Rapid7 Vulnerability & Exploit Database

CESA-2004:489: rh-postgresql security update

Back to Search

CESA-2004:489: rh-postgresql security update

Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:P/A:N)
Published
02/09/2005
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

Updated rh-postgresql packages that fix various bugs are now available.

PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects, and user-defined types and functions). Trustix has identified improper temporary file usage in the make_oidjoins_check script. It is possible that an attacker could overwrite arbitrary file contents as the user running the make_oidjoins_check script. This script has been removed from the RPM file since it has no use to ordinary users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0977 to this issue. Additionally, the following non-security issues have been addressed: - Fixed a low probability risk for loss of recently committed transactions. - Fixed a low probability risk for loss of older data due to failure to update transaction status. - A lock file problem that sometimes prevented automatic restart after a system crash has been fixed. All users of rh-postgresql should upgrade to these updated packages, which resolve these issues.

Solution(s)

  • centos-upgrade-rh-postgresql
  • centos-upgrade-rh-postgresql-contrib
  • centos-upgrade-rh-postgresql-devel
  • centos-upgrade-rh-postgresql-docs
  • centos-upgrade-rh-postgresql-jdbc
  • centos-upgrade-rh-postgresql-libs
  • centos-upgrade-rh-postgresql-pl
  • centos-upgrade-rh-postgresql-python
  • centos-upgrade-rh-postgresql-server
  • centos-upgrade-rh-postgresql-tcl
  • centos-upgrade-rh-postgresql-test

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;