Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

PostgreSQL CVE-2010-3433 Privilege Escalation Advisory for SL 6.x

Calendar Mar 03, 2011 User Avatar LinuxSecurity Advisories
2 - 3 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate privilege escalation postgresql SL6.x
Moderate: postgresql security update 
Date: Thu, 3 Mar 2011 16:22:49 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Moderate: postgresql on SL6.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Moderate: postgresql security update
Issue date:	2010-11-23
CVE Names:	CVE-2010-3433

It was discovered that a user could utilize the features of the PL/Perl
andaPL/Tcl languages to modify the behavior of a SECURITY DEFINER
functionacreated by a different user. If the PL/Perl or PL/Tcl language
was used toaimplement a SECURITY DEFINER function, an authenticated
database user couldause a PL/Perl or PL/Tcl script to modify the
behavior of that functionaduring subsequent calls in the same session.
This would result in theamodified or injected code also being executed
with the privileges of theauser who created the SECURITY DEFINER
function, possibly leading to privilege escalation. (CVE-2010-3433)

These updated postgresql packages upgrade PostgreSQL to version 8.4.5.
Refer to the PostgreSQL Release Notes for a list of changes:

https://www.postgresql.org/docs/8.4/release.html

If the postgresql service is running, it will be automatically restarted
after installing this update.

SL 6.x

 SRPMS:
postgresql-8.4.5-1.el6_0.2.src.rpm
 i386:
postgresql-8.4.5-1.el6_0.2.i686.rpm
postgresql-contrib-8.4.5-1.el6_0.2.i686.rpm
postgresql-devel-8.4.5-1.el6_0.2.i686.rpm
postgresql-docs-8.4.5-1.el6_0.2.i686.rpm
postgresql-libs-8.4.5-1.el6_0.2.i686.rpm
postgresql-plperl-8.4.5-1.el6_0.2.i686.rpm
postgresql-plpython-8.4.5-1.el6_0.2.i686.rpm
postgresql-pltcl-8.4.5-1.el6_0.2.i686.rpm
postgresql-server-8.4.5-1.el6_0.2.i686.rpm
postgresql-test-8.4.5-1.el6_0.2.i686.rpm
 x86_64:
postgresql-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-contrib-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-devel-8.4.5-1.el6_0.2.i686.rpm
postgresql-devel-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-docs-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-libs-8.4.5-1.el6_0.2.i686.rpm
postgresql-libs-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-plperl-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-plpython-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-pltcl-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-server-8.4.5-1.el6_0.2.x86_64.rpm
postgresql-test-8.4.5-1.el6_0.2.x86_64.rpm

-Connie Sieh
-Troy Dawson
Your message here