Updated postgresql92-postgresql packages that fix multiple security issuesare now available for Red Hat Software Collections 1.Red Hat Product Security has rated this update as having Moderate securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

PostgreSQL is an advanced object-relational database management system(DBMS).An information leak flaw was found in the way the PostgreSQL databaseserver handled certain error messages. An authenticated database user couldpossibly obtain the results of a query they did not have privileges toexecute by observing the constraint violation error messages produced whenthe query was executed. (CVE-2014-8161)A buffer overflow flaw was found in the way PostgreSQL handled certainnumeric formatting. An authenticated database user could use a speciallycrafted timestamp formatting template to cause PostgreSQL to crash or,under certain conditions, execute arbitrary code with the permissions ofthe user running PostgreSQL. (CVE-2015-0241)A stack-buffer overflow flaw was found in PostgreSQL’s pgcrypto module.An authenticated database user could use this flaw to cause PostgreSQL tocrash or, potentially, execute arbitrary code with the permissions of theuser running PostgreSQL. (CVE-2015-0243)A flaw was found in the way PostgreSQL handled certain errors that weregenerated during protocol synchronization. An authenticated database usercould use this flaw to inject queries into an existing connection.(CVE-2015-0244)Red Hat would like to thank the PostgreSQL project for reporting theseissues. Upstream acknowledges Stephen Frost as the original reporter ofCVE-2014-8161; Andres Freund, Peter Geoghegan, Bernd Helmle, and Noah Mischas the original reporters of CVE-2015-0241; Marko Tiikkaja as the originalreporter of CVE-2015-0243; and Emil Lenngren as the original reporter ofCVE-2015-0244.All PostgreSQL users are advised to upgrade to these updated packages,which contain backported patches to correct these issues. If the postgresqlservice is running, it will be automatically restarted after installingthis update.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Software Collections 1 for RHEL 6

SRPMS:
postgresql92-postgresql-9.2.10-2.el6.src.rpm
    MD5: deb7cca1fb1c00ce49b8e6bcc394178bSHA-256: 6ef205aee9bd5d06e3f9e83b5116f6f4f1b4f3afc5b528de70efcbe71c75dc02
 
x86_64:
postgresql92-postgresql-9.2.10-2.el6.x86_64.rpm
    MD5: 7ea2878ca9f1626c5ff48c061417ad2bSHA-256: 96113cb23ec05c48516f28f8e52a319ad5f136605cb82fe3212757f4d3dd13e7
postgresql92-postgresql-contrib-9.2.10-2.el6.x86_64.rpm
    MD5: bcf490218decb35ee43f2790ead15d72SHA-256: e2cf3eb3c8547a01440fb7f12a7467180c5befda8231234e6be6441da17fc905
postgresql92-postgresql-debuginfo-9.2.10-2.el6.x86_64.rpm
    MD5: fe094da7e1a82534022c9185ef4f05caSHA-256: 5572b1ea1216a315fe481d555e4fa7ddbe233c4620264649d5fd0d1a35fa1768
postgresql92-postgresql-devel-9.2.10-2.el6.x86_64.rpm
    MD5: bd61d47276ad7f5fc54a6b8d67308d9bSHA-256: b11efb9b6652a30e346c511146582c22a8ce725aa9bd80ec0c91817e59b0c153
postgresql92-postgresql-docs-9.2.10-2.el6.x86_64.rpm
    MD5: e2c59468c106248f1535feb33216967fSHA-256: 3634c5ca6835dacec5ab0d87edcc9b6b870edc693a20ad971243cbe6d8dcf967
postgresql92-postgresql-libs-9.2.10-2.el6.x86_64.rpm
    MD5: 77aeab7eee4eabd95c893d31a6f47fb7SHA-256: 8569bd0768b4d124b4cb1c12cbe375954ca72e2a24a8f52d417f23466d1a2846
postgresql92-postgresql-plperl-9.2.10-2.el6.x86_64.rpm
    MD5: 3612a8ff90dd9de9ea2b896dbab6eddeSHA-256: b1d5c6984f6d60fb13535326902f7673dd1bcaabf887302dcddd1b92456a549a
postgresql92-postgresql-plpython-9.2.10-2.el6.x86_64.rpm
    MD5: 1fa3ecf4e9e7cad129c017da27f92395SHA-256: cc5f764b972deb02ca109ea1454ab49433dffa3d5ee7fe9023381810e2c35e14
postgresql92-postgresql-pltcl-9.2.10-2.el6.x86_64.rpm
    MD5: 2efa8420a27dc6351294ef7ab5e9bf71SHA-256: e9db27a0d9165e83bef5e473c39db07fcf22df9763ecaaab78782760b69d0709
postgresql92-postgresql-server-9.2.10-2.el6.x86_64.rpm
    MD5: bab44f21288fb1e219d906bf4e4faf15SHA-256: 9384bb742e32818ebd39c6fd6b01a3fa6f946fc775fff1ffb820787acf10d5a4
postgresql92-postgresql-test-9.2.10-2.el6.x86_64.rpm
    MD5: 5bdb95d2f1220fb041b4e6a4d38ef6b5SHA-256: eed6d365821f74e748aa3f1eb7f000ac9c1aab2e7ffa4219ae361624d3c864b8
postgresql92-postgresql-upgrade-9.2.10-2.el6.x86_64.rpm
    MD5: 2b71cd7fd0323f1f21c220effedbf99bSHA-256: 0a49974b0e9f2cc66f0d53973b849e54b9fbdaa4608fa0da3b6d70076726177f
 
Red Hat Software Collections 1 for RHEL 7

SRPMS:
postgresql92-postgresql-9.2.10-1.el7.src.rpm
    MD5: 55b293eeab8a21168e711dad23e7829cSHA-256: 7427de7054e399c75d4e661711894c8a1f02fb847a13087091d1dd279d6b7624
 
x86_64:
postgresql92-postgresql-9.2.10-1.el7.x86_64.rpm
    MD5: f960684707d3479be5dff818d9720092SHA-256: c92cb695073961991b1d79802d7c966316436fea840396faa8628abd3a9aacc7
postgresql92-postgresql-contrib-9.2.10-1.el7.x86_64.rpm
    MD5: 25691ccb82018c74835e272152d4a991SHA-256: 665efbcacf1872fc5d940076582bbb82670fac1ce700d2f09054f46871721dbf
postgresql92-postgresql-debuginfo-9.2.10-1.el7.x86_64.rpm
    MD5: 9af496be0bfb6bbedc8aeea92cd318deSHA-256: 5b71ca019da875de2cbcb21b8644c3d89e41ca06d5682fb51a42380ba2f50d88
postgresql92-postgresql-devel-9.2.10-1.el7.x86_64.rpm
    MD5: d10f563c891746f06d085ce14fcf3cdeSHA-256: 4f5a3a80738dd9580cb3ccced33e3329d049d9dd8a977767aa0f7605a17498ff
postgresql92-postgresql-docs-9.2.10-1.el7.x86_64.rpm
    MD5: e0e649c31431ef75e621ffabdeffa56fSHA-256: 892c1f8838d808b8735f12237f5747c93ddb1397c616f266d7f27598e1aee0f8
postgresql92-postgresql-libs-9.2.10-1.el7.x86_64.rpm
    MD5: 92bea5e78463c7b7c53d79e23d6d035fSHA-256: 871fcd60d0ba923f4fd2b919665799d01ccb3073172a6a1e444432118d58cae2
postgresql92-postgresql-plperl-9.2.10-1.el7.x86_64.rpm
    MD5: c347e2406d539be961622025e3b83e69SHA-256: fc9c0c9d2ba4eb59815d2812662ed7877fd92e640a903d1f48f3fd227b758f03
postgresql92-postgresql-plpython-9.2.10-1.el7.x86_64.rpm
    MD5: 23aceaca10e6fa240b526649220fe77aSHA-256: a7731ea27b32804f0f0196c89ec3db46a1eb753c28923be1f392f290117d717d
postgresql92-postgresql-pltcl-9.2.10-1.el7.x86_64.rpm
    MD5: 237dbcccaa463767916af89c8cf2178aSHA-256: 8072b51a61d8d46536757068232e3db9d792671a39fdc105775903a340dad755
postgresql92-postgresql-server-9.2.10-1.el7.x86_64.rpm
    MD5: 6383927b8ea2934975990e43e7a4f819SHA-256: e633fca8476434bd2135c7b882c256a02e8951123b87ec33bb9b63d7cd84ca75
postgresql92-postgresql-test-9.2.10-1.el7.x86_64.rpm
    MD5: 4219210d7d4ca5fdcc72c0875f206e7aSHA-256: 06d6c8ce3edbc6a2d66989ea327662045df4801e5b6d1df1a07d12a82a257592
postgresql92-postgresql-upgrade-9.2.10-1.el7.x86_64.rpm
    MD5: b3838765842689d35e143482a8f67b64SHA-256: e054f78eda7949def81568beab3f8b797b6d6cb407c3c14db526ecfa5593bb9b
 
(The unlinked packages above are only available from the Red Hat Network)
1182043 – CVE-2014-8161 postgresql: information leak through constraint violation errors1188684 – CVE-2015-0241 postgresql: buffer overflow in the to_char() function1188689 – CVE-2015-0243 postgresql: buffer overflow flaws in contrib/pgcrypto1188694 – CVE-2015-0244 postgresql: loss of frontend/backend protocol synchronization after an error

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply