Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 539018 (CVE-2014-8161)

Summary: <dev-db/postgresql-{9.4.1,9.3.6,9.2.10,9.1.15,9.0.19}: Multiple vulnerabilities (CVE-2014-8161,CVE-2015-{0241,0242,0243,0244})
Product: Gentoo Security Reporter: Patrick Lauer <patrick>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: bruce, pgsql-bugs, security
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.postgresql.org/about/news/1569/
Whiteboard: A3 [glsa cve]
Package list:
Runtime testing required: ---

Description Patrick Lauer gentoo-dev 2015-02-06 06:16:01 UTC
9.4.1, 9.3.6, 9.2.10, 9.1.15 & 9.0.19 are freshly released and ebuilds in-tree already.

Fixing security issues:

    CVE-2015-0241 Buffer overruns in "to_char" functions.
    CVE-2015-0242 Buffer overrun in replacement printf family of functions.
    CVE-2015-0243 Memory errors in functions in the pgcrypto extension.
    CVE-2015-0244 An error in extended protocol message reading.
    CVE-2014-8161 Constraint violation errors can cause display of values in columns which the user would not normally have rights to see.
Comment 1 Agostino Sarubbo gentoo-dev 2015-02-06 10:22:36 UTC
Arches, please test and mark stable:
=dev-db/postgresql-9.0.19
=dev-db/postgresql-9.1.15
=dev-db/postgresql-9.2.10
=dev-db/postgresql-9.3.6
=dev-db/postgresql-9.4.1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Comment 2 Agostino Sarubbo gentoo-dev 2015-02-06 11:34:34 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2015-02-06 11:36:16 UTC
x86 stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2015-02-06 19:26:40 UTC
Stable for HPPA.
Comment 5 Agostino Sarubbo gentoo-dev 2015-02-16 10:21:58 UTC
sparc stable
Comment 6 Markus Meier gentoo-dev 2015-02-17 21:00:11 UTC
arm stable
Comment 7 Agostino Sarubbo gentoo-dev 2015-02-18 08:51:14 UTC
ppc64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2015-02-18 09:19:18 UTC
ppc stable
Comment 9 Agostino Sarubbo gentoo-dev 2015-02-23 11:39:47 UTC
ia64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2015-02-24 10:59:41 UTC
alpha stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 11 Patrick Lauer gentoo-dev 2015-03-16 03:01:12 UTC
  24 Feb 2015; Agostino Sarubbo <ago@gentoo.org> -postgresql-9.0.18-r2.ebuild,
  -postgresql-9.0.18-r3.ebuild, -postgresql-9.1.14-r2.ebuild,
  -postgresql-9.1.14-r3.ebuild, -postgresql-9.2.9-r2.ebuild,
  -postgresql-9.2.9-r3.ebuild, -postgresql-9.3.5-r2.ebuild,
  -postgresql-9.3.5-r3.ebuild, -postgresql-9.4.0-r1.ebuild,
  -postgresql-9.4.0.ebuild:
  Remove old


Cleanup completed
Comment 12 Yury German Gentoo Infrastructure gentoo-dev 2015-04-22 20:29:36 UTC
Arches and Maintainer(s), Thank you for your work.

New GLSA Request filed.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2015-07-18 13:02:14 UTC
This issue was resolved and addressed in
 GLSA 201507-20 at https://security.gentoo.org/glsa/201507-20
by GLSA coordinator Mikle Kolyada (Zlogene).