-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-2138 2009-02-27 23:41:51 --------------------------------------------------------------------------------
Name : sepostgresql Product : Fedora 10 Version : 8.3.6 Release : 2.1634.fc10 URL : http://code.google.com/p/sepgsql/ Summary : Security Enhanced PostgreSQL Description : Security Enhanced PostgreSQL is an extension of PostgreSQL based on SELinux security policy, that applies fine grained mandatory access control to many objects within the database, and takes advantage of user authorization integrated within the operating system. SE-PostgreSQL works as a userspace reference monitor to check any SQL query. -------------------------------------------------------------------------------- Update Information: The prior version checks row-level permission after evaluation of WHERE clause, but it also means injecting a malicious function in WHERE clause enables to fetch contents of invisible tuple. This fix change the order. Row-level permission check is done prior to WHERE clause. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 26 2009 KaiGai Kohei <kai...@kaigai.gr.jp> - 8.3.6-2.1635 - bugfix: possible information leak by the order of permission checks in row level permission checks. * Wed Feb 25 2009 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 8.3.6-3.1518 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Fri Feb 6 2009 <kai...@kaigai.gr.jp> - 8.3.6-2.1523 - upgrade base PostgreSQL version 8.3.5->8.3.6 - backport features from 8.4devel tree - security policy fix for Fedora 9 * Sat Jan 17 2009 Tomas Mraz <tm...@redhat.com> - 8.3.5-2.1183 - rebuild with new openssl * Wed Nov 5 2008 <kai...@kaigai.gr.jp> - 8.3.5-2.1182 - upgrade base PostgreSQL version 8.3.4->8.3.5 - backport cumulative bugfixes from 8.4devel series -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update sepostgresql' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce