Updated postgresql packages that fix several security issues are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
PostgreSQL is an advanced Object-Relational database management system
Two flaws were found in the way the PostgreSQL server handles certain
SQL-language functions. An authenticated user could execute a sequence of
commands which could crash the PostgreSQL server or possibly read from
arbitrary memory locations. A user would need to have permissions to drop
and add database tables to be able to exploit these issues (CVE-2007-0555,
Several denial of service flaws were found in the PostgreSQL server. An
authenticated user could execute certain SQL commands which could crash the
PostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542).
Users of PostgreSQL should upgrade to these updated packages containing
PostgreSQL version 8.1.8 which corrects these issues.