Updated postgresql packages that fix two security issues are now available
for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
PostgreSQL is an advanced Object-Relational database management system
A flaw was found in the way the PostgreSQL server handles certain
SQL-language functions. An authenticated user could execute a sequence of
commands which could crash the PostgreSQL server or possibly read from
arbitrary memory locations. A user would need to have permissions to drop
and add database tables to be able to exploit this issue (CVE-2007-0555).
A denial of service flaw was found affecting the PostgreSQL server running
on Red Hat Enterprise Linux 4 systems. An authenticated user could execute
an SQL command which could crash the PostgreSQL server. (CVE-2006-5540)
Users of PostgreSQL should upgrade to these updated packages containing
PostgreSQL version 7.4.16 or 7.3.18, which correct these issues.