Summary: | dev-db/postgresql: Buffer overflows in PL/PgSQL parser (CAN-2005-0247) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthias Geerdsen (RETIRED) <vorlon> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | esigra, pgsql-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | B1 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Matthias Geerdsen (RETIRED)
2005-02-09 05:11:19 UTC
Ubuntu fixed those with USN-79-1 http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0138.html Confirming fixed in 7.4.7 : CAN-2005-0227 CAN-2005-0244 CAN-2005-0246 They also fixed : "Avoid buffer overrun when plpgsql cursor declaration has too many parameters (Neil)" This appears to be CAN-2004-0245. This leaves CAN-2004-0247 to treat, the patch for 7.4.7 can be found at : http://developer.postgresql.org/cvsweb.cgi/pgsql/src/pl/plpgsql/src/gram.y.diff?r1=1.48.2.1;r2=1.48.2.3;only_with_tag=REL7_4_STABLE postgresql maintainers: You might want to also patch 8.0.1 using : http://developer.postgresql.org/cvsweb.cgi/pgsql/src/pl/plpgsql/src/gram.y.diff?r1=1.64.4.1;r2=1.64.4.3;only_with_tag=REL8_0_STABLE Of course it is CAN-2005-0247 and not CAN-2004-0247. Koon what is the status of CAN-2005-0245, is it fixed already? GLSA drafted, Security please review. Apparently yes. It's the same file anyway, so patching the last one will surely solve both. I've applied the patche in postgresql-7.3.9-r1.ebuild postgresql-7.4.7-r1.ebuild postgresql-8.0.1-r1.ebuild. Arches please test and mark stable. Target keywords: postgresql-7.3.9-r1.ebuild:KEYWORDS="x86 ppc sparc alpha amd64 hppa ia64 mips" postgresql-7.4.7-r1.ebuild:KEYWORDS="x86 ppc sparc mips alpha arm hppa amd64 ia64 s390 ppc64" postgresql-8.0.1.ebuild:KEYWORDS="~x86 ~ppc ~sparc ~mips ~alpha ~arm ~hppa ~amd64 ~ia64 ~s390 ~ppc64" (Already there). Stable on ppc. stable on ppc64 It's already stable on x86 Stable on alpha. stable on amd64 sparc stable. GLSA-200502-19 arm, hppa, ia64, mips please remember to mark stable. Stable on hppa. Stable on mips. |