[CentOS] RPM for postgresql 8-* for CentOS4?

Mon Apr 17 23:35:54 UTC 2006
James B. Byrne <ByrneJB at Harte-Lyne.ca>

Message: 19
Date: Sun, 16 Apr 2006 18:38:27 +0900
From: Mark Sargent <powderkeg at snow.email.ne.jp>
Subject: Re: [CentOS] RPM for postgresql 8-* for CentOS4?
To: CentOS mailing list <centos at centos.org>
Message-ID: <44421093.7010403 at snow.email.ne.jp>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

> furthermore, I installed postgresql-server and then did another
> updatedb and ran rpm -qa and rpm -qi,


> [racket at ibmlap pgsql]$ rpm -qa | grep postgresql*
> [racket at ibmlap pgsql]$
> Sorry, I'm a little lost with this. Cheers.
> Mark Sargent.


$ rpm -qz postgres*

You should be running 8.1.3 which corrects a remote exploit problem:


Fix bug that allowed any logged-in user to SET ROLE to any other database
user id (CVE-2006-0553)

Due to inadequate validity checking, a user could exploit the special case
that SET ROLE normally uses to restore the previous role setting after an
error. This allowed ordinary users to acquire superuser status, for
example. The escalation-of-privilege risk exists only in 8.1.0-8.1.2.
However, in all releases back to 7.3 there is a related bug in SET SESSION
AUTHORIZATION that allows unprivileged users to crash the server, if it
has been compiled with Asserts enabled (which is not the default). Thanks
to Akio Ishida for reporting this problem.

Binaries for RH-EL4 are available through postgresql.org at
These work fine on CentOS as far as I can determine.  You must install
compat-postgresql-libs-3-4.c4.centos to maintain CentOS-4.3 software with
dependencies on older versions of PostgeSQL.

***     e-mail is NOT a secure channel     ***
James B. Byrne                mailto:ByrneJB.<token>@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3CE               delivery <token> = hal