https://bugzilla.redhat.com/show_bug.cgi?id=664402 A stack-based buffer overflow flaw was found in the way PostgreSQL Object-Relational database management system (DBMS) processed certain tokens from the SQL query, when the intarray module was enabled on the particular database. An authenticated database user, when the intarray module was enabled on that particular database, running a specially-crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. Flaw exploitation requirement: ============================== This flaw to be successfully exploited requires the intarray PostgreSQL module to be enabled on a particular database or in general (for all databases). The intarray module is not enabled by default in the postgresql package installation, as shipped with Red Hat Enterprise Linux or Fedora. References: ----------- [1] http://www.postgresql.org/docs/current/static/intarray.html [2] http://www.postgresql.org/docs/current/static/contrib.html http://www.postgresql.org/support/security.html Versions containing fixes: 9.0.3, 8.4.7, 8.3.14, 8.2.20
postgresql maintainers, is it OK to stabilize? Please advise which packages and versions need to go stable.
postgresql-{server,base,docs} in versions: 9.0.3, 8.4.7, 8.3.14, 8.2.20 ebuilds are there already.
(In reply to comment #2) > postgresql-{server,base,docs} in versions: > 9.0.3, 8.4.7, 8.3.14, 8.2.20 Thank you. Arches, please stabilize the above.
Stable for HPPA.
x86 stable
amd64 ok: but there's bug 353750 and bug 347005 posted time ago by me
ppc/ppc64 stable
amd64 done. Thanks Agostino
Stable on alpha.
arm/ia64/s390/sh/sparc stable
Thanks, everyone. Added to existing GLSA request.
CVE-2010-4015 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4015): Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
This issue was resolved and addressed in GLSA 201110-22 at http://security.gentoo.org/glsa/glsa-201110-22.xml by GLSA coordinator Alex Legler (a3li).