[rock-user] [Security Announcement] postgresql (RLSA-2006052…

ROCK Mailing List Archives

Entire message
+ (text/plain)
Author: Daniel Jahre
To: rock-user
Subject: [rock-user] [Security Announcement] postgresql (RLSA-20060524-01)
This is a ROCK Linux Security Announcement.

Package: posgresql
Announcement ID: RLSA-20060524-01
Date: 2006-05-24
Affected Distributions: Crystal, LiveCD
Affected Releases: Crystal ROCK CLT
Cross References: none
Fixed at trunk revision: 7593

Content of this advisory:
1) Problem Description
2) Solution or Work-Around
3) Special instructions and notes
4) Updateing your source tree
5) Source package update
6) Binary package update


1) Problem Description
There are security holes in all major branches that allow SQL
injection. These problems are fixed in all recent release of the
posgresql branches. Please note that this update switches from the 8.0
to the 8.1 branch by using version 8.1.4. If you have to stick to the
8.0 branch of postgresql please update to version 8.0.8.
See http://www.postgresql.org/about/news.561 for details.

2) Solution or Workaround
There is no known Work-Around. Please update the package.

3) Special instruction and notes
Please dump your data to restore it into the new version of posgresql.

4) Updateing your source tree
If you are using a subversion checkout of trunk, run:
 svn up

If you are using submaster run,
 sm sync
to merge the update from trunk into your tree

5) Source package update
As a user of an affected distribution you can update this package by
rebuilding it on your machine
 rocket updsrc
to update your local sources and
 rocket emerge postgresql
to install the updated package

6) Binary package update
there are no new binary packages available for this package yet.

rock-user mailing list