__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN postgresql Update [RHSA-2006:0526-8] May 24, 2006 21:00 GMT Number Q-207 [REVISED 05 June 2006] ______________________________________________________________________________ PROBLEM: A bug was found in the way PostgreSQL's PQescapeString function escapes strings when operating in a multibyte character encoding. PLATFORM: Red Hat Desktop (v. 3 and v. 4) Red Hat Enterprise Linux AS (v. 3 and v. 4) Red Hat Enterprise Linux ES (v. 3 and v. 4) Red Hat Enterprise Linux WS (v. 3 and v. 4) DAMAGE: It is possible for an attacker to provide an application which may be improperly escaped, allowing the attacker to inject malicious SQL. SOLUTION: Apply vendor updates. ______________________________________________________________________________ VULNERABILITY The risk is LOW - It is possible for an attacker to provide an ASSESSMENT: application with a carefully crafted string which may be improperly escaped, allowing the attacker to inject malicious SQL. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-207.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2006-0526.html ADDITIONAL LINKS: Debian Security Advisory 1087-1 http://www.debian.org/security/2006/dsa-1087 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0591 ______________________________________________________________________________ REVISION HISTORY: 06/05/2006 - added a link to Debian Security Advisory 1087-1 [***** Start RHSA-2006:0526-8 *****] Important: postgresql security update Advisory: RHSA-2006:0526-8 Type: Security Advisory Issued on: 2006-05-23 Last updated on: 2006-05-23 Affected Products: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) CVEs (cve.mitre.org): CVE-2006-0591 CVE-2006-2313 CVE-2006-2314 Details Updated postgresql packages that fix several security vulnerabilities are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). A bug was found in the way PostgreSQL's PQescapeString function escapes strings when operating in a multibyte character encoding. It is possible for an attacker to provide an application a carefully crafted string containing invalidly-encoded characters, which may be improperly escaped, allowing the attacker to inject malicious SQL. While this update fixes how PQescapeString operates, the PostgreSQL server has also been modified to prevent such an attack occurring through unpatched clients. (CVE-2006-2313, CVE-2006-2314). More details about this issue are available in the linked PostgreSQL technical documentation. An integer signedness bug was found in the way PostgreSQL generated password salts. The actual salt size is only half the size of the expected salt, making the process of brute forcing password hashes slightly easier. This update will not strengthen already existing passwords, but all newly assigned passwords will have the proper salt length. (CVE-2006-0591) Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 7.4.13, which corrects these issues. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: rh-postgresql-7.3.15-2.src.rpm f5b85396c43ce5e8bca57d90b8886fe2 IA-32: rh-postgresql-7.3.15-2.i386.rpm 2cf096afd1252a8e89065ed6ed3c660c rh-postgresql-contrib-7.3.15-2.i386.rpm 6d6744e73b2fcf4665304d459486fc4e rh-postgresql-devel-7.3.15-2.i386.rpm 9a4cc576c40e35fee7ac34312fa50587 rh-postgresql-docs-7.3.15-2.i386.rpm 615a3ff5263788588d440c10278cb303 rh-postgresql-jdbc-7.3.15-2.i386.rpm 88040f427fd6c79742125cdd6facedf6 rh-postgresql-libs-7.3.15-2.i386.rpm 7576bf0821e04e2bc76ca3a66f163b83 rh-postgresql-pl-7.3.15-2.i386.rpm 69367f394085c3999d7f9864cf66cf87 rh-postgresql-python-7.3.15-2.i386.rpm f032112cde45526e1a72633c5c61a995 rh-postgresql-server-7.3.15-2.i386.rpm 44155a707069542ca295294cdc128696 rh-postgresql-tcl-7.3.15-2.i386.rpm 5cc5f0fb1ef0979db3f64bda9af9c0c8 rh-postgresql-test-7.3.15-2.i386.rpm 62d844f23ae72d2c71a6fab79c6e0349 x86_64: rh-postgresql-7.3.15-2.x86_64.rpm 37042256bd084683de86f0ead9816ef8 rh-postgresql-contrib-7.3.15-2.x86_64.rpm 7dd7d81265eabe78cec9ed2656262d76 rh-postgresql-devel-7.3.15-2.x86_64.rpm 5d15b28f3e206650f824fc5363013362 rh-postgresql-docs-7.3.15-2.x86_64.rpm eadfa062e1eda2913a6f2954a7dc153f rh-postgresql-jdbc-7.3.15-2.x86_64.rpm 5af850606b9e09b31e6ff15ba9727d32 rh-postgresql-libs-7.3.15-2.i386.rpm 7576bf0821e04e2bc76ca3a66f163b83 rh-postgresql-libs-7.3.15-2.x86_64.rpm bd11624018440a52d067d94f962d09ca rh-postgresql-pl-7.3.15-2.x86_64.rpm 146b689a048779cd36f9ec3b0e190304 rh-postgresql-python-7.3.15-2.x86_64.rpm b7a4047f9af62722e4c57c7f22152871 rh-postgresql-server-7.3.15-2.x86_64.rpm 577a79b107a249c930c23384107759a4 rh-postgresql-tcl-7.3.15-2.x86_64.rpm f85a67fe9cdfd36f9d6ec1b8a33b7487 rh-postgresql-test-7.3.15-2.x86_64.rpm 23424b8b2e2569e9591911469c4b41f4 Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: postgresql-7.4.13-2.RHEL4.1.src.rpm fafadca866c965c44fdf54e803c1015c IA-32: postgresql-7.4.13-2.RHEL4.1.i386.rpm 0dcba7d7c3279090de9ecbcdf6baaff2 postgresql-contrib-7.4.13-2.RHEL4.1.i386.rpm cad77af974759dcea904ea1d6d321960 postgresql-devel-7.4.13-2.RHEL4.1.i386.rpm 4315a9b8c3a428a60f579d2e6f477ad9 postgresql-docs-7.4.13-2.RHEL4.1.i386.rpm 387b67e80d51d71660d8091fa4844ae5 postgresql-jdbc-7.4.13-2.RHEL4.1.i386.rpm 91ee9ef36294a517a2c6945b9da34388 postgresql-libs-7.4.13-2.RHEL4.1.i386.rpm a74a0c3e8323d6f226d07229adf86230 postgresql-pl-7.4.13-2.RHEL4.1.i386.rpm 4c434fb854009ec82f5201f1d040c7b5 postgresql-python-7.4.13-2.RHEL4.1.i386.rpm 89cbb724f3c118c6888375b27c13b408 postgresql-server-7.4.13-2.RHEL4.1.i386.rpm bc18f1129582fcb92ac154585aedefae postgresql-tcl-7.4.13-2.RHEL4.1.i386.rpm fff0d6a39542c3fd5bb0be7a91f42501 postgresql-test-7.4.13-2.RHEL4.1.i386.rpm d0c1594e4aef92daadb16c5c0e5165d1 x86_64: postgresql-7.4.13-2.RHEL4.1.x86_64.rpm 75b7fd15bf05fb038a54b6633fbf6e25 postgresql-contrib-7.4.13-2.RHEL4.1.x86_64.rpm a25c5860474b7727351c4905a6e4294f postgresql-devel-7.4.13-2.RHEL4.1.x86_64.rpm a430673b8fceca55dd6a3c3393ea3ab0 postgresql-docs-7.4.13-2.RHEL4.1.x86_64.rpm c5b28bed2bd463f0203d9bfd0527ba31 postgresql-jdbc-7.4.13-2.RHEL4.1.x86_64.rpm f7ca474449470842528c7258fff5dae9 postgresql-libs-7.4.13-2.RHEL4.1.i386.rpm a74a0c3e8323d6f226d07229adf86230 postgresql-libs-7.4.13-2.RHEL4.1.x86_64.rpm b1b478acdfdbc649ebe555f9594a7f9f postgresql-pl-7.4.13-2.RHEL4.1.x86_64.rpm 1a93f2e16ee16192543ec0e47d9c8206 postgresql-python-7.4.13-2.RHEL4.1.x86_64.rpm b76061568daaad8cccf4b89259309d8f postgresql-server-7.4.13-2.RHEL4.1.x86_64.rpm 63135fd22e47878efa228124786b5328 postgresql-tcl-7.4.13-2.RHEL4.1.x86_64.rpm 3ce1335ff1e99bc9a66a7588a4c23323 postgresql-test-7.4.13-2.RHEL4.1.x86_64.rpm aaba663500c8ad7e8d4e18ad0bee27d4 Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: rh-postgresql-7.3.15-2.src.rpm f5b85396c43ce5e8bca57d90b8886fe2 IA-32: rh-postgresql-7.3.15-2.i386.rpm 2cf096afd1252a8e89065ed6ed3c660c rh-postgresql-contrib-7.3.15-2.i386.rpm 6d6744e73b2fcf4665304d459486fc4e rh-postgresql-devel-7.3.15-2.i386.rpm 9a4cc576c40e35fee7ac34312fa50587 rh-postgresql-docs-7.3.15-2.i386.rpm 615a3ff5263788588d440c10278cb303 rh-postgresql-jdbc-7.3.15-2.i386.rpm 88040f427fd6c79742125cdd6facedf6 rh-postgresql-libs-7.3.15-2.i386.rpm 7576bf0821e04e2bc76ca3a66f163b83 rh-postgresql-pl-7.3.15-2.i386.rpm 69367f394085c3999d7f9864cf66cf87 rh-postgresql-python-7.3.15-2.i386.rpm f032112cde45526e1a72633c5c61a995 rh-postgresql-server-7.3.15-2.i386.rpm 44155a707069542ca295294cdc128696 rh-postgresql-tcl-7.3.15-2.i386.rpm 5cc5f0fb1ef0979db3f64bda9af9c0c8 rh-postgresql-test-7.3.15-2.i386.rpm 62d844f23ae72d2c71a6fab79c6e0349 IA-64: rh-postgresql-7.3.15-2.ia64.rpm a5c4dc479814e4f2fc1751267074b232 rh-postgresql-contrib-7.3.15-2.ia64.rpm e587e5554862cce8e6c3b4a5a96f816f rh-postgresql-devel-7.3.15-2.ia64.rpm 131c8a90a4b1c601f058a0fab34381f9 rh-postgresql-docs-7.3.15-2.ia64.rpm 52d2b912086afaf65235a68396e0de68 rh-postgresql-jdbc-7.3.15-2.ia64.rpm 77d647f86e2ae369bc9be61df6a0fec6 rh-postgresql-libs-7.3.15-2.i386.rpm 7576bf0821e04e2bc76ca3a66f163b83 rh-postgresql-libs-7.3.15-2.ia64.rpm 97fd9bc7ecbdec47d332265b788d4e50 rh-postgresql-pl-7.3.15-2.ia64.rpm ee19a316ed24200aa1f9516f5a4035ed rh-postgresql-python-7.3.15-2.ia64.rpm 88a6b542ed2bd94172f08a6ad5ae951d rh-postgresql-server-7.3.15-2.ia64.rpm 406a6a23fd2d216e39926ce712574da7 rh-postgresql-tcl-7.3.15-2.ia64.rpm cff04f5c67fcee5ae6c78a916bab184b rh-postgresql-test-7.3.15-2.ia64.rpm 08aa6c3e4ba6e79bf8c07607db79255d PPC: rh-postgresql-7.3.15-2.ppc.rpm 725dadf79ae66b096d45f5f0e718ceb5 rh-postgresql-contrib-7.3.15-2.ppc.rpm 164bcaf7921849334fca20f29a1eeda8 rh-postgresql-devel-7.3.15-2.ppc.rpm 93cd3633df908ae48713be83e78fdfbb rh-postgresql-docs-7.3.15-2.ppc.rpm d850fb8a83a3344881e7b6d60b8bef35 rh-postgresql-jdbc-7.3.15-2.ppc.rpm 39e928f846e0bd16bf85bac240d85f2b rh-postgresql-libs-7.3.15-2.ppc.rpm 97c6930856260933b679d6f62f9607c3 rh-postgresql-libs-7.3.15-2.ppc64.rpm 047da9c01442c1e65c4aae2c9ef3c436 rh-postgresql-pl-7.3.15-2.ppc.rpm f0ab4059716dc85cdf85ceba70ea58a7 rh-postgresql-python-7.3.15-2.ppc.rpm f9ff6b074a0d9ab4c3d442dd7e68b6ee rh-postgresql-server-7.3.15-2.ppc.rpm 25477abdfe5c7b72d753c819cd4c70b0 rh-postgresql-tcl-7.3.15-2.ppc.rpm b24dfa1b671a11ab54e8627f72fdd661 rh-postgresql-test-7.3.15-2.ppc.rpm 40048f511f3ca94ae914dfd3095ca820 s390: rh-postgresql-7.3.15-2.s390.rpm ba5a5c179b50fbc805c196af478da4a2 rh-postgresql-contrib-7.3.15-2.s390.rpm 6d70795e0cb93dd39ec3961935a67e52 rh-postgresql-devel-7.3.15-2.s390.rpm 7f09debc472b4384a8deb788a732e103 rh-postgresql-docs-7.3.15-2.s390.rpm 672c839f5f75c6f9089336e34171c61d rh-postgresql-jdbc-7.3.15-2.s390.rpm c83ca89058109eecc3ed3c5f382bed93 rh-postgresql-libs-7.3.15-2.s390.rpm 27f893de154649f3a0a30a68aaf9db71 rh-postgresql-pl-7.3.15-2.s390.rpm e7dd73520211c6a432e303d7131abd3e rh-postgresql-python-7.3.15-2.s390.rpm cc410920ad536e7e56a183fd6cc3a05e rh-postgresql-server-7.3.15-2.s390.rpm ef6c02d111b94a7926ab5d554e0a3451 rh-postgresql-tcl-7.3.15-2.s390.rpm 3daba5657119c3b9a824db10c39feeb4 rh-postgresql-test-7.3.15-2.s390.rpm 775927ae45a120467ac9225e6751f121 s390x: rh-postgresql-7.3.15-2.s390x.rpm ffbf7224ab0dfb4ae3e68c61bde3dd44 rh-postgresql-contrib-7.3.15-2.s390x.rpm 6d552e7506c91954428e65a2340a9dd1 rh-postgresql-devel-7.3.15-2.s390x.rpm 9bfa5fadfbf1be6bbf71696b4b29fef8 rh-postgresql-docs-7.3.15-2.s390x.rpm 5d26c8af442807ecd44a1105ddcde423 rh-postgresql-jdbc-7.3.15-2.s390x.rpm 31c2127d66738251ad2f47b155e379a4 rh-postgresql-libs-7.3.15-2.s390.rpm 27f893de154649f3a0a30a68aaf9db71 rh-postgresql-libs-7.3.15-2.s390x.rpm b311d3ebf8249f01fd27666b6b5c0b28 rh-postgresql-pl-7.3.15-2.s390x.rpm 6dc44dc429ffa9e2cd70000648f10f57 rh-postgresql-python-7.3.15-2.s390x.rpm 048db6d6e2ea2b96ac857c94a644a335 rh-postgresql-server-7.3.15-2.s390x.rpm 6db8f04d7e9b69722c1364ba4535c191 rh-postgresql-tcl-7.3.15-2.s390x.rpm f2f09fbc1a9243a584e7895404bb4e99 rh-postgresql-test-7.3.15-2.s390x.rpm 3e71c40e9211c4c6818815f23f34f410 x86_64: rh-postgresql-7.3.15-2.x86_64.rpm 37042256bd084683de86f0ead9816ef8 rh-postgresql-contrib-7.3.15-2.x86_64.rpm 7dd7d81265eabe78cec9ed2656262d76 rh-postgresql-devel-7.3.15-2.x86_64.rpm 5d15b28f3e206650f824fc5363013362 rh-postgresql-docs-7.3.15-2.x86_64.rpm eadfa062e1eda2913a6f2954a7dc153f rh-postgresql-jdbc-7.3.15-2.x86_64.rpm 5af850606b9e09b31e6ff15ba9727d32 rh-postgresql-libs-7.3.15-2.i386.rpm 7576bf0821e04e2bc76ca3a66f163b83 rh-postgresql-libs-7.3.15-2.x86_64.rpm bd11624018440a52d067d94f962d09ca rh-postgresql-pl-7.3.15-2.x86_64.rpm 146b689a048779cd36f9ec3b0e190304 rh-postgresql-python-7.3.15-2.x86_64.rpm b7a4047f9af62722e4c57c7f22152871 rh-postgresql-server-7.3.15-2.x86_64.rpm 577a79b107a249c930c23384107759a4 rh-postgresql-tcl-7.3.15-2.x86_64.rpm f85a67fe9cdfd36f9d6ec1b8a33b7487 rh-postgresql-test-7.3.15-2.x86_64.rpm 23424b8b2e2569e9591911469c4b41f4 Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: postgresql-7.4.13-2.RHEL4.1.src.rpm fafadca866c965c44fdf54e803c1015c IA-32: postgresql-7.4.13-2.RHEL4.1.i386.rpm 0dcba7d7c3279090de9ecbcdf6baaff2 postgresql-contrib-7.4.13-2.RHEL4.1.i386.rpm cad77af974759dcea904ea1d6d321960 postgresql-devel-7.4.13-2.RHEL4.1.i386.rpm 4315a9b8c3a428a60f579d2e6f477ad9 postgresql-docs-7.4.13-2.RHEL4.1.i386.rpm 387b67e80d51d71660d8091fa4844ae5 postgresql-jdbc-7.4.13-2.RHEL4.1.i386.rpm 91ee9ef36294a517a2c6945b9da34388 postgresql-libs-7.4.13-2.RHEL4.1.i386.rpm a74a0c3e8323d6f226d07229adf86230 postgresql-pl-7.4.13-2.RHEL4.1.i386.rpm 4c434fb854009ec82f5201f1d040c7b5 postgresql-python-7.4.13-2.RHEL4.1.i386.rpm 89cbb724f3c118c6888375b27c13b408 postgresql-server-7.4.13-2.RHEL4.1.i386.rpm bc18f1129582fcb92ac154585aedefae postgresql-tcl-7.4.13-2.RHEL4.1.i386.rpm fff0d6a39542c3fd5bb0be7a91f42501 postgresql-test-7.4.13-2.RHEL4.1.i386.rpm d0c1594e4aef92daadb16c5c0e5165d1 IA-64: postgresql-7.4.13-2.RHEL4.1.ia64.rpm ac16353bceb5e547c0d738ea1886a025 postgresql-contrib-7.4.13-2.RHEL4.1.ia64.rpm d0bb9187e30d8b41fb92869d491ee2bb postgresql-devel-7.4.13-2.RHEL4.1.ia64.rpm 2fc0ec1099d7645fa3141af4a311532d postgresql-docs-7.4.13-2.RHEL4.1.ia64.rpm 8324d9094ad232d9833c17c380fbec92 postgresql-jdbc-7.4.13-2.RHEL4.1.ia64.rpm c0564affa0eceb6cbd517bb3bf3a3900 postgresql-libs-7.4.13-2.RHEL4.1.i386.rpm a74a0c3e8323d6f226d07229adf86230 postgresql-libs-7.4.13-2.RHEL4.1.ia64.rpm c770f0d541296cb29345ba1598cec493 postgresql-pl-7.4.13-2.RHEL4.1.ia64.rpm b6ed7a99931505516201f94768660a63 postgresql-python-7.4.13-2.RHEL4.1.ia64.rpm 48ea96b19d945cbaa24bce6309f13152 postgresql-server-7.4.13-2.RHEL4.1.ia64.rpm 5e18116014f8c8640034d8656d1afb26 postgresql-tcl-7.4.13-2.RHEL4.1.ia64.rpm 86f9ed80bde821b9eaa577860a82cf64 postgresql-test-7.4.13-2.RHEL4.1.ia64.rpm 9410dfe08991b6ed7a950bd86d813f87 PPC: postgresql-7.4.13-2.RHEL4.1.ppc.rpm 0ba97d4c4cf1c8e855232bd8909a1ade postgresql-contrib-7.4.13-2.RHEL4.1.ppc.rpm ef00e14fce4c017479c09ee1c90981ce postgresql-devel-7.4.13-2.RHEL4.1.ppc.rpm abdb8b97a9b3a6c59042e8aa7561bfec postgresql-docs-7.4.13-2.RHEL4.1.ppc.rpm 321e56cf9f6dedc0fb8c1f07562826bc postgresql-jdbc-7.4.13-2.RHEL4.1.ppc.rpm 20b760f48ac1b522f315efcaab05d4e8 postgresql-libs-7.4.13-2.RHEL4.1.ppc.rpm c50cada7ef71aa033bbc571983a4b128 postgresql-libs-7.4.13-2.RHEL4.1.ppc64.rpm 8f28fdbc2544095308fea51c6777a9f8 postgresql-pl-7.4.13-2.RHEL4.1.ppc.rpm 7d0df4d833970d781aacf0a392f520a5 postgresql-python-7.4.13-2.RHEL4.1.ppc.rpm 8366a4050252e36a69b5d76177c7093a postgresql-server-7.4.13-2.RHEL4.1.ppc.rpm d88266a537fa09052cb6f505e1c83244 postgresql-tcl-7.4.13-2.RHEL4.1.ppc.rpm ba35ec4f7dcdccb8090ec08879cac463 postgresql-test-7.4.13-2.RHEL4.1.ppc.rpm bd057d3feeaf63996642bc707cb3e91a s390: postgresql-7.4.13-2.RHEL4.1.s390.rpm 945ccb9f544ef73cc6a01a922df249f3 postgresql-contrib-7.4.13-2.RHEL4.1.s390.rpm 113eca207b74a52a3cdd10b872edd5bd postgresql-devel-7.4.13-2.RHEL4.1.s390.rpm 9e27a2f471d04aca549c719c366f4ff8 postgresql-docs-7.4.13-2.RHEL4.1.s390.rpm 2c0d19ea9b2517248e5cac664c8cbdeb postgresql-jdbc-7.4.13-2.RHEL4.1.s390.rpm 184975bb1bc71948ef39c178576d7568 postgresql-libs-7.4.13-2.RHEL4.1.s390.rpm 485ef6d4c90474c7dd75c62580ccd03a postgresql-pl-7.4.13-2.RHEL4.1.s390.rpm 20cbd15df81aa1a0594597ae05bbcf8e postgresql-python-7.4.13-2.RHEL4.1.s390.rpm dedc7a9c19d3040a34b239dbaee0403d postgresql-server-7.4.13-2.RHEL4.1.s390.rpm e6b9e684794b143376925e61cb0eb213 postgresql-tcl-7.4.13-2.RHEL4.1.s390.rpm e510568050eccf56a317ca708d2aefb2 postgresql-test-7.4.13-2.RHEL4.1.s390.rpm 5d6dbb40bd093e5decf869f283afe930 s390x: postgresql-7.4.13-2.RHEL4.1.s390x.rpm 588fd8301a406a81958fc0e893ef21fc postgresql-contrib-7.4.13-2.RHEL4.1.s390x.rpm e3d94b2c6d7a37b6ad1778a04728a950 postgresql-devel-7.4.13-2.RHEL4.1.s390x.rpm def5d5f01d19fa0e6274854527d13e23 postgresql-docs-7.4.13-2.RHEL4.1.s390x.rpm ac9c5d5a7dfc83c649eb4921d7391a73 postgresql-jdbc-7.4.13-2.RHEL4.1.s390x.rpm 842a56c79b1ce5e6877398ae364b35b5 postgresql-libs-7.4.13-2.RHEL4.1.s390.rpm 485ef6d4c90474c7dd75c62580ccd03a postgresql-libs-7.4.13-2.RHEL4.1.s390x.rpm bab6487c40d18e48c557d8c9a9c318c8 postgresql-pl-7.4.13-2.RHEL4.1.s390x.rpm 800f9a970ed12e2e258e0bbcf5bce96b postgresql-python-7.4.13-2.RHEL4.1.s390x.rpm 3afd848d7f5780fd564281d410c69775 postgresql-server-7.4.13-2.RHEL4.1.s390x.rpm e6ebc3f6a936aa5b7ba1575331af1910 postgresql-tcl-7.4.13-2.RHEL4.1.s390x.rpm d8f0bfbfde9bac65d446a7d1a52bee13 postgresql-test-7.4.13-2.RHEL4.1.s390x.rpm 53a2af4c843629b4b80355f4deb5fe12 x86_64: postgresql-7.4.13-2.RHEL4.1.x86_64.rpm 75b7fd15bf05fb038a54b6633fbf6e25 postgresql-contrib-7.4.13-2.RHEL4.1.x86_64.rpm a25c5860474b7727351c4905a6e4294f postgresql-devel-7.4.13-2.RHEL4.1.x86_64.rpm a430673b8fceca55dd6a3c3393ea3ab0 postgresql-docs-7.4.13-2.RHEL4.1.x86_64.rpm c5b28bed2bd463f0203d9bfd0527ba31 postgresql-jdbc-7.4.13-2.RHEL4.1.x86_64.rpm f7ca474449470842528c7258fff5dae9 postgresql-libs-7.4.13-2.RHEL4.1.i386.rpm a74a0c3e8323d6f226d07229adf86230 postgresql-libs-7.4.13-2.RHEL4.1.x86_64.rpm b1b478acdfdbc649ebe555f9594a7f9f postgresql-pl-7.4.13-2.RHEL4.1.x86_64.rpm 1a93f2e16ee16192543ec0e47d9c8206 postgresql-python-7.4.13-2.RHEL4.1.x86_64.rpm b76061568daaad8cccf4b89259309d8f postgresql-server-7.4.13-2.RHEL4.1.x86_64.rpm 63135fd22e47878efa228124786b5328 postgresql-tcl-7.4.13-2.RHEL4.1.x86_64.rpm 3ce1335ff1e99bc9a66a7588a4c23323 postgresql-test-7.4.13-2.RHEL4.1.x86_64.rpm aaba663500c8ad7e8d4e18ad0bee27d4 Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: rh-postgresql-7.3.15-2.src.rpm f5b85396c43ce5e8bca57d90b8886fe2 IA-32: rh-postgresql-7.3.15-2.i386.rpm 2cf096afd1252a8e89065ed6ed3c660c rh-postgresql-contrib-7.3.15-2.i386.rpm 6d6744e73b2fcf4665304d459486fc4e rh-postgresql-devel-7.3.15-2.i386.rpm 9a4cc576c40e35fee7ac34312fa50587 rh-postgresql-docs-7.3.15-2.i386.rpm 615a3ff5263788588d440c10278cb303 rh-postgresql-jdbc-7.3.15-2.i386.rpm 88040f427fd6c79742125cdd6facedf6 rh-postgresql-libs-7.3.15-2.i386.rpm 7576bf0821e04e2bc76ca3a66f163b83 rh-postgresql-pl-7.3.15-2.i386.rpm 69367f394085c3999d7f9864cf66cf87 rh-postgresql-python-7.3.15-2.i386.rpm f032112cde45526e1a72633c5c61a995 rh-postgresql-server-7.3.15-2.i386.rpm 44155a707069542ca295294cdc128696 rh-postgresql-tcl-7.3.15-2.i386.rpm 5cc5f0fb1ef0979db3f64bda9af9c0c8 rh-postgresql-test-7.3.15-2.i386.rpm 62d844f23ae72d2c71a6fab79c6e0349 IA-64: rh-postgresql-7.3.15-2.ia64.rpm a5c4dc479814e4f2fc1751267074b232 rh-postgresql-contrib-7.3.15-2.ia64.rpm e587e5554862cce8e6c3b4a5a96f816f rh-postgresql-devel-7.3.15-2.ia64.rpm 131c8a90a4b1c601f058a0fab34381f9 rh-postgresql-docs-7.3.15-2.ia64.rpm 52d2b912086afaf65235a68396e0de68 rh-postgresql-jdbc-7.3.15-2.ia64.rpm 77d647f86e2ae369bc9be61df6a0fec6 rh-postgresql-libs-7.3.15-2.i386.rpm 7576bf0821e04e2bc76ca3a66f163b83 rh-postgresql-libs-7.3.15-2.ia64.rpm 97fd9bc7ecbdec47d332265b788d4e50 rh-postgresql-pl-7.3.15-2.ia64.rpm ee19a316ed24200aa1f9516f5a4035ed rh-postgresql-python-7.3.15-2.ia64.rpm 88a6b542ed2bd94172f08a6ad5ae951d rh-postgresql-server-7.3.15-2.ia64.rpm 406a6a23fd2d216e39926ce712574da7 rh-postgresql-tcl-7.3.15-2.ia64.rpm cff04f5c67fcee5ae6c78a916bab184b rh-postgresql-test-7.3.15-2.ia64.rpm 08aa6c3e4ba6e79bf8c07607db79255d x86_64: rh-postgresql-7.3.15-2.x86_64.rpm 37042256bd084683de86f0ead9816ef8 rh-postgresql-contrib-7.3.15-2.x86_64.rpm 7dd7d81265eabe78cec9ed2656262d76 rh-postgresql-devel-7.3.15-2.x86_64.rpm 5d15b28f3e206650f824fc5363013362 rh-postgresql-docs-7.3.15-2.x86_64.rpm eadfa062e1eda2913a6f2954a7dc153f rh-postgresql-jdbc-7.3.15-2.x86_64.rpm 5af850606b9e09b31e6ff15ba9727d32 rh-postgresql-libs-7.3.15-2.i386.rpm 7576bf0821e04e2bc76ca3a66f163b83 rh-postgresql-libs-7.3.15-2.x86_64.rpm bd11624018440a52d067d94f962d09ca rh-postgresql-pl-7.3.15-2.x86_64.rpm 146b689a048779cd36f9ec3b0e190304 rh-postgresql-python-7.3.15-2.x86_64.rpm b7a4047f9af62722e4c57c7f22152871 rh-postgresql-server-7.3.15-2.x86_64.rpm 577a79b107a249c930c23384107759a4 rh-postgresql-tcl-7.3.15-2.x86_64.rpm f85a67fe9cdfd36f9d6ec1b8a33b7487 rh-postgresql-test-7.3.15-2.x86_64.rpm 23424b8b2e2569e9591911469c4b41f4 Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: postgresql-7.4.13-2.RHEL4.1.src.rpm fafadca866c965c44fdf54e803c1015c IA-32: postgresql-7.4.13-2.RHEL4.1.i386.rpm 0dcba7d7c3279090de9ecbcdf6baaff2 postgresql-contrib-7.4.13-2.RHEL4.1.i386.rpm cad77af974759dcea904ea1d6d321960 postgresql-devel-7.4.13-2.RHEL4.1.i386.rpm 4315a9b8c3a428a60f579d2e6f477ad9 postgresql-docs-7.4.13-2.RHEL4.1.i386.rpm 387b67e80d51d71660d8091fa4844ae5 postgresql-jdbc-7.4.13-2.RHEL4.1.i386.rpm 91ee9ef36294a517a2c6945b9da34388 postgresql-libs-7.4.13-2.RHEL4.1.i386.rpm a74a0c3e8323d6f226d07229adf86230 postgresql-pl-7.4.13-2.RHEL4.1.i386.rpm 4c434fb854009ec82f5201f1d040c7b5 postgresql-python-7.4.13-2.RHEL4.1.i386.rpm 89cbb724f3c118c6888375b27c13b408 postgresql-server-7.4.13-2.RHEL4.1.i386.rpm bc18f1129582fcb92ac154585aedefae postgresql-tcl-7.4.13-2.RHEL4.1.i386.rpm fff0d6a39542c3fd5bb0be7a91f42501 postgresql-test-7.4.13-2.RHEL4.1.i386.rpm d0c1594e4aef92daadb16c5c0e5165d1 IA-64: postgresql-7.4.13-2.RHEL4.1.ia64.rpm ac16353bceb5e547c0d738ea1886a025 postgresql-contrib-7.4.13-2.RHEL4.1.ia64.rpm d0bb9187e30d8b41fb92869d491ee2bb postgresql-devel-7.4.13-2.RHEL4.1.ia64.rpm 2fc0ec1099d7645fa3141af4a311532d postgresql-docs-7.4.13-2.RHEL4.1.ia64.rpm 8324d9094ad232d9833c17c380fbec92 postgresql-jdbc-7.4.13-2.RHEL4.1.ia64.rpm c0564affa0eceb6cbd517bb3bf3a3900 postgresql-libs-7.4.13-2.RHEL4.1.i386.rpm a74a0c3e8323d6f226d07229adf86230 postgresql-libs-7.4.13-2.RHEL4.1.ia64.rpm c770f0d541296cb29345ba1598cec493 postgresql-pl-7.4.13-2.RHEL4.1.ia64.rpm b6ed7a99931505516201f94768660a63 postgresql-python-7.4.13-2.RHEL4.1.ia64.rpm 48ea96b19d945cbaa24bce6309f13152 postgresql-server-7.4.13-2.RHEL4.1.ia64.rpm 5e18116014f8c8640034d8656d1afb26 postgresql-tcl-7.4.13-2.RHEL4.1.ia64.rpm 86f9ed80bde821b9eaa577860a82cf64 postgresql-test-7.4.13-2.RHEL4.1.ia64.rpm 9410dfe08991b6ed7a950bd86d813f87 x86_64: postgresql-7.4.13-2.RHEL4.1.x86_64.rpm 75b7fd15bf05fb038a54b6633fbf6e25 postgresql-contrib-7.4.13-2.RHEL4.1.x86_64.rpm a25c5860474b7727351c4905a6e4294f postgresql-devel-7.4.13-2.RHEL4.1.x86_64.rpm a430673b8fceca55dd6a3c3393ea3ab0 postgresql-docs-7.4.13-2.RHEL4.1.x86_64.rpm c5b28bed2bd463f0203d9bfd0527ba31 postgresql-jdbc-7.4.13-2.RHEL4.1.x86_64.rpm f7ca474449470842528c7258fff5dae9 postgresql-libs-7.4.13-2.RHEL4.1.i386.rpm a74a0c3e8323d6f226d07229adf86230 postgresql-libs-7.4.13-2.RHEL4.1.x86_64.rpm b1b478acdfdbc649ebe555f9594a7f9f postgresql-pl-7.4.13-2.RHEL4.1.x86_64.rpm 1a93f2e16ee16192543ec0e47d9c8206 postgresql-python-7.4.13-2.RHEL4.1.x86_64.rpm b76061568daaad8cccf4b89259309d8f postgresql-server-7.4.13-2.RHEL4.1.x86_64.rpm 63135fd22e47878efa228124786b5328 postgresql-tcl-7.4.13-2.RHEL4.1.x86_64.rpm 3ce1335ff1e99bc9a66a7588a4c23323 postgresql-test-7.4.13-2.RHEL4.1.x86_64.rpm aaba663500c8ad7e8d4e18ad0bee27d4 Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: rh-postgresql-7.3.15-2.src.rpm f5b85396c43ce5e8bca57d90b8886fe2 IA-32: rh-postgresql-7.3.15-2.i386.rpm 2cf096afd1252a8e89065ed6ed3c660c rh-postgresql-contrib-7.3.15-2.i386.rpm 6d6744e73b2fcf4665304d459486fc4e rh-postgresql-devel-7.3.15-2.i386.rpm 9a4cc576c40e35fee7ac34312fa50587 rh-postgresql-docs-7.3.15-2.i386.rpm 615a3ff5263788588d440c10278cb303 rh-postgresql-jdbc-7.3.15-2.i386.rpm 88040f427fd6c79742125cdd6facedf6 rh-postgresql-libs-7.3.15-2.i386.rpm 7576bf0821e04e2bc76ca3a66f163b83 rh-postgresql-pl-7.3.15-2.i386.rpm 69367f394085c3999d7f9864cf66cf87 rh-postgresql-python-7.3.15-2.i386.rpm f032112cde45526e1a72633c5c61a995 rh-postgresql-server-7.3.15-2.i386.rpm 44155a707069542ca295294cdc128696 rh-postgresql-tcl-7.3.15-2.i386.rpm 5cc5f0fb1ef0979db3f64bda9af9c0c8 rh-postgresql-test-7.3.15-2.i386.rpm 62d844f23ae72d2c71a6fab79c6e0349 IA-64: rh-postgresql-7.3.15-2.ia64.rpm a5c4dc479814e4f2fc1751267074b232 rh-postgresql-contrib-7.3.15-2.ia64.rpm e587e5554862cce8e6c3b4a5a96f816f rh-postgresql-devel-7.3.15-2.ia64.rpm 131c8a90a4b1c601f058a0fab34381f9 rh-postgresql-docs-7.3.15-2.ia64.rpm 52d2b912086afaf65235a68396e0de68 rh-postgresql-jdbc-7.3.15-2.ia64.rpm 77d647f86e2ae369bc9be61df6a0fec6 rh-postgresql-libs-7.3.15-2.i386.rpm 7576bf0821e04e2bc76ca3a66f163b83 rh-postgresql-libs-7.3.15-2.ia64.rpm 97fd9bc7ecbdec47d332265b788d4e50 rh-postgresql-pl-7.3.15-2.ia64.rpm ee19a316ed24200aa1f9516f5a4035ed rh-postgresql-python-7.3.15-2.ia64.rpm 88a6b542ed2bd94172f08a6ad5ae951d rh-postgresql-server-7.3.15-2.ia64.rpm 406a6a23fd2d216e39926ce712574da7 rh-postgresql-tcl-7.3.15-2.ia64.rpm cff04f5c67fcee5ae6c78a916bab184b rh-postgresql-test-7.3.15-2.ia64.rpm 08aa6c3e4ba6e79bf8c07607db79255d x86_64: rh-postgresql-7.3.15-2.x86_64.rpm 37042256bd084683de86f0ead9816ef8 rh-postgresql-contrib-7.3.15-2.x86_64.rpm 7dd7d81265eabe78cec9ed2656262d76 rh-postgresql-devel-7.3.15-2.x86_64.rpm 5d15b28f3e206650f824fc5363013362 rh-postgresql-docs-7.3.15-2.x86_64.rpm eadfa062e1eda2913a6f2954a7dc153f rh-postgresql-jdbc-7.3.15-2.x86_64.rpm 5af850606b9e09b31e6ff15ba9727d32 rh-postgresql-libs-7.3.15-2.i386.rpm 7576bf0821e04e2bc76ca3a66f163b83 rh-postgresql-libs-7.3.15-2.x86_64.rpm bd11624018440a52d067d94f962d09ca rh-postgresql-pl-7.3.15-2.x86_64.rpm 146b689a048779cd36f9ec3b0e190304 rh-postgresql-python-7.3.15-2.x86_64.rpm b7a4047f9af62722e4c57c7f22152871 rh-postgresql-server-7.3.15-2.x86_64.rpm 577a79b107a249c930c23384107759a4 rh-postgresql-tcl-7.3.15-2.x86_64.rpm f85a67fe9cdfd36f9d6ec1b8a33b7487 rh-postgresql-test-7.3.15-2.x86_64.rpm 23424b8b2e2569e9591911469c4b41f4 Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: postgresql-7.4.13-2.RHEL4.1.src.rpm fafadca866c965c44fdf54e803c1015c IA-32: postgresql-7.4.13-2.RHEL4.1.i386.rpm 0dcba7d7c3279090de9ecbcdf6baaff2 postgresql-contrib-7.4.13-2.RHEL4.1.i386.rpm cad77af974759dcea904ea1d6d321960 postgresql-devel-7.4.13-2.RHEL4.1.i386.rpm 4315a9b8c3a428a60f579d2e6f477ad9 postgresql-docs-7.4.13-2.RHEL4.1.i386.rpm 387b67e80d51d71660d8091fa4844ae5 postgresql-jdbc-7.4.13-2.RHEL4.1.i386.rpm 91ee9ef36294a517a2c6945b9da34388 postgresql-libs-7.4.13-2.RHEL4.1.i386.rpm a74a0c3e8323d6f226d07229adf86230 postgresql-pl-7.4.13-2.RHEL4.1.i386.rpm 4c434fb854009ec82f5201f1d040c7b5 postgresql-python-7.4.13-2.RHEL4.1.i386.rpm 89cbb724f3c118c6888375b27c13b408 postgresql-server-7.4.13-2.RHEL4.1.i386.rpm bc18f1129582fcb92ac154585aedefae postgresql-tcl-7.4.13-2.RHEL4.1.i386.rpm fff0d6a39542c3fd5bb0be7a91f42501 postgresql-test-7.4.13-2.RHEL4.1.i386.rpm d0c1594e4aef92daadb16c5c0e5165d1 IA-64: postgresql-7.4.13-2.RHEL4.1.ia64.rpm ac16353bceb5e547c0d738ea1886a025 postgresql-contrib-7.4.13-2.RHEL4.1.ia64.rpm d0bb9187e30d8b41fb92869d491ee2bb postgresql-devel-7.4.13-2.RHEL4.1.ia64.rpm 2fc0ec1099d7645fa3141af4a311532d postgresql-docs-7.4.13-2.RHEL4.1.ia64.rpm 8324d9094ad232d9833c17c380fbec92 postgresql-jdbc-7.4.13-2.RHEL4.1.ia64.rpm c0564affa0eceb6cbd517bb3bf3a3900 postgresql-libs-7.4.13-2.RHEL4.1.i386.rpm a74a0c3e8323d6f226d07229adf86230 postgresql-libs-7.4.13-2.RHEL4.1.ia64.rpm c770f0d541296cb29345ba1598cec493 postgresql-pl-7.4.13-2.RHEL4.1.ia64.rpm b6ed7a99931505516201f94768660a63 postgresql-python-7.4.13-2.RHEL4.1.ia64.rpm 48ea96b19d945cbaa24bce6309f13152 postgresql-server-7.4.13-2.RHEL4.1.ia64.rpm 5e18116014f8c8640034d8656d1afb26 postgresql-tcl-7.4.13-2.RHEL4.1.ia64.rpm 86f9ed80bde821b9eaa577860a82cf64 postgresql-test-7.4.13-2.RHEL4.1.ia64.rpm 9410dfe08991b6ed7a950bd86d813f87 x86_64: postgresql-7.4.13-2.RHEL4.1.x86_64.rpm 75b7fd15bf05fb038a54b6633fbf6e25 postgresql-contrib-7.4.13-2.RHEL4.1.x86_64.rpm a25c5860474b7727351c4905a6e4294f postgresql-devel-7.4.13-2.RHEL4.1.x86_64.rpm a430673b8fceca55dd6a3c3393ea3ab0 postgresql-docs-7.4.13-2.RHEL4.1.x86_64.rpm c5b28bed2bd463f0203d9bfd0527ba31 postgresql-jdbc-7.4.13-2.RHEL4.1.x86_64.rpm f7ca474449470842528c7258fff5dae9 postgresql-libs-7.4.13-2.RHEL4.1.i386.rpm a74a0c3e8323d6f226d07229adf86230 postgresql-libs-7.4.13-2.RHEL4.1.x86_64.rpm b1b478acdfdbc649ebe555f9594a7f9f postgresql-pl-7.4.13-2.RHEL4.1.x86_64.rpm 1a93f2e16ee16192543ec0e47d9c8206 postgresql-python-7.4.13-2.RHEL4.1.x86_64.rpm b76061568daaad8cccf4b89259309d8f postgresql-server-7.4.13-2.RHEL4.1.x86_64.rpm 63135fd22e47878efa228124786b5328 postgresql-tcl-7.4.13-2.RHEL4.1.x86_64.rpm 3ce1335ff1e99bc9a66a7588a4c23323 postgresql-test-7.4.13-2.RHEL4.1.x86_64.rpm aaba663500c8ad7e8d4e18ad0bee27d4 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 180536 - CVE-2006-0591 postgresql pgcrypt minor salt generation flaw 192169 - CVE-2006-2313, CVE-2006-2314: PostgreSQL remote SQL injection vulnerability 192171 - CVE-2006-2313, CVE-2006-2314: PostgreSQL remote SQL injection vulnerability References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0591 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2313 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2314 http://www.postgresql.org/docs/techdocs.52 http://www.redhat.com/security/updates/classification/#important -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ Copyright © 2002-05 Red Hat, Inc. All rights reserved. Legal statement : Privacy statement : redhat.com Red Hat Network release 4.0.6 [***** End RHSA-2006:0526-8 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) Q-197: QuickTime 7.1 Update Q-198: Vulnerability in phpldapadmin Q-199: Security Vulnerability in Sun Java System Directory Q-200: Sun N1 Vulnerability Q-201: awstats Q-202: Microsoft Word Vulnerability Q-203: MySQL Q-204: Linux Kernel Vulnerabilties Q-205: HP Tru64 UNIX Q-206: kernel Update