HP Tru64 UNIX - SSRT080006: PostgreSQL 8.2.4 and Earlier Running on HP Internet Express 
for Tru64 UNIX, Multiple Vulnerabilities

Copyright (c) Hewlett-Packard Company 2008.  All rights reserved.


PRODUCT:    HP Internet Express for Tru64 UNIX 
SOURCE:     Hewlett-Packard Company

ECO INFORMATION:

     ECO Name:   POSTGRESQL_8.2.6-ES-20080320.tar.gz
     ECO Kit Approximate Size:  35MB
     Kit Applies To:  HP Internet Express for Tru64 UNIX 6.7

     ECO Kit CHECKSUMS:
	/usr/bin/sum results:  
	49411  34225

	/usr/bin/cksum results: 
	3736051194 35045563

	MD5 results:   
	79e401ab98c1d642ffc559f81a0feece

	SHA1 results:
	c55ec89f72c8cd67f75933d037225728db0d1b9c


ECO KIT SUMMARY:

A setld-based patch kit exists for HP Internet Express for Tru64 UNIX 6.7
(IX) that contains solutions to the following problems:

Multiple potential security vulnerabilities have been identified 
in PostgreSQL version 8.2.4 and earlier available with Internet Express 
for Tru64 UNIX (IX). The vulnerabilities could allow remote 
authenticated users to execute arbitrary code, gain elevated 
privilege, or cause a denial of service (DoS).


The patches in this kit will also be available in the next mainstream
patch kit - IX 6.8.


Special Installation Instructions

The kit "POSTGRESQL_8.2.6-ES-20080320.tar.gz" when untarred contains the following files:
- README.txt (INSTALLATION instructions)
- postgresql-8.2.6.bin.tar.gz (installable kit)
- postgresql-8.2.6.src.tar.gz (postgresql sources)


Installing the kit

1. Untar the POSTGRESQL_8.2.6-ES-20080320.tar.gz kit using the command
       #gunzip -c POSTGRESQL_8.2.6-ES-20080320.tar.gz | tar xf -

2. #cd POSTGRESQL_8.2.6-20080320 

3. #ls
   README.txt postgresql-8.2.6.bin.tar.gz postgresql-8.2.6.src.tar.gz

4. To install the binaries, follow these steps:

       # gunzip -c  postgresql-8.2.6.bin.tar.gz | tar xf -
       # ls
         postgresql-8.2.6.bin
       # cd postgresql-8.2.6.bin
       # ls -R
         IAE.image   IAEPSQL672  INSTCTRL    instctrl

	 ./instctrl:
         IAE.image  IAE672.comp  IAEPSQL672.ctrl  IAEPSQL672.inv   IAEPSQL672.scp 

       # setld -l .


SUPERSEDE INFORMATION:

  None


KNOWN PROBLEMS WITH THE PATCH KIT:

None.

This patch delivers the following files:

IAE.image
IAEPSQL672
INSTCTRL
./instctrl/IAE.image
./instctrl/IAE672.comp
./instctrl/IAEPSQL672.ctrl
./instctrl/IAEPSQL672.inv
./instctrl/IAEPSQL672.scp
PostgreSQL v 8.2.6 souces and license



[R] UNIX is a registered trademark in the United States and other countries 
licensed exclusively through X/Open Company Limited.

Copyright Hewlett-Packard Company 2008.  All Rights reserved.