Updated postgresql packages that fix several security vulnerabilities are
now available for the Red Hat Application Stack.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
PostgreSQL is an advanced Object-Relational database management system
Two flaws were found in the way the PostgreSQL server handles certain
SQL-language functions. An authenticated user could execute a sequence of
command which could crash the PostgreSQL server or possibly read from
arbitrary memory locations. A user must have permissions to drop and add
database tables to exploit this flaw. (CVE-2007-0555, CVE-2007-0556)
Several denial of service flaws were found in the PostgreSQL server. An
authenticated user could execute an SQL command which could crash the
PostgreSQL server. (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542)
Users of PostgreSQL should upgrade to these updated packages containing
PostgreSQL version 8.1.7, which corrects these issues.
Note: The original PostgreSQL 8.1.7 security patch contained an error; this
release includes the updated patch and so is equivalent to the