Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 313335 (CVE-2010-0733) - dev-db/postgresql-server: DOS (CVE-2010-0733)
Summary: dev-db/postgresql-server: DOS (CVE-2010-0733)
Status: RESOLVED FIXED
Alias: CVE-2010-0733
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B4 [glsa]
Keywords:
Depends on: CVE-2010-1169
Blocks:
  Show dependency tree
 
Reported: 2010-04-06 03:48 UTC by Stefan Behte (RETIRED)
Modified: 2011-10-25 07:51 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-04-06 03:48:01 UTC 
CVE-2010-0733 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0733):
  Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL
  8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote
  authenticated users to cause a denial of service (daemon crash) via a
  SELECT statement with many LEFT JOIN clauses, related to certain
  hashtable size calculations.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-11 14:02:54 UTC 
CVE-2010-0733 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0733):
  Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL
  8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote
  authenticated users to cause a denial of service (daemon crash) via a
  SELECT statement with many LEFT JOIN clauses, related to certain
  hashtable size calculations.
Comment 2 Patrick Lauer gentoo-dev 2010-06-16 18:10:47 UTC 
There are no 8.5 ebuilds left, stabling through bug 312171 should get 8.4 up to a non-vulnerable version.
Comment 3 Aaron W. Swenson gentoo-dev 2010-08-11 23:30:58 UTC 
Patrick meant bug 320967. Bug 312171 is unrelated to this bug.
Comment 4 Aaron W. Swenson gentoo-dev 2011-05-01 01:51:59 UTC 
Updated dependency to the proper bug.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2011-10-25 07:51:18 UTC 
This issue was resolved and addressed in
 GLSA 201110-22 at http://security.gentoo.org/glsa/glsa-201110-22.xml
by GLSA coordinator Alex Legler (a3li).