rhsa-2008_0040
Vulnerability from csaf_redhat
Published
2008-02-01 14:55
Modified
2024-11-05 16:51
Summary
Red Hat Security Advisory: postgresql security update
Notes
Topic
Updated postgresql packages that fix several security issues are now
available for Red Hat Application Stack v1 and v2.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
PostgreSQL is an advanced Object-Relational database management system
(DBMS). The postgresql packages include the client programs and libraries
needed to access a PostgreSQL DBMS server.
Will Drewry discovered multiple flaws in PostgreSQL's regular expression
engine. An authenticated attacker could use these flaws to cause a denial
of service by causing the PostgreSQL server to crash, enter an infinite
loop, or use extensive CPU and memory resources while processing queries
containing specially crafted regular expressions. Applications that accept
regular expressions from untrusted sources may expose this problem to
unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)
A privilege escalation flaw was discovered in PostgreSQL. An authenticated
attacker could create an index function that would be executed with
administrator privileges during database maintenance tasks, such as
database vacuuming. (CVE-2007-6600)
A privilege escalation flaw was discovered in PostgreSQL's Database Link
library (dblink). An authenticated attacker could use dblink to possibly
escalate privileges on systems with "trust" or "ident" authentication
configured. Please note that dblink functionality is not enabled by
default, and can only by enabled by a database administrator on systems
with the postgresql-contrib package installed.
(CVE-2007-3278, CVE-2007-6601)
All postgresql users should upgrade to these updated packages, which
include PostgreSQL 8.1.11 and 8.2.6, and resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated postgresql packages that fix several security issues are now\navailable for Red Hat Application Stack v1 and v2.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "PostgreSQL is an advanced Object-Relational database management system\n(DBMS). The postgresql packages include the client programs and libraries\nneeded to access a PostgreSQL DBMS server.\n\nWill Drewry discovered multiple flaws in PostgreSQL\u0027s regular expression\nengine. An authenticated attacker could use these flaws to cause a denial\nof service by causing the PostgreSQL server to crash, enter an infinite\nloop, or use extensive CPU and memory resources while processing queries\ncontaining specially crafted regular expressions. Applications that accept\nregular expressions from untrusted sources may expose this problem to\nunauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\n\nA privilege escalation flaw was discovered in PostgreSQL. An authenticated\nattacker could create an index function that would be executed with\nadministrator privileges during database maintenance tasks, such as\ndatabase vacuuming. (CVE-2007-6600)\n\nA privilege escalation flaw was discovered in PostgreSQL\u0027s Database Link\nlibrary (dblink). An authenticated attacker could use dblink to possibly\nescalate privileges on systems with \"trust\" or \"ident\" authentication\nconfigured. Please note that dblink functionality is not enabled by\ndefault, and can only by enabled by a database administrator on systems\nwith the postgresql-contrib package installed.\n(CVE-2007-3278, CVE-2007-6601)\n\nAll postgresql users should upgrade to these updated packages, which\ninclude PostgreSQL 8.1.11 and 8.2.6, and resolve these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0040", "url": "https://access.redhat.com/errata/RHSA-2008:0040" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "309141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=309141" }, { "category": "external", "summary": "315231", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=315231" }, { "category": "external", "summary": "316511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=316511" }, { "category": "external", "summary": "400931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=400931" }, { "category": "external", "summary": "427127", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427127" }, { "category": "external", "summary": "427128", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427128" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0040.json" } ], "title": "Red Hat Security Advisory: postgresql security update", "tracking": { "current_release_date": "2024-11-05T16:51:53+00:00", "generator": { "date": "2024-11-05T16:51:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2008:0040", "initial_release_date": "2008-02-01T14:55:00+00:00", "revision_history": [ { "date": "2008-02-01T14:55:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-02-01T09:55:29+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T16:51:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product": { "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_stack:1" } } }, { "category": "product_name", "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product": { "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_stack:1" } } }, { "category": "product_name", "name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product": { "name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_stack:2" } } } ], "category": "product_family", "name": "Red Hat Application Stack" }, { "branches": [ { "category": "product_version", "name": "postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "product": { "name": "postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "product_id": "postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-tcl@8.1.11-1.el4s1.1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "product": { "name": "postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "product_id": "postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-libs@8.1.11-1.el4s1.1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "product": { "name": "postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "product_id": "postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-contrib@8.1.11-1.el4s1.1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "product": { "name": "postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "product_id": "postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-devel@8.1.11-1.el4s1.1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-0:8.1.11-1.el4s1.1.x86_64", "product": { "name": "postgresql-0:8.1.11-1.el4s1.1.x86_64", "product_id": "postgresql-0:8.1.11-1.el4s1.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql@8.1.11-1.el4s1.1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "product": { "name": "postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "product_id": "postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-test@8.1.11-1.el4s1.1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "product": { "name": "postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "product_id": "postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-python@8.1.11-1.el4s1.1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "product": { "name": "postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "product_id": "postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-pl@8.1.11-1.el4s1.1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "product": { "name": "postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "product_id": "postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-server@8.1.11-1.el4s1.1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "product": { "name": "postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "product_id": "postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-docs@8.1.11-1.el4s1.1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "product": { "name": "postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "product_id": "postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-debuginfo@8.1.11-1.el4s1.1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64", "product": { "name": "postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64", "product_id": "postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-debuginfo@8.2.6-1.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-0:8.2.6-1.el5s2.x86_64", "product": { "name": "postgresql-0:8.2.6-1.el5s2.x86_64", "product_id": "postgresql-0:8.2.6-1.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql@8.2.6-1.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-plpython-0:8.2.6-1.el5s2.x86_64", "product": { "name": "postgresql-plpython-0:8.2.6-1.el5s2.x86_64", "product_id": "postgresql-plpython-0:8.2.6-1.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-plpython@8.2.6-1.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-server-0:8.2.6-1.el5s2.x86_64", "product": { "name": "postgresql-server-0:8.2.6-1.el5s2.x86_64", "product_id": "postgresql-server-0:8.2.6-1.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-server@8.2.6-1.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-libs-0:8.2.6-1.el5s2.x86_64", "product": { "name": "postgresql-libs-0:8.2.6-1.el5s2.x86_64", "product_id": "postgresql-libs-0:8.2.6-1.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-libs@8.2.6-1.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-test-0:8.2.6-1.el5s2.x86_64", "product": { "name": "postgresql-test-0:8.2.6-1.el5s2.x86_64", "product_id": "postgresql-test-0:8.2.6-1.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-test@8.2.6-1.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-pltcl-0:8.2.6-1.el5s2.x86_64", "product": { "name": "postgresql-pltcl-0:8.2.6-1.el5s2.x86_64", "product_id": "postgresql-pltcl-0:8.2.6-1.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-pltcl@8.2.6-1.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-docs-0:8.2.6-1.el5s2.x86_64", "product": { "name": "postgresql-docs-0:8.2.6-1.el5s2.x86_64", "product_id": "postgresql-docs-0:8.2.6-1.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-docs@8.2.6-1.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-devel-0:8.2.6-1.el5s2.x86_64", "product": { "name": "postgresql-devel-0:8.2.6-1.el5s2.x86_64", "product_id": "postgresql-devel-0:8.2.6-1.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-devel@8.2.6-1.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-python-0:8.2.6-1.el5s2.x86_64", "product": { "name": "postgresql-python-0:8.2.6-1.el5s2.x86_64", "product_id": "postgresql-python-0:8.2.6-1.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-python@8.2.6-1.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-plperl-0:8.2.6-1.el5s2.x86_64", "product": { "name": "postgresql-plperl-0:8.2.6-1.el5s2.x86_64", "product_id": "postgresql-plperl-0:8.2.6-1.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-plperl@8.2.6-1.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-contrib-0:8.2.6-1.el5s2.x86_64", "product": { "name": "postgresql-contrib-0:8.2.6-1.el5s2.x86_64", "product_id": "postgresql-contrib-0:8.2.6-1.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-contrib@8.2.6-1.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-tcl-0:8.2.6-1.el5s2.x86_64", "product": { "name": "postgresql-tcl-0:8.2.6-1.el5s2.x86_64", "product_id": "postgresql-tcl-0:8.2.6-1.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-tcl@8.2.6-1.el5s2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "postgresql-libs-0:8.1.11-1.el4s1.1.i386", "product": { "name": "postgresql-libs-0:8.1.11-1.el4s1.1.i386", "product_id": "postgresql-libs-0:8.1.11-1.el4s1.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-libs@8.1.11-1.el4s1.1?arch=i386" } } }, { "category": "product_version", "name": "postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "product": { "name": "postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "product_id": "postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-debuginfo@8.1.11-1.el4s1.1?arch=i386" } } }, { "category": "product_version", "name": "postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "product": { "name": "postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "product_id": "postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-tcl@8.1.11-1.el4s1.1?arch=i386" } } }, { "category": "product_version", "name": "postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "product": { "name": "postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "product_id": "postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-contrib@8.1.11-1.el4s1.1?arch=i386" } } }, { "category": "product_version", "name": "postgresql-devel-0:8.1.11-1.el4s1.1.i386", "product": { "name": "postgresql-devel-0:8.1.11-1.el4s1.1.i386", "product_id": "postgresql-devel-0:8.1.11-1.el4s1.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-devel@8.1.11-1.el4s1.1?arch=i386" } } }, { "category": "product_version", "name": "postgresql-0:8.1.11-1.el4s1.1.i386", "product": { "name": "postgresql-0:8.1.11-1.el4s1.1.i386", "product_id": "postgresql-0:8.1.11-1.el4s1.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql@8.1.11-1.el4s1.1?arch=i386" } } }, { "category": "product_version", "name": "postgresql-test-0:8.1.11-1.el4s1.1.i386", "product": { "name": "postgresql-test-0:8.1.11-1.el4s1.1.i386", "product_id": "postgresql-test-0:8.1.11-1.el4s1.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-test@8.1.11-1.el4s1.1?arch=i386" } } }, { "category": "product_version", "name": "postgresql-python-0:8.1.11-1.el4s1.1.i386", "product": { "name": "postgresql-python-0:8.1.11-1.el4s1.1.i386", "product_id": "postgresql-python-0:8.1.11-1.el4s1.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-python@8.1.11-1.el4s1.1?arch=i386" } } }, { "category": "product_version", "name": "postgresql-pl-0:8.1.11-1.el4s1.1.i386", "product": { "name": "postgresql-pl-0:8.1.11-1.el4s1.1.i386", "product_id": "postgresql-pl-0:8.1.11-1.el4s1.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-pl@8.1.11-1.el4s1.1?arch=i386" } } }, { "category": "product_version", "name": "postgresql-server-0:8.1.11-1.el4s1.1.i386", "product": { "name": "postgresql-server-0:8.1.11-1.el4s1.1.i386", "product_id": "postgresql-server-0:8.1.11-1.el4s1.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-server@8.1.11-1.el4s1.1?arch=i386" } } }, { "category": "product_version", "name": "postgresql-docs-0:8.1.11-1.el4s1.1.i386", "product": { "name": "postgresql-docs-0:8.1.11-1.el4s1.1.i386", "product_id": "postgresql-docs-0:8.1.11-1.el4s1.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-docs@8.1.11-1.el4s1.1?arch=i386" } } }, { "category": "product_version", "name": "postgresql-debuginfo-0:8.2.6-1.el5s2.i386", "product": { "name": "postgresql-debuginfo-0:8.2.6-1.el5s2.i386", "product_id": "postgresql-debuginfo-0:8.2.6-1.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-debuginfo@8.2.6-1.el5s2?arch=i386" } } }, { "category": "product_version", "name": "postgresql-0:8.2.6-1.el5s2.i386", "product": { "name": "postgresql-0:8.2.6-1.el5s2.i386", "product_id": "postgresql-0:8.2.6-1.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql@8.2.6-1.el5s2?arch=i386" } } }, { "category": "product_version", "name": "postgresql-plpython-0:8.2.6-1.el5s2.i386", "product": { "name": "postgresql-plpython-0:8.2.6-1.el5s2.i386", "product_id": "postgresql-plpython-0:8.2.6-1.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-plpython@8.2.6-1.el5s2?arch=i386" } } }, { "category": "product_version", "name": "postgresql-server-0:8.2.6-1.el5s2.i386", "product": { "name": "postgresql-server-0:8.2.6-1.el5s2.i386", "product_id": "postgresql-server-0:8.2.6-1.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-server@8.2.6-1.el5s2?arch=i386" } } }, { "category": "product_version", "name": "postgresql-libs-0:8.2.6-1.el5s2.i386", "product": { "name": "postgresql-libs-0:8.2.6-1.el5s2.i386", "product_id": "postgresql-libs-0:8.2.6-1.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-libs@8.2.6-1.el5s2?arch=i386" } } }, { "category": "product_version", "name": "postgresql-test-0:8.2.6-1.el5s2.i386", "product": { "name": "postgresql-test-0:8.2.6-1.el5s2.i386", "product_id": "postgresql-test-0:8.2.6-1.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-test@8.2.6-1.el5s2?arch=i386" } } }, { "category": "product_version", "name": "postgresql-pltcl-0:8.2.6-1.el5s2.i386", "product": { "name": "postgresql-pltcl-0:8.2.6-1.el5s2.i386", "product_id": "postgresql-pltcl-0:8.2.6-1.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-pltcl@8.2.6-1.el5s2?arch=i386" } } }, { "category": "product_version", "name": "postgresql-docs-0:8.2.6-1.el5s2.i386", "product": { "name": "postgresql-docs-0:8.2.6-1.el5s2.i386", "product_id": "postgresql-docs-0:8.2.6-1.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-docs@8.2.6-1.el5s2?arch=i386" } } }, { "category": "product_version", "name": "postgresql-devel-0:8.2.6-1.el5s2.i386", "product": { "name": "postgresql-devel-0:8.2.6-1.el5s2.i386", "product_id": "postgresql-devel-0:8.2.6-1.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-devel@8.2.6-1.el5s2?arch=i386" } } }, { "category": "product_version", "name": "postgresql-python-0:8.2.6-1.el5s2.i386", "product": { "name": "postgresql-python-0:8.2.6-1.el5s2.i386", "product_id": "postgresql-python-0:8.2.6-1.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-python@8.2.6-1.el5s2?arch=i386" } } }, { "category": "product_version", "name": "postgresql-plperl-0:8.2.6-1.el5s2.i386", "product": { "name": "postgresql-plperl-0:8.2.6-1.el5s2.i386", "product_id": "postgresql-plperl-0:8.2.6-1.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-plperl@8.2.6-1.el5s2?arch=i386" } } }, { "category": "product_version", "name": "postgresql-contrib-0:8.2.6-1.el5s2.i386", "product": { "name": "postgresql-contrib-0:8.2.6-1.el5s2.i386", "product_id": "postgresql-contrib-0:8.2.6-1.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-contrib@8.2.6-1.el5s2?arch=i386" } } }, { "category": "product_version", "name": "postgresql-tcl-0:8.2.6-1.el5s2.i386", "product": { "name": "postgresql-tcl-0:8.2.6-1.el5s2.i386", "product_id": "postgresql-tcl-0:8.2.6-1.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql-tcl@8.2.6-1.el5s2?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "postgresql-0:8.1.11-1.el4s1.1.src", "product": { "name": "postgresql-0:8.1.11-1.el4s1.1.src", "product_id": "postgresql-0:8.1.11-1.el4s1.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql@8.1.11-1.el4s1.1?arch=src" } } }, { "category": "product_version", "name": "postgresql-0:8.2.6-1.el5s2.src", "product": { "name": "postgresql-0:8.2.6-1.el5s2.src", "product_id": "postgresql-0:8.2.6-1.el5s2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/postgresql@8.2.6-1.el5s2?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "postgresql-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-0:8.1.11-1.el4s1.1.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src" }, "product_reference": "postgresql-0:8.1.11-1.el4s1.1.src", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-contrib-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-devel-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-devel-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-devel-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-docs-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-docs-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-docs-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-libs-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-libs-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-libs-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-pl-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-pl-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-pl-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-python-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-python-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-python-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-server-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-server-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-server-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-tcl-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-test-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-test-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-test-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-0:8.1.11-1.el4s1.1.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src" }, "product_reference": "postgresql-0:8.1.11-1.el4s1.1.src", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-contrib-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-devel-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-devel-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-devel-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-docs-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-docs-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-docs-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-libs-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-libs-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-libs-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-pl-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-pl-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-pl-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-python-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-python-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-python-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-server-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-server-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-server-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-tcl-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-test-0:8.1.11-1.el4s1.1.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386" }, "product_reference": "postgresql-test-0:8.1.11-1.el4s1.1.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-test-0:8.1.11-1.el4s1.1.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64" }, "product_reference": "postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-0:8.2.6-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.i386" }, "product_reference": "postgresql-0:8.2.6-1.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-0:8.2.6-1.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.src" }, "product_reference": "postgresql-0:8.2.6-1.el5s2.src", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-0:8.2.6-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.x86_64" }, "product_reference": "postgresql-0:8.2.6-1.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-contrib-0:8.2.6-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.i386" }, "product_reference": "postgresql-contrib-0:8.2.6-1.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-contrib-0:8.2.6-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.x86_64" }, "product_reference": "postgresql-contrib-0:8.2.6-1.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-debuginfo-0:8.2.6-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.i386" }, "product_reference": "postgresql-debuginfo-0:8.2.6-1.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64" }, "product_reference": "postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-devel-0:8.2.6-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.i386" }, "product_reference": "postgresql-devel-0:8.2.6-1.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-devel-0:8.2.6-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.x86_64" }, "product_reference": "postgresql-devel-0:8.2.6-1.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-docs-0:8.2.6-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.i386" }, "product_reference": "postgresql-docs-0:8.2.6-1.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-docs-0:8.2.6-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.x86_64" }, "product_reference": "postgresql-docs-0:8.2.6-1.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-libs-0:8.2.6-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.i386" }, "product_reference": "postgresql-libs-0:8.2.6-1.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-libs-0:8.2.6-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.x86_64" }, "product_reference": "postgresql-libs-0:8.2.6-1.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plperl-0:8.2.6-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.i386" }, "product_reference": "postgresql-plperl-0:8.2.6-1.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plperl-0:8.2.6-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.x86_64" }, "product_reference": "postgresql-plperl-0:8.2.6-1.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plpython-0:8.2.6-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.i386" }, "product_reference": "postgresql-plpython-0:8.2.6-1.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plpython-0:8.2.6-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.x86_64" }, "product_reference": "postgresql-plpython-0:8.2.6-1.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-pltcl-0:8.2.6-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.i386" }, "product_reference": "postgresql-pltcl-0:8.2.6-1.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-pltcl-0:8.2.6-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.x86_64" }, "product_reference": "postgresql-pltcl-0:8.2.6-1.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-python-0:8.2.6-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.i386" }, "product_reference": "postgresql-python-0:8.2.6-1.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-python-0:8.2.6-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.x86_64" }, "product_reference": "postgresql-python-0:8.2.6-1.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-server-0:8.2.6-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.i386" }, "product_reference": "postgresql-server-0:8.2.6-1.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-server-0:8.2.6-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.x86_64" }, "product_reference": "postgresql-server-0:8.2.6-1.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-tcl-0:8.2.6-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.i386" }, "product_reference": "postgresql-tcl-0:8.2.6-1.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-tcl-0:8.2.6-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.x86_64" }, "product_reference": "postgresql-tcl-0:8.2.6-1.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-test-0:8.2.6-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.i386" }, "product_reference": "postgresql-test-0:8.2.6-1.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-test-0:8.2.6-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.x86_64" }, "product_reference": "postgresql-test-0:8.2.6-1.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" } ] }, "vulnerabilities": [ { "cve": "CVE-2007-3278", "discovery_date": "2007-09-27T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "309141" } ], "notes": [ { "category": "description", "text": "PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.", "title": "Vulnerability description" }, { "category": "summary", "text": "dblink allows proxying of database connections via 127.0.0.1", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat does not consider this do be a security issue. dblink is disabled in default configuration of PostgreSQL packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5, and it is a configuration decision whether to grant local users arbitrary access.", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64" ], "known_not_affected": [ "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3278" }, { "category": "external", "summary": "RHBZ#309141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=309141" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3278", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3278" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3278", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3278" } ], "release_date": "2007-06-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-02-01T14:55:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0040" } ], "title": "dblink allows proxying of database connections via 127.0.0.1" }, { "cve": "CVE-2007-4769", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2007-09-27T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "315231" } ], "notes": [ { "category": "description", "text": "The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.", "title": "Vulnerability description" }, { "category": "summary", "text": "postgresql integer overflow in regex code", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64" ], "known_not_affected": [ "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-4769" }, { "category": "external", "summary": "RHBZ#315231", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=315231" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4769", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4769" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4769", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4769" } ], "release_date": "2008-01-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-02-01T14:55:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0040" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "postgresql integer overflow in regex code" }, { "cve": "CVE-2007-4772", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2007-09-27T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "316511" } ], "notes": [ { "category": "description", "text": "The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.", "title": "Vulnerability description" }, { "category": "summary", "text": "postgresql DoS via infinite loop in regex NFA optimization code", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64" ], "known_not_affected": [ "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-4772" }, { "category": "external", "summary": "RHBZ#316511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=316511" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4772", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4772" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4772", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4772" } ], "release_date": "2008-01-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-02-01T14:55:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0040" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "postgresql DoS via infinite loop in regex NFA optimization code" }, { "cve": "CVE-2007-6067", "discovery_date": "2007-10-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "400931" } ], "notes": [ { "category": "description", "text": "Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted \"complex\" regular expression with doubly-nested states.", "title": "Vulnerability description" }, { "category": "summary", "text": "postgresql: tempory DoS caused by slow regex NFA cleanup", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64" ], "known_not_affected": [ "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6067" }, { "category": "external", "summary": "RHBZ#400931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=400931" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6067", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6067" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6067", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6067" } ], "release_date": "2008-01-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-02-01T14:55:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0040" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "postgresql: tempory DoS caused by slow regex NFA cleanup" }, { "cve": "CVE-2007-6600", "discovery_date": "2007-12-31T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427127" } ], "notes": [ { "category": "description", "text": "PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.", "title": "Vulnerability description" }, { "category": "summary", "text": "PostgreSQL privilege escalation", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64" ], "known_not_affected": [ "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6600" }, { "category": "external", "summary": "RHBZ#427127", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427127" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6600", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6600" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6600", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6600" } ], "release_date": "2008-01-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-02-01T14:55:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0040" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "PostgreSQL privilege escalation" }, { "cve": "CVE-2007-6601", "discovery_date": "2007-12-31T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427128" } ], "notes": [ { "category": "description", "text": "The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.", "title": "Vulnerability description" }, { "category": "summary", "text": "PostgreSQL privilege escalation via dblink", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64" ], "known_not_affected": [ "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.6-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.6-1.el5s2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6601" }, { "category": "external", "summary": "RHBZ#427128", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427128" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6601", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6601" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6601", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6601" } ], "release_date": "2008-01-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-02-01T14:55:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4AS-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4AS-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.src", "4ES-RHWAS:postgresql-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-contrib-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-debuginfo-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-devel-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-docs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-libs-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-pl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-python-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-server-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-tcl-0:8.1.11-1.el4s1.1.x86_64", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.i386", "4ES-RHWAS:postgresql-test-0:8.1.11-1.el4s1.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0040" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "PostgreSQL privilege escalation via dblink" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.