql-test-7.3.8-2.s390.rpm

s390x:
0fb9269140c52e80cec05f2bac2c5a45  rh-postgresql-7.3.8-2.s390x.rpm
0c9c9f6dbb68b3d637948444a57d7d9f  rh-postgresql-contrib-7.3.8-2.s390x.rpm
8136241175742881a571681e8fb38418  rh-postgresql-devel-7.3.8-2.s390x.rpm
c7fdd00fc81c887cf06761366a854863  rh-postgresql-docs-7.3.8-2.s390x.rpm
0e013178fd4bfad778a346a6386d7fae  rh-postgresql-jdbc-7.3.8-2.s390x.rpm
8d840586780a5443ee055c578f1cafea  rh-postgresql-libs-7.3.8-2.s390x.rpm
1aff1b96a8d94965a12a4c9bfbbe9a11  rh-postgresql-libs-7.3.8-2.s390.rpm
42b5090143b89c99de862a1f43abdc19  rh-postgresql-pl-7.3.8-2.s390x.rpm
5d6925405e6086946e4ba18330f2542e  rh-postgresql-python-7.3.8-2.s390x.rpm
cdd8ffee22bee31625edde4d78726bc3  rh-postgresql-server-7.3.8-2.s390x.rpm
9a1928941441bcfec612b8f529323389  rh-postgresql-tcl-7.3.8-2.s390x.rpm
0311161816e1c56ff87b8bb606865a70  rh-postgresql-test-7.3.8-2.s390x.rpm

x86_64:
58be01e12b8b73f6c7d986f085308b6f  rh-postgresql-7.3.8-2.x86_64.rpm
97052514a167a5f2e177b1789ea42104  rh-postgresql-contrib-7.3.8-2.x86_64.rpm
52f4461df7735a5e617e917b406ce1fd  rh-postgresql-devel-7.3.8-2.x86_64.rpm
dc3d6f4246ca53d9d5b9a7c67c2bcadf  rh-postgresql-docs-7.3.8-2.x86_64.rpm
dca39c461cf73431984b28b304fa2584  rh-postgresql-jdbc-7.3.8-2.x86_64.rpm
4594237703b5e15de4219c3d7a6cf88f  rh-postgresql-libs-7.3.8-2.x86_64.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
01bf5f97411d52a80f569c711c8631a0  rh-postgresql-pl-7.3.8-2.x86_64.rpm
0867682b553bf2a4f97bf4df13472f52  rh-postgresql-python-7.3.8-2.x86_64.rpm
c3bce4b8c1f3725f1ea74ac05c1bc0bd  rh-postgresql-server-7.3.8-2.x86_64.rpm
d33a6dbd447e819993fb93d48e2429bd  rh-postgresql-tcl-7.3.8-2.x86_64.rpm
24b8957973eb0ea8855318e70fc36286  rh-postgresql-test-7.3.8-2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/rh-postgresql-7.3.8-2.src.rpm
b6f78f4d007ff34fd27c73e8e2184b9a  rh-postgresql-7.3.8-2.src.rpm

i386:
9a8e4fab3fefaa9c62adffab85d7f9dd  rh-postgresql-7.3.8-2.i386.rpm
cbe1191f0e15417f42bd63ae30ccd3e5  rh-postgresql-contrib-7.3.8-2.i386.rpm
9555acf13b8ebf18dfb481cd5c6f99c1  rh-postgresql-devel-7.3.8-2.i386.rpm
dbe30f5c7d8a9dd83090857800ce4a62  rh-postgresql-docs-7.3.8-2.i386.rpm
e011a190a43641d139052255b6b3727b  rh-postgresql-jdbc-7.3.8-2.i386.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
0365a7e9e9afe7a21d3479175ede1194  rh-postgresql-pl-7.3.8-2.i386.rpm
ba83c9b6005800cb36e31d789aea1003  rh-postgresql-python-7.3.8-2.i386.rpm
f695cfb3138039e3bfce6191d2eedba7  rh-postgresql-server-7.3.8-2.i386.rpm
a894286bfd45da019bd2f083c510c013  rh-postgresql-tcl-7.3.8-2.i386.rpm
ba1a9a7eafd9f54d5da3be6477afa91b  rh-postgresql-test-7.3.8-2.i386.rpm

x86_64:
58be01e12b8b73f6c7d986f085308b6f  rh-postgresql-7.3.8-2.x86_64.rpm
97052514a167a5f2e177b1789ea42104  rh-postgresql-contrib-7.3.8-2.x86_64.rpm
52f4461df7735a5e617e917b406ce1fd  rh-postgresql-devel-7.3.8-2.x86_64.rpm
dc3d6f4246ca53d9d5b9a7c67c2bcadf  rh-postgresql-docs-7.3.8-2.x86_64.rpm
dca39c461cf73431984b28b304fa2584  rh-postgresql-jdbc-7.3.8-2.x86_64.rpm
4594237703b5e15de4219c3d7a6cf88f  rh-postgresql-libs-7.3.8-2.x86_64.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
01bf5f97411d52a80f569c711c8631a0  rh-postgresql-pl-7.3.8-2.x86_64.rpm
0867682b553bf2a4f97bf4df13472f52  rh-postgresql-python-7.3.8-2.x86_64.rpm
c3bce4b8c1f3725f1ea74ac05c1bc0bd  rh-postgresql-server-7.3.8-2.x86_64.rpm
d33a6dbd447e819993fb93d48e2429bd  rh-postgresql-tcl-7.3.8-2.x86_64.rpm
24b8957973eb0ea8855318e70fc36286  rh-postgresql-test-7.3.8-2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/rh-postgresql-7.3.8-2.src.rpm
b6f78f4d007ff34fd27c73e8e2184b9a  rh-postgresql-7.3.8-2.src.rpm

i386:
9a8e4fab3fefaa9c62adffab85d7f9dd  rh-postgresql-7.3.8-2.i386.rpm
cbe1191f0e15417f42bd63ae30ccd3e5  rh-postgresql-contrib-7.3.8-2.i386.rpm
9555acf13b8ebf18dfb481cd5c6f99c1  rh-postgresql-devel-7.3.8-2.i386.rpm
dbe30f5c7d8a9dd83090857800ce4a62  rh-postgresql-docs-7.3.8-2.i386.rpm
e011a190a43641d139052255b6b3727b  rh-postgresql-jdbc-7.3.8-2.i386.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
0365a7e9e9afe7a21d3479175ede1194  rh-postgresql-pl-7.3.8-2.i386.rpm
ba83c9b6005800cb36e31d789aea1003  rh-postgresql-python-7.3.8-2.i386.rpm
f695cfb3138039e3bfce6191d2eedba7  rh-postgresql-server-7.3.8-2.i386.rpm
a894286bfd45da019bd2f083c510c013  rh-postgresql-tcl-7.3.8-2.i386.rpm
ba1a9a7eafd9f54d5da3be6477afa91b  rh-postgresql-test-7.3.8-2.i386.rpm

ia64:
b81fe8a042275a6eae8e019ed024bb52  rh-postgresql-7.3.8-2.ia64.rpm
44617417c491cd9618414cdedfad7704  rh-postgresql-contrib-7.3.8-2.ia64.rpm
d68d98d887e03743fa57c479465a2378  rh-postgresql-devel-7.3.8-2.ia64.rpm
d0f30ecba82ffbb20c9d5b5381e82697  rh-postgresql-docs-7.3.8-2.ia64.rpm
27dc30c3cf876227812759044db25829  rh-postgresql-jdbc-7.3.8-2.ia64.rpm
8f82413ed98614887bf84b90705e5f9b  rh-postgresql-libs-7.3.8-2.ia64.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
b7c203dbbb7339d038d66e857bc3d4b9  rh-postgresql-pl-7.3.8-2.ia64.rpm
7ace5c441704b85d292405139b8cc322  rh-postgresql-python-7.3.8-2.ia64.rpm
ff98fdfb1d3bd314b3531ece1ee1914c  rh-postgresql-server-7.3.8-2.ia64.rpm
6b8d0f1eaef081197b2c9206641fba8f  rh-postgresql-tcl-7.3.8-2.ia64.rpm
80603313ddbdd0615de272825c4563ff  rh-postgresql-test-7.3.8-2.ia64.rpm

x86_64:
58be01e12b8b73f6c7d986f085308b6f  rh-postgresql-7.3.8-2.x86_64.rpm
97052514a167a5f2e177b1789ea42104  rh-postgresql-contrib-7.3.8-2.x86_64.rpm
52f4461df7735a5e617e917b406ce1fd  rh-postgresql-devel-7.3.8-2.x86_64.rpm
dc3d6f4246ca53d9d5b9a7c67c2bcadf  rh-postgresql-docs-7.3.8-2.x86_64.rpm
dca39c461cf73431984b28b304fa2584  rh-postgresql-jdbc-7.3.8-2.x86_64.rpm
4594237703b5e15de4219c3d7a6cf88f  rh-postgresql-libs-7.3.8-2.x86_64.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
01bf5f97411d52a80f569c711c8631a0  rh-postgresql-pl-7.3.8-2.x86_64.rpm
0867682b553bf2a4f97bf4df13472f52  rh-postgresql-python-7.3.8-2.x86_64.rpm
c3bce4b8c1f3725f1ea74ac05c1bc0bd  rh-postgresql-server-7.3.8-2.x86_64.rpm
d33a6dbd447e819993fb93d48e2429bd  rh-postgresql-tcl-7.3.8-2.x86_64.rpm
24b8957973eb0ea8855318e70fc36286  rh-postgresql-test-7.3.8-2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/rh-postgresql-7.3.8-2.src.rpm
b6f78f4d007ff34fd27c73e8e2184b9a  rh-postgresql-7.3.8-2.src.rpm

i386:
9a8e4fab3fefaa9c62adffab85d7f9dd  rh-postgresql-7.3.8-2.i386.rpm
cbe1191f0e15417f42bd63ae30ccd3e5  rh-postgresql-contrib-7.3.8-2.i386.rpm
9555acf13b8ebf18dfb481cd5c6f99c1  rh-postgresql-devel-7.3.8-2.i386.rpm
dbe30f5c7d8a9dd83090857800ce4a62  rh-postgresql-docs-7.3.8-2.i386.rpm
e011a190a43641d139052255b6b3727b  rh-postgresql-jdbc-7.3.8-2.i386.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
0365a7e9e9afe7a21d3479175ede1194  rh-postgresql-pl-7.3.8-2.i386.rpm
ba83c9b6005800cb36e31d789aea1003  rh-postgresql-python-7.3.8-2.i386.rpm
f695cfb3138039e3bfce6191d2eedba7  rh-postgresql-server-7.3.8-2.i386.rpm
a894286bfd45da019bd2f083c510c013  rh-postgresql-tcl-7.3.8-2.i386.rpm
ba1a9a7eafd9f54d5da3be6477afa91b  rh-postgresql-test-7.3.8-2.i386.rpm

ia64:
b81fe8a042275a6eae8e019ed024bb52  rh-postgresql-7.3.8-2.ia64.rpm
44617417c491cd9618414cdedfad7704  rh-postgresql-contrib-7.3.8-2.ia64.rpm
d68d98d887e03743fa57c479465a2378  rh-postgresql-devel-7.3.8-2.ia64.rpm
d0f30ecba82ffbb20c9d5b5381e82697  rh-postgresql-docs-7.3.8-2.ia64.rpm
27dc30c3cf876227812759044db25829  rh-postgresql-jdbc-7.3.8-2.ia64.rpm
8f82413ed98614887bf84b90705e5f9b  rh-postgresql-libs-7.3.8-2.ia64.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
b7c203dbbb7339d038d66e857bc3d4b9  rh-postgresql-pl-7.3.8-2.ia64.rpm
7ace5c441704b85d292405139b8cc322  rh-postgresql-python-7.3.8-2.ia64.rpm
ff98fdfb1d3bd314b3531ece1ee1914c  rh-postgresql-server-7.3.8-2.ia64.rpm
6b8d0f1eaef081197b2c9206641fba8f  rh-postgresql-tcl-7.3.8-2.ia64.rpm
80603313ddbdd0615de272825c4563ff  rh-postgresql-test-7.3.8-2.ia64.rpm

x86_64:
58be01e12b8b73f6c7d986f085308b6f  rh-postgresql-7.3.8-2.x86_64.rpm
97052514a167a5f2e177b1789ea42104  rh-postgresql-contrib-7.3.8-2.x86_64.rpm
52f4461df7735a5e617e917b406ce1fd  rh-postgresql-devel-7.3.8-2.x86_64.rpm
dc3d6f4246ca53d9d5b9a7c67c2bcadf  rh-postgresql-docs-7.3.8-2.x86_64.rpm
dca39c461cf73431984b28b304fa2584  rh-postgresql-jdbc-7.3.8-2.x86_64.rpm
4594237703b5e15de4219c3d7a6cf88f  rh-postgresql-libs-7.3.8-2.x86_64.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
01bf5f97411d52a80f569c711c8631a0  rh-postgresql-pl-7.3.8-2.x86_64.rpm
0867682b553bf2a4f97bf4df13472f52  rh-postgresql-python-7.3.8-2.x86_64.rpm
c3bce4b8c1f3725f1ea74ac05c1bc0bd  rh-postgresql-server-7.3.8-2.x86_64.rpm
d33a6dbd447e819993fb93d48e2429bd  rh-postgresql-tcl-7.3.8-2.x86_64.rpm
24b8957973eb0ea8855318e70fc36286  rh-postgresql-test-7.3.8-2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0977

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2004 Red Hat, Inc.

Red Hat: rh-postgresql update

Trustix has identified improper temporary file usage in the make_oidjoins_check script

Summary

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (https://bugzilla.redhat.com/):

130814 - PostgreSQL can lose committed transactions 130989 - a bug in rh-postgresql.spec file 134090 - Postgres's init script does not remove stale PID file 136300 - CAN-2004-0977 temporary file vulnerabilities in make_oidjoins_check script 136949 - PostgreSQL data loss risk and minor security issues

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/rh-postgresql-7.3.8-2.src.rpm b6f78f4d007ff34fd27c73e8e2184b9a rh-postgresql-7.3.8-2.src.rpm

i386: 9a8e4fab3fefaa9c62adffab85d7f9dd rh-postgresql-7.3.8-2.i386.rpm cbe1191f0e15417f42bd63ae30ccd3e5 rh-postgresql-contrib-7.3.8-2.i386.rpm 9555acf13b8ebf18dfb481cd5c6f99c1 rh-postgresql-devel-7.3.8-2.i386.rpm dbe30f5c7d8a9dd83090857800ce4a62 rh-postgresql-docs-7.3.8-2.i386.rpm e011a190a43641d139052255b6b3727b rh-postgresql-jdbc-7.3.8-2.i386.rpm 7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm 0365a7e9e9afe7a21d3479175ede1194 rh-postgresql-pl-7.3.8-2.i386.rpm ba83c9b6005800cb36e31d789aea1003 rh-postgresql-python-7.3.8-2.i386.rpm f695cfb3138039e3bfce6191d2eedba7 rh-postgresql-server-7.3.8-2.i386.rpm a894286bfd45da019bd2f083c510c013 rh-postgresql-tcl-7.3.8-2.i386.rpm ba1a9a7eafd9f54d5da3be6477afa91b rh-postgresql-test-7.3.8-2.i386.rpm

ia64: b81fe8a042275a6eae8e019ed024bb52 rh-postgresql-7.3.8-2.ia64.rpm 44617417c491cd9618414cdedfad7704 rh-postgresql-contrib-7.3.8-2.ia64.rpm d68d98d887e03743fa57c479465a2378 rh-postgresql-devel-7.3.8-2.ia64.rpm d0f30ecba82ffbb20c9d5b5381e82697 rh-postgresql-docs-7.3.8-2.ia64.rpm 27dc30c3cf876227812759044db25829 rh-postgresql-jdbc-7.3.8-2.ia64.rpm 8f82413ed98614887bf84b90705e5f9b rh-postgresql-libs-7.3.8-2.ia64.rpm 7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm b7c203dbbb7339d038d66e857bc3d4b9 rh-postgresql-pl-7.3.8-2.ia64.rpm 7ace5c441704b85d292405139b8cc322 rh-postgresql-python-7.3.8-2.ia64.rpm ff98fdfb1d3bd314b3531ece1ee1914c rh-postgresql-server-7.3.8-2.ia64.rpm 6b8d0f1eaef081197b2c9206641fba8f rh-postgresql-tcl-7.3.8-2.ia64.rpm 80603313ddbdd0615de272825c4563ff rh-postgresql-test-7.3.8-2.ia64.rpm

ppc: 61cb8351f26b2d2cb1c67d35b4d54aa5 rh-postgresql-7.3.8-2.ppc.rpm 7d85d7aa8f268df2c17e1031070bb4f3 rh-postgresql-contrib-7.3.8-2.ppc.rpm 2fb726274c0ef0efd3edd3c3d09907d6 rh-postgresql-devel-7.3.8-2.ppc.rpm 78b2859d5bfd196e6b7de7bf0f4b8edd rh-postgresql-docs-7.3.8-2.ppc.rpm 77a4a4438201e52c2655c89cf93d8c2e rh-postgresql-jdbc-7.3.8-2.ppc.rpm bfe513f316461b70e6f16e55a7239983 rh-postgresql-libs-7.3.8-2.ppc.rpm ec6ecaecc2fad7f89fc4f252d38d0768 rh-postgresql-pl-7.3.8-2.ppc.rpm c5d1fa31dba46003b6a1a45edd2f9a9b rh-postgresql-python-7.3.8-2.ppc.rpm f4784bf0163b4d4d323989241049d851 rh-postgresql-server-7.3.8-2.ppc.rpm 3a806dbdaa439256b157b8405df94eb3 rh-postgresql-tcl-7.3.8-2.ppc.rpm 038f122dbc33dec81fe277d8b1fc87ed rh-postgresql-test-7.3.8-2.ppc.rpm

ppc64: 1948dd5f3925216c7ecea6bc424b288f rh-postgresql-libs-7.3.8-2.ppc64.rpm

s390: 3ec831b0bf766b9dd9880cd144e0b732 rh-postgresql-7.3.8-2.s390.rpm 5c918ccf8bdb5b5d7480ed17c1273b5f rh-postgresql-contrib-7.3.8-2.s390.rpm f5237ab51b6eb4b3da36adc42ea16bcd rh-postgresql-devel-7.3.8-2.s390.rpm 90fc27be8ac2c65ebd7668f53276b260 rh-postgresql-docs-7.3.8-2.s390.rpm 06367e3e830c62c8afd9afca9ae99d33 rh-postgresql-jdbc-7.3.8-2.s390.rpm 1aff1b96a8d94965a12a4c9bfbbe9a11 rh-postgresql-libs-7.3.8-2.s390.rpm 644b0b229a2916b59aca7fa543e605d3 rh-postgresql-pl-7.3.8-2.s390.rpm db08ba50321ae2ecc185b290ea36a39d rh-postgresql-python-7.3.8-2.s390.rpm bf664bf955832af93ff862d2488db4bf rh-postgresql-server-7.3.8-2.s390.rpm 4c6e9bccebbb29c5767d4ab8172b8b55 rh-postgresql-tcl-7.3.8-2.s390.rpm 12ac81c2da135e94e9619dc71174e541 rh-postgresql-test-7.3.8-2.s390.rpm

s390x: 0fb9269140c52e80cec05f2bac2c5a45 rh-postgresql-7.3.8-2.s390x.rpm 0c9c9f6dbb68b3d637948444a57d7d9f rh-postgresql-contrib-7.3.8-2.s390x.rpm 8136241175742881a571681e8fb38418 rh-postgresql-devel-7.3.8-2.s390x.rpm c7fdd00fc81c887cf06761366a854863 rh-postgresql-docs-7.3.8-2.s390x.rpm 0e013178fd4bfad778a346a6386d7fae rh-postgresql-jdbc-7.3.8-2.s390x.rpm 8d840586780a5443ee055c578f1cafea rh-postgresql-libs-7.3.8-2.s390x.rpm 1aff1b96a8d94965a12a4c9bfbbe9a11 rh-postgresql-libs-7.3.8-2.s390.rpm 42b5090143b89c99de862a1f43abdc19 rh-postgresql-pl-7.3.8-2.s390x.rpm 5d6925405e6086946e4ba18330f2542e rh-postgresql-python-7.3.8-2.s390x.rpm cdd8ffee22bee31625edde4d78726bc3 rh-postgresql-server-7.3.8-2.s390x.rpm 9a1928941441bcfec612b8f529323389 rh-postgresql-tcl-7.3.8-2.s390x.rpm 0311161816e1c56ff87b8bb606865a70 rh-postgresql-test-7.3.8-2.s390x.rpm

x86_64: 58be01e12b8b73f6c7d986f085308b6f rh-postgresql-7.3.8-2.x86_64.rpm 97052514a167a5f2e177b1789ea42104 rh-postgresql-contrib-7.3.8-2.x86_64.rpm 52f4461df7735a5e617e917b406ce1fd rh-postgresql-devel-7.3.8-2.x86_64.rpm dc3d6f4246ca53d9d5b9a7c67c2bcadf rh-postgresql-docs-7.3.8-2.x86_64.rpm dca39c461cf73431984b28b304fa2584 rh-postgresql-jdbc-7.3.8-2.x86_64.rpm 4594237703b5e15de4219c3d7a6cf88f rh-postgresql-libs-7.3.8-2.x86_64.rpm 7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm 01bf5f97411d52a80f569c711c8631a0 rh-postgresql-pl-7.3.8-2.x86_64.rpm 0867682b553bf2a4f97bf4df13472f52 rh-postgresql-python-7.3.8-2.x86_64.rpm c3bce4b8c1f3725f1ea74ac05c1bc0bd rh-postgresql-server-7.3.8-2.x86_64.rpm d33a6dbd447e819993fb93d48e2429bd rh-postgresql-tcl-7.3.8-2.x86_64.rpm 24b8957973eb0ea8855318e70fc36286 rh-postgresql-test-7.3.8-2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/rh-postgresql-7.3.8-2.src.rpm b6f78f4d007ff34fd27c73e8e2184b9a rh-postgresql-7.3.8-2.src.rpm

i386: 9a8e4fab3fefaa9c62adffab85d7f9dd rh-postgresql-7.3.8-2.i386.rpm cbe1191f0e15417f42bd63ae30ccd3e5 rh-postgresql-contrib-7.3.8-2.i386.rpm 9555acf13b8ebf18dfb481cd5c6f99c1 rh-postgresql-devel-7.3.8-2.i386.rpm dbe30f5c7d8a9dd83090857800ce4a62 rh-postgresql-docs-7.3.8-2.i386.rpm e011a190a43641d139052255b6b3727b rh-postgresql-jdbc-7.3.8-2.i386.rpm 7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm 0365a7e9e9afe7a21d3479175ede1194 rh-postgresql-pl-7.3.8-2.i386.rpm ba83c9b6005800cb36e31d789aea1003 rh-postgresql-python-7.3.8-2.i386.rpm f695cfb3138039e3bfce6191d2eedba7 rh-postgresql-server-7.3.8-2.i386.rpm a894286bfd45da019bd2f083c510c013 rh-postgresql-tcl-7.3.8-2.i386.rpm ba1a9a7eafd9f54d5da3be6477afa91b rh-postgresql-test-7.3.8-2.i386.rpm

x86_64: 58be01e12b8b73f6c7d986f085308b6f rh-postgresql-7.3.8-2.x86_64.rpm 97052514a167a5f2e177b1789ea42104 rh-postgresql-contrib-7.3.8-2.x86_64.rpm 52f4461df7735a5e617e917b406ce1fd rh-postgresql-devel-7.3.8-2.x86_64.rpm dc3d6f4246ca53d9d5b9a7c67c2bcadf rh-postgresql-docs-7.3.8-2.x86_64.rpm dca39c461cf73431984b28b304fa2584 rh-postgresql-jdbc-7.3.8-2.x86_64.rpm 4594237703b5e15de4219c3d7a6cf88f rh-postgresql-libs-7.3.8-2.x86_64.rpm 7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm 01bf5f97411d52a80f569c711c8631a0 rh-postgresql-pl-7.3.8-2.x86_64.rpm 0867682b553bf2a4f97bf4df13472f52 rh-postgresql-python-7.3.8-2.x86_64.rpm c3bce4b8c1f3725f1ea74ac05c1bc0bd rh-postgresql-server-7.3.8-2.x86_64.rpm d33a6dbd447e819993fb93d48e2429bd rh-postgresql-tcl-7.3.8-2.x86_64.rpm 24b8957973eb0ea8855318e70fc36286 rh-postgresql-test-7.3.8-2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/rh-postgresql-7.3.8-2.src.rpm b6f78f4d007ff34fd27c73e8e2184b9a rh-postgresql-7.3.8-2.src.rpm

i386: 9a8e4fab3fefaa9c62adffab85d7f9dd rh-postgresql-7.3.8-2.i386.rpm cbe1191f0e15417f42bd63ae30ccd3e5 rh-postgresql-contrib-7.3.8-2.i386.rpm 9555acf13b8ebf18dfb481cd5c6f99c1 rh-postgresql-devel-7.3.8-2.i386.rpm dbe30f5c7d8a9dd83090857800ce4a62 rh-postgresql-docs-7.3.8-2.i386.rpm e011a190a43641d139052255b6b3727b rh-postgresql-jdbc-7.3.8-2.i386.rpm 7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm 0365a7e9e9afe7a21d3479175ede1194 rh-postgresql-pl-7.3.8-2.i386.rpm ba83c9b6005800cb36e31d789aea1003 rh-postgresql-python-7.3.8-2.i386.rpm f695cfb3138039e3bfce6191d2eedba7 rh-postgresql-server-7.3.8-2.i386.rpm a894286bfd45da019bd2f083c510c013 rh-postgresql-tcl-7.3.8-2.i386.rpm ba1a9a7eafd9f54d5da3be6477afa91b rh-postgresql-test-7.3.8-2.i386.rpm

ia64: b81fe8a042275a6eae8e019ed024bb52 rh-postgresql-7.3.8-2.ia64.rpm 44617417c491cd9618414cdedfad7704 rh-postgresql-contrib-7.3.8-2.ia64.rpm d68d98d887e03743fa57c479465a2378 rh-postgresql-devel-7.3.8-2.ia64.rpm d0f30ecba82ffbb20c9d5b5381e82697 rh-postgresql-docs-7.3.8-2.ia64.rpm 27dc30c3cf876227812759044db25829 rh-postgresql-jdbc-7.3.8-2.ia64.rpm 8f82413ed98614887bf84b90705e5f9b rh-postgresql-libs-7.3.8-2.ia64.rpm 7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm b7c203dbbb7339d038d66e857bc3d4b9 rh-postgresql-pl-7.3.8-2.ia64.rpm 7ace5c441704b85d292405139b8cc322 rh-postgresql-python-7.3.8-2.ia64.rpm ff98fdfb1d3bd314b3531ece1ee1914c rh-postgresql-server-7.3.8-2.ia64.rpm 6b8d0f1eaef081197b2c9206641fba8f rh-postgresql-tcl-7.3.8-2.ia64.rpm 80603313ddbdd0615de272825c4563ff rh-postgresql-test-7.3.8-2.ia64.rpm

x86_64: 58be01e12b8b73f6c7d986f085308b6f rh-postgresql-7.3.8-2.x86_64.rpm 97052514a167a5f2e177b1789ea42104 rh-postgresql-contrib-7.3.8-2.x86_64.rpm 52f4461df7735a5e617e917b406ce1fd rh-postgresql-devel-7.3.8-2.x86_64.rpm dc3d6f4246ca53d9d5b9a7c67c2bcadf rh-postgresql-docs-7.3.8-2.x86_64.rpm dca39c461cf73431984b28b304fa2584 rh-postgresql-jdbc-7.3.8-2.x86_64.rpm 4594237703b5e15de4219c3d7a6cf88f rh-postgresql-libs-7.3.8-2.x86_64.rpm 7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm 01bf5f97411d52a80f569c711c8631a0 rh-postgresql-pl-7.3.8-2.x86_64.rpm 0867682b553bf2a4f97bf4df13472f52 rh-postgresql-python-7.3.8-2.x86_64.rpm c3bce4b8c1f3725f1ea74ac05c1bc0bd rh-postgresql-server-7.3.8-2.x86_64.rpm d33a6dbd447e819993fb93d48e2429bd rh-postgresql-tcl-7.3.8-2.x86_64.rpm 24b8957973eb0ea8855318e70fc36286 rh-postgresql-test-7.3.8-2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/rh-postgresql-7.3.8-2.src.rpm b6f78f4d007ff34fd27c73e8e2184b9a rh-postgresql-7.3.8-2.src.rpm

i386: 9a8e4fab3fefaa9c62adffab85d7f9dd rh-postgresql-7.3.8-2.i386.rpm cbe1191f0e15417f42bd63ae30ccd3e5 rh-postgresql-contrib-7.3.8-2.i386.rpm 9555acf13b8ebf18dfb481cd5c6f99c1 rh-postgresql-devel-7.3.8-2.i386.rpm dbe30f5c7d8a9dd83090857800ce4a62 rh-postgresql-docs-7.3.8-2.i386.rpm e011a190a43641d139052255b6b3727b rh-postgresql-jdbc-7.3.8-2.i386.rpm 7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm 0365a7e9e9afe7a21d3479175ede1194 rh-postgresql-pl-7.3.8-2.i386.rpm ba83c9b6005800cb36e31d789aea1003 rh-postgresql-python-7.3.8-2.i386.rpm f695cfb3138039e3bfce6191d2eedba7 rh-postgresql-server-7.3.8-2.i386.rpm a894286bfd45da019bd2f083c510c013 rh-postgresql-tcl-7.3.8-2.i386.rpm ba1a9a7eafd9f54d5da3be6477afa91b rh-postgresql-test-7.3.8-2.i386.rpm

ia64: b81fe8a042275a6eae8e019ed024bb52 rh-postgresql-7.3.8-2.ia64.rpm 44617417c491cd9618414cdedfad7704 rh-postgresql-contrib-7.3.8-2.ia64.rpm d68d98d887e03743fa57c479465a2378 rh-postgresql-devel-7.3.8-2.ia64.rpm d0f30ecba82ffbb20c9d5b5381e82697 rh-postgresql-docs-7.3.8-2.ia64.rpm 27dc30c3cf876227812759044db25829 rh-postgresql-jdbc-7.3.8-2.ia64.rpm 8f82413ed98614887bf84b90705e5f9b rh-postgresql-libs-7.3.8-2.ia64.rpm 7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm b7c203dbbb7339d038d66e857bc3d4b9 rh-postgresql-pl-7.3.8-2.ia64.rpm 7ace5c441704b85d292405139b8cc322 rh-postgresql-python-7.3.8-2.ia64.rpm ff98fdfb1d3bd314b3531ece1ee1914c rh-postgresql-server-7.3.8-2.ia64.rpm 6b8d0f1eaef081197b2c9206641fba8f rh-postgresql-tcl-7.3.8-2.ia64.rpm 80603313ddbdd0615de272825c4563ff rh-postgresql-test-7.3.8-2.ia64.rpm

x86_64: 58be01e12b8b73f6c7d986f085308b6f rh-postgresql-7.3.8-2.x86_64.rpm 97052514a167a5f2e177b1789ea42104 rh-postgresql-contrib-7.3.8-2.x86_64.rpm 52f4461df7735a5e617e917b406ce1fd rh-postgresql-devel-7.3.8-2.x86_64.rpm dc3d6f4246ca53d9d5b9a7c67c2bcadf rh-postgresql-docs-7.3.8-2.x86_64.rpm dca39c461cf73431984b28b304fa2584 rh-postgresql-jdbc-7.3.8-2.x86_64.rpm 4594237703b5e15de4219c3d7a6cf88f rh-postgresql-libs-7.3.8-2.x86_64.rpm 7db6fc9638372c5cd81182888dffcb2e rh-postgresql-libs-7.3.8-2.i386.rpm 01bf5f97411d52a80f569c711c8631a0 rh-postgresql-pl-7.3.8-2.x86_64.rpm 0867682b553bf2a4f97bf4df13472f52 rh-postgresql-python-7.3.8-2.x86_64.rpm c3bce4b8c1f3725f1ea74ac05c1bc0bd rh-postgresql-server-7.3.8-2.x86_64.rpm d33a6dbd447e819993fb93d48e2429bd rh-postgresql-tcl-7.3.8-2.x86_64.rpm 24b8957973eb0ea8855318e70fc36286 rh-postgresql-test-7.3.8-2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0977

Package List

Severity
Advisory ID: RHSA-2004:489-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2004-489.html
Issued Date: : 2004-12-20
Updated on: 2004-12-20
Product: Red Hat Enterprise Linux
Keywords: PostgreSQL
Obsoletes: RHBA-2004:307
CVE Names: CAN-2004-0977 ---------------------------------------------------------------------

Topic

Updated rh-postgresql packages that fix various bugs are now available.

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

PostgreSQL is an advanced Object-Relational database management system

(DBMS) that supports almost all SQL constructs (including transactions,

subselects, and user-defined types and functions).

Trustix has identified improper temporary file usage in the

make_oidjoins_check script. It is possible that an attacker could

overwrite arbitrary file contents as the user running the

make_oidjoins_check script. This script has been removed from the RPM file

since it has no use to ordinary users. The Common Vulnerabilities and

Exposures project (cve.mitre.org) has assigned the name CAN-2004-0977 to

this issue.

Additionally, the following non-security issues have been addressed:

- Fixed a low probability risk for loss of recently committed transactions.

- Fixed a low probability risk for loss of older data due to failure to

update transaction status.

- A lock file problem that sometimes prevented automatic restart after a

system crash has been fixed.

All users of rh-postgresql should upgrade to these updated packages, which

resolve these issues.

Bugs Fixed

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.