RHSA-2010:0427: Moderate: postgresql security update
First published: Wed May 19 2010(Updated: )
PostgreSQL is an advanced object-relational database management system<br>(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the<br>Perl and Tcl languages, and are installed in trusted mode by default. In<br>trusted mode, certain operations, such as operating system level access,<br>are restricted.<br>A flaw was found in the way PostgreSQL enforced permission checks on<br>scripts written in PL/Perl. If the PL/Perl procedural language was<br>registered on a particular database, an authenticated database user running<br>a specially-crafted PL/Perl script could use this flaw to bypass intended<br>PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl<br>scripts with the privileges of the database server. (CVE-2010-1169)<br>Red Hat would like to thank Tim Bunce for responsibly reporting the<br>CVE-2010-1169 flaw.<br>A flaw was found in the way PostgreSQL enforced permission checks on<br>scripts written in PL/Tcl. If the PL/Tcl procedural language was registered<br>on a particular database, an authenticated database user running a<br>specially-crafted PL/Tcl script could use this flaw to bypass intended<br>PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl<br>scripts with the privileges of the database server. (CVE-2010-1170)<br>A buffer overflow flaw was found in the way PostgreSQL retrieved a<br>substring from the bit string for BIT() and BIT VARYING() SQL data types.<br>An authenticated database user running a specially-crafted SQL query could<br>use this flaw to cause a temporary denial of service (postgres daemon<br>crash) or, potentially, execute arbitrary code with the privileges of the<br>database server. (CVE-2010-0442)<br>An integer overflow flaw was found in the way PostgreSQL used to calculate<br>the size of the hash table for joined relations. An authenticated database<br>user could create a specially-crafted SQL query which could cause a<br>temporary denial of service (postgres daemon crash) or, potentially,<br>execute arbitrary code with the privileges of the database server.<br>(CVE-2010-0733)<br>PostgreSQL improperly protected session-local state during the execution of<br>an index function by a database superuser during the database maintenance<br>operations. An authenticated database user could use this flaw to elevate<br>their privileges via specially-crafted index functions. (CVE-2009-4136)<br>All PostgreSQL users are advised to upgrade to these updated packages,<br>which contain backported patches to correct these issues. Running<br>PostgreSQL instances must be restarted ("service rhdb restart") for this<br>update to take effect.<br>
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=546321
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=546621
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=559259
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=582615
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=583072
- http://www.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/errata/RHSA-2010:0427 (Advisory)
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2010:0427
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness