Scientific Linux Security Update : postgresql on SL4.x, SL5.x i386/x86_64
Medium Nessus Plugin ID 60951
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from a SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server.
For Scientific Linux 4, the updated postgresql packages contain a backported patch for this issue; there are no other changes.
For Scientific Linux 5, the updated postgresql packages upgrade PostgreSQL to version 8.1.23, and contain a backported patch for this issue. Refer to the PostgreSQL Release Notes for a full list of changes :
If the postgresql service is running, it will be automatically restarted after installing this update.
SolutionUpdate the affected packages.