Summary: | dev-db/postgresql-server: DOS (CVE-2010-0733) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | esigra, pgsql-bugs, titanofold |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=546621 | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 320967 | ||
Bug Blocks: |
Description
Stefan Behte (RETIRED)
2010-04-06 03:48:01 UTC
CVE-2010-0733 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0733): Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations. There are no 8.5 ebuilds left, stabling through bug 312171 should get 8.4 up to a non-vulnerable version. Patrick meant bug 320967. Bug 312171 is unrelated to this bug. Updated dependency to the proper bug. This issue was resolved and addressed in GLSA 201110-22 at http://security.gentoo.org/glsa/glsa-201110-22.xml by GLSA coordinator Alex Legler (a3li). |