HP Tru64 UNIX - SSRT090217: PostgreSQL 8.3.5 and earlier running on HP Internet Express for Tru64 UNIX, Multiple Vulnerabilities. Copyright (c) Hewlett-Packard Company 2009. All rights reserved. PRODUCT: HP Internet Express for Tru64 UNIX SOURCE: Hewlett-Packard Company ECO INFORMATION: ECO Name: T64V51B-IX691-POSTGRESQL838-SSRT174-20091023.tar.gz ECO Kit Approximate Size: 46 MB Kit Applies To: HP Internet Express for Tru64 UNIX 6.9 ECO Kit CHECKSUMS: /usr/bin/sum results: 47556 47343 T64V51B-IX691-POSTGRESQL838-SSRT174-20091023.tar.gz /usr/bin/cksum results: 3241869860 48478503 MD5 results: 240a907f15bbbc7763cad102679f8c54 SHA1 results: c0bbcc82ab3290d35ffc1ca8bba69f1bc63ef8af ECO KIT SUMMARY: A setld-based patch kit exists for HP Internet Express for Tru64 UNIX 6.9 (IX) that contains solutions to the following problems: SSRT090217: Multiple potential security vulnerabilities have been identified in PostgreSQL version 8.3.5 and earlier available with Internet Express for Tru64 UNIX (IX). The vulnerabilities could allow remote authenticated users to execute arbitrary code, gain elevated privilege, or cause a denial of service (DoS). The patches in this kit will also be available in the next mainstream patch kit - IX 6.10 Special Installation Instructions The kit "T64V51B-IX691-POSTGRESQL838-SSRT174-20091023.tar.gz" when untarred contains the following files: - IX691-POSTGRESQL-SSRT174.tar.gz (Installable Kit) - postgresql-8.3.8.tar.Z (postgresql sources) Installing the kit 1. gunzip T64V51B-IX691-POSTGRESQL838-SSRT174-20091023.tar.gz 2. tar xvf T64V51B-IX691-POSTGRESQL838-SSRT174-20091023.tar 3. gunzip IX691-POSTGRESQL-SSRT174.tar.gz 4. tar xvf IX691-POSTGRESQL-SSRT174.tar 5. cd postgresql_kit 6. ls -R IAE.image IAEPSQL691 INSTCTRL instctrl ./instctrl: IAE.image IAE691.comp IAEPSQL691.ctrl IAEPSQL691.inv IAEPSQL691.scp 7. setld -l . SUPERSEDE INFORMATION: None. Please note that this IX PSQL ERP being delivered contains the subset IAEPSQL691 and the IX 6.9 kit will have the subset IAEPSQL690. Hence, IX 6.9 PSQL will not be allowed to overwrite the PSQL binary delivered by this ERP. All the features present in IX 6.9 PSQL are available in this PSQL ERP. KNOWN PROBLEMS WITH THE PATCH KIT: None. This patch delivers the following files: IAE.image IAEPSQL691 INSTCTRL ./instctrl/IAE.image ./instctrl/IAE691.comp ./instctrl/IAEPSQL691.ctrl ./instctrl/IAEPSQL691.inv ./instctrl/IAEPSQL691.scp PostgreSQL v 8.3.8 sources and license [R] UNIX is a registered trademark in the United States and other countries licensed exclusively through X/Open Company Limited. Copyright Hewlett-Packard Company 2009. All Rights reserved. This software is proprietary to and embodies the confidential technology of Hewlett-Packard Company. Possession, use, or copying of this software and media is authorized only pursuant to a valid written license from Hewlett-Packard or an authorized sublicensor. This ECO has not been through an exhaustive field test process. Due to the experimental stage of this ECO/workaround, Hewlett-Packard makes no representations regarding its use or performance. The customer shall have the sole responsibility for adequate protection and back-up data used in conjunction with this ECO/workaround.