Message: 19 Date: Sun, 16 Apr 2006 18:38:27 +0900 From: Mark Sargent <powderkeg at snow.email.ne.jp> Subject: Re: [CentOS] RPM for postgresql 8-* for CentOS4? To: CentOS mailing list <centos at centos.org> Message-ID: <44421093.7010403 at snow.email.ne.jp> Content-Type: text/plain; charset=ISO-8859-1; format=flowed > furthermore, I installed postgresql-server and then did another > updatedb and ran rpm -qa and rpm -qi, ... > [racket at ibmlap pgsql]$ rpm -qa | grep postgresql* > [racket at ibmlap pgsql]$ > > Sorry, I'm a little lost with this. Cheers. > > Mark Sargent. Try $ rpm -qz postgres* You should be running 8.1.3 which corrects a remote exploit problem: --> # Fix bug that allowed any logged-in user to SET ROLE to any other database user id (CVE-2006-0553) Due to inadequate validity checking, a user could exploit the special case that SET ROLE normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example. The escalation-of-privilege risk exists only in 8.1.0-8.1.2. However, in all releases back to 7.3 there is a related bug in SET SESSION AUTHORIZATION that allows unprivileged users to crash the server, if it has been compiled with Asserts enabled (which is not the default). Thanks to Akio Ishida for reporting this problem. --> Binaries for RH-EL4 are available through postgresql.org at http://www.postgresql.org/ftp/binary/v8.1.3/linux/rpms/redhat/rhel-es-4/. These work fine on CentOS as far as I can determine. You must install compat-postgresql-libs-3-4.c4.centos to maintain CentOS-4.3 software with dependencies on older versions of PostgeSQL. -- *** e-mail is NOT a secure channel *** James B. Byrne mailto:ByrneJB.<token>@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3CE delivery <token> = hal