RHSA-2010:0429: Moderate: postgresql security update

First published: Wed May 19 2010(Updated: )

PostgreSQL is an advanced object-relational database management system<br>(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the<br>Perl and Tcl languages, and are installed in trusted mode by default. In<br>trusted mode, certain operations, such as operating system level access,<br>are restricted.<br>A flaw was found in the way PostgreSQL enforced permission checks on<br>scripts written in PL/Perl. If the PL/Perl procedural language was<br>registered on a particular database, an authenticated database user running<br>a specially-crafted PL/Perl script could use this flaw to bypass intended<br>PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl<br>scripts with the privileges of the database server. (CVE-2010-1169)<br>Red Hat would like to thank Tim Bunce for responsibly reporting the<br>CVE-2010-1169 flaw.<br>A flaw was found in the way PostgreSQL enforced permission checks on<br>scripts written in PL/Tcl. If the PL/Tcl procedural language was registered<br>on a particular database, an authenticated database user running a<br>specially-crafted PL/Tcl script could use this flaw to bypass intended<br>PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl<br>scripts with the privileges of the database server. (CVE-2010-1170)<br>A buffer overflow flaw was found in the way PostgreSQL retrieved a<br>substring from the bit string for BIT() and BIT VARYING() SQL data types.<br>An authenticated database user running a specially-crafted SQL query could<br>use this flaw to cause a temporary denial of service (postgres daemon<br>crash) or, potentially, execute arbitrary code with the privileges of the<br>database server. (CVE-2010-0442)<br>An integer overflow flaw was found in the way PostgreSQL used to calculate<br>the size of the hash table for joined relations. An authenticated database<br>user could create a specially-crafted SQL query which could cause a<br>temporary denial of service (postgres daemon crash) or, potentially,<br>execute arbitrary code with the privileges of the database server.<br>(CVE-2010-0733)<br>PostgreSQL improperly protected session-local state during the execution of<br>an index function by a database superuser during the database maintenance<br>operations. An authenticated database user could use this flaw to elevate<br>their privileges via specially-crafted index functions. (CVE-2009-4136)<br>These packages upgrade PostgreSQL to version 8.1.21. Refer to the<br>PostgreSQL Release Notes for a list of changes:<br><a href="http://www.postgresql.org/docs/8.1/static/release.html" target="_blank">http://www.postgresql.org/docs/8.1/static/release.html</a> All PostgreSQL users are advised to upgrade to these updated packages,<br>which correct these issues. If the postgresql service is running, it will<br>be automatically restarted after installing this update.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2010:0429
• agent/software-canonical-lookup
• package-manager/redhat