- Vulnerability/
- RHSA-2008:0040
RHSA-2008:0040: Moderate: postgresql security update
First published: Fri Feb 01 2008(Updated: )
PostgreSQL is an advanced Object-Relational database management system<br>(DBMS). The postgresql packages include the client programs and libraries<br>needed to access a PostgreSQL DBMS server.<br>Will Drewry discovered multiple flaws in PostgreSQL's regular expression<br>engine. An authenticated attacker could use these flaws to cause a denial<br>of service by causing the PostgreSQL server to crash, enter an infinite<br>loop, or use extensive CPU and memory resources while processing queries<br>containing specially crafted regular expressions. Applications that accept<br>regular expressions from untrusted sources may expose this problem to<br>unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)<br>A privilege escalation flaw was discovered in PostgreSQL. An authenticated<br>attacker could create an index function that would be executed with<br>administrator privileges during database maintenance tasks, such as<br>database vacuuming. (CVE-2007-6600)<br>A privilege escalation flaw was discovered in PostgreSQL's Database Link<br>library (dblink). An authenticated attacker could use dblink to possibly<br>escalate privileges on systems with "trust" or "ident" authentication<br>configured. Please note that dblink functionality is not enabled by<br>default, and can only by enabled by a database administrator on systems<br>with the postgresql-contrib package installed.<br>(CVE-2007-3278, CVE-2007-6601)<br>All postgresql users should upgrade to these updated packages, which<br>include PostgreSQL 8.1.11 and 8.2.6, and resolve these issues.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PostgreSQL Common | >=8.1.11<=8.1.11>=8.2.6<=8.2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=309141
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=315231
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=316511
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=400931
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=427127
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=427128
- http://www.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/errata/RHSA-2008:0040 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2008:0040?
The severity of RHSA-2008:0040 is generally classified as moderate due to the potential for denial-of-service attacks through flawed regular expression handling.
How do I fix RHSA-2008:0040?
To fix RHSA-2008:0040, you should update your PostgreSQL packages to the latest version provided in the security advisory.
What systems are affected by RHSA-2008:0040?
RHSA-2008:0040 affects PostgreSQL packages across various operating systems that utilize this database management system.
What vulnerabilities are addressed in RHSA-2008:0040?
RHSA-2008:0040 addresses multiple vulnerabilities in PostgreSQL's regular expression engine that can lead to application crashes.
Is it mandatory to apply the patch for RHSA-2008:0040?
While it's not mandatory, it is highly recommended to apply the patch for RHSA-2008:0040 to ensure system stability and security.
- agent/references
- agent/severity
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2008:0040
- agent/trending
- agent/title
- agent/remedy
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/postgresql
- canonical/postgresql common