Full Disclosure mailing list archives
rPSA-2007-0025-2 postgresql postgresql-server
From: rPath Update Announcements <announce-noreply () rpath com>
Date: Wed, 07 Feb 2007 22:37:53 -0500
rPath Security Advisory: 2007-0025-2 Published: 2007-02-06 Updated: 2007-02-07 PostgreSQL 8.1.8 corrects regression Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local User Deterministic Vulnerability Updated Versions: postgresql=/conary.rpath.com@rpl:devel//1/8.1.7-0.1-1 postgresql-server=/conary.rpath.com@rpl:devel//1/8.1.7-0.1-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556 https://issues.rpath.com/browse/RPL-830 https://issues.rpath.com/browse/RPL-1025 Description: Previous versions of the postgresql package are vulnerable to two attacks in which an authenticated database user can cause the database server process to crash (Denial of Service), and possibly also read privileged database content (Information Exposure). 7 February 2007 Update: The security fix provided in PostgreSQL 8.1.7 introduced a functional regression: it added an overly-restrictive check for type length in constraints and functional indexes. PostgreSQL 8.1.8 corrects this error. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- rPSA-2007-0025-2 postgresql postgresql-server rPath Update Announcements (Feb 07)