Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 688420 (CVE-2019-10164) - <dev-db/postgresql-{11.4,10.9}: Stack-based buffer overflow via setting a password (CVE-2019-10164)
Summary: <dev-db/postgresql-{11.4,10.9}: Stack-based buffer overflow via setting a pas...
Status: IN_PROGRESS
Alias: CVE-2019-10164
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://www.postgresql.org/about/news...
Whiteboard: B1 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-06-21 00:18 UTC by Aaron W. Swenson
Modified: 2019-10-26 23:57 UTC (History)
1 user (show)

See Also:
Package list:
dev-db/postgresql-11.4 alpha amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86 dev-db/postgresql-10.9 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Runtime testing required: No
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aaron W. Swenson gentoo-dev 2019-06-21 00:18:29 UTC
Major versions prior to 10 are unaffected.

Stabilization targets:
=dev-db/postgresql-11.4 ~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86
=dev-db/postgresql-10.9 ~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86

Note: arm64 stabilization was introduced with 11.3.

==============================================


CVE-2019-10164: Stack-based buffer overflow via setting a password

Versions affected: 10, 11, 12 beta.

An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account.

Additionally, a rogue server could send a specifically crafted message during the SCRAM authentication process and cause a libpq-enabled client to either crash or execute arbitrary code as the client's operating system account.

This issue is fixed by upgrading and restarting your PostgreSQL server as well as your libpq installations. All users running PostgreSQL 10, 11, and 12 beta are encouraged to upgrade as soon as possible.

The PostgreSQL Project thanks Alexander Lakhin for reporting this problem.
Comment 1 Sergei Trofimovich gentoo-dev 2019-06-22 10:31:14 UTC
ia64 stable
Comment 2 Sergei Trofimovich gentoo-dev 2019-06-22 10:33:18 UTC
ppc stable
Comment 3 Sergei Trofimovich gentoo-dev 2019-06-22 10:35:06 UTC
ppc64 stable
Comment 4 Rolf Eike Beer 2019-06-23 10:31:04 UTC
sparc stable
Comment 5 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-06-23 12:23:29 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2019-06-26 06:51:01 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2019-06-27 13:29:55 UTC
alpha stable
Comment 8 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-07-22 16:08:34 UTC
arm64 stable
Comment 9 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-07-28 20:12:54 UTC
arm stable
Comment 10 Larry the Git Cow gentoo-dev 2019-07-29 10:31:58 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4fa4501da1e923eaac0bb9af33e5ea979f539263

commit 4fa4501da1e923eaac0bb9af33e5ea979f539263
Author:     Aaron W. Swenson <titanofold@gentoo.org>
AuthorDate: 2019-07-29 10:31:28 +0000
Commit:     Aaron W. Swenson <titanofold@gentoo.org>
CommitDate: 2019-07-29 10:31:45 +0000

    dev-db/postgresql: Cleanup insecure
    
    Bug: https://bugs.gentoo.org/688420
    Package-Manager: Portage-2.3.66, Repoman-2.3.11
    Signed-off-by: Aaron W. Swenson <titanofold@gentoo.org>

 dev-db/postgresql/Manifest                  |   2 -
 dev-db/postgresql/postgresql-10.8-r1.ebuild | 466 ---------------------------
 dev-db/postgresql/postgresql-10.8.ebuild    | 460 ---------------------------
 dev-db/postgresql/postgresql-11.3-r1.ebuild | 468 ----------------------------
 dev-db/postgresql/postgresql-11.3.ebuild    | 460 ---------------------------
 5 files changed, 1856 deletions(-)
Comment 11 Thomas Deutschmann gentoo-dev Security 2019-10-26 23:57:34 UTC
New GLSA request filed.