Gentoo Bug 81350 - dev-db/postgresql: Buffer overflows in PL/PgSQL parser (CAN-2005-0247)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	81350
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Matthias Geerdsen <vorlon@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 81350 depends on:			Show dependency tree
Bug 81350 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2005-02-09 05:11 0000

Following CANs list <=8.0.1 as affected:

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0244>
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245>
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0246>
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0247>

244 and 246 appear to be fixed according to the 8.0.1 changelog, maybe someone can verify that.

(Additional) patches for 245 and 246 seem to have been introduced after the release though.

postgresql team, pls verify|patch|advise

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-02-10 11:32:44 0000 -------

Ubuntu fixed those with USN-79-1

http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0138.html

------- Comment #2 From Thierry Carrez (RETIRED) 2005-02-10 13:10:05 0000 -------

Confirming fixed in 7.4.7 :
CAN-2005-0227
CAN-2005-0244
CAN-2005-0246

They also fixed : "Avoid buffer overrun when plpgsql cursor declaration has too
many parameters (Neil)" This appears to be CAN-2004-0245.

This leaves CAN-2004-0247 to treat, the patch for 7.4.7 can be found at :
http://developer.postgresql.org/cvsweb.cgi/pgsql/src/pl/plpgsql/src/gram.y.diff?r1=1.48.2.1;r2=1.48.2.3;only_with_tag=REL7_4_STABLE

postgresql maintainers: You might want to also patch 8.0.1 using :
http://developer.postgresql.org/cvsweb.cgi/pgsql/src/pl/plpgsql/src/gram.y.diff?r1=1.64.4.1;r2=1.64.4.3;only_with_tag=REL8_0_STABLE

------- Comment #3 From Sune Kloppenborg Jeppesen 2005-02-11 12:40:03 0000 -------

Of course it is CAN-2005-0247 and not CAN-2004-0247.

Koon what is the status of CAN-2005-0245, is it fixed already?

GLSA drafted, Security please review.

------- Comment #4 From Thierry Carrez (RETIRED) 2005-02-11 13:00:55 0000 -------

Apparently yes. It's the same file anyway, so patching the last one will surely
solve both.

------- Comment #5 From Masatomo Nakano (RETIRED) 2005-02-11 13:42:23 0000 -------

I've applied the patche in 
  postgresql-7.3.9-r1.ebuild
  postgresql-7.4.7-r1.ebuild
  postgresql-8.0.1-r1.ebuild.

------- Comment #6 From Sune Kloppenborg Jeppesen 2005-02-13 05:58:41 0000 -------

Arches please test and mark stable. Target keywords:

postgresql-7.3.9-r1.ebuild:KEYWORDS="x86 ppc sparc alpha amd64 hppa ia64 mips"
postgresql-7.4.7-r1.ebuild:KEYWORDS="x86 ppc sparc mips alpha arm hppa amd64 ia64 s390 ppc64"
postgresql-8.0.1.ebuild:KEYWORDS="~x86 ~ppc ~sparc ~mips ~alpha ~arm ~hppa ~amd64 ~ia64 ~s390 ~ppc64" (Already there).

------- Comment #7 From Michael Hanselmann (hansmi) (RETIRED) 2005-02-13 08:24:16 0000 -------

Stable on ppc.

------- Comment #8 From Markus Rothe 2005-02-13 10:18:39 0000 -------

stable on ppc64

------- Comment #9 From Olivier Crete 2005-02-13 12:57:20 0000 -------

It's already stable on x86

------- Comment #10 From Bryan Østergaard (RETIRED) 2005-02-13 14:43:39 0000 -------

Stable on alpha.

------- Comment #11 From Jan Brinkmann (RETIRED) 2005-02-13 15:16:43 0000 -------

stable on amd64

------- Comment #12 From Gustavo Zacarias (RETIRED) 2005-02-14 07:47:28 0000 -------

sparc stable.

------- Comment #13 From Sune Kloppenborg Jeppesen 2005-02-14 14:02:13 0000 -------

GLSA-200502-19

arm, hppa, ia64, mips please remember to mark stable.

------- Comment #14 From Michael Hanselmann (hansmi) (RETIRED) 2005-02-16 01:21:53 0000 -------

Stable on hppa.

------- Comment #15 From Hardave Riar (RETIRED) 2005-02-18 09:30:49 0000 -------

Stable on mips.

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 81350

dev-db/postgresql: Buffer overflows in PL/PgSQL parser (CAN-2005-0247)

Last modified: 2007-09-22 23:25:37 0000