Bug 1188684 (CVE-2015-0241)
Summary: | CVE-2015-0241 postgresql: buffer overflow in the to_char() function | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | cperry, dajohnso, gmccullo, hhorak, jhardy, jorton, jprause, jvlcek, kvolny, mmaslano, praiskup, security-response-team, xlecauch |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | postgresql 9.0.19, postgresql 9.1.15, postgresql 9.2.10, postgresql 9.3.6, postgresql 9.4.1 | Doc Type: | Bug Fix |
Doc Text: |
A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-20 10:49:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1192909, 1192910, 1198651, 1198652, 1198653, 1198654, 1198663, 1198672, 1198673, 1198733 | ||
Bug Blocks: | 1188677 |
Description
Martin Prpič
2015-02-03 14:22:00 UTC
External References: http://www.postgresql.org/about/news/1569/ Upstream commit: https://github.com/postgres/postgres/commit/0150ab567bcf5e5913e2b62a1678f84cc272441f This issue was addressed in Fedora 20 and Fedora 21 via the following security advisories: https://admin.fedoraproject.org/updates/FEDORA-2015-1728/postgresql-9.3.6-1.fc20 https://admin.fedoraproject.org/updates/FEDORA-2015-1745/postgresql-9.3.6-1.fc21 This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Via RHSA-2015:0699 https://rhn.redhat.com/errata/RHSA-2015-0699.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2015:0750 https://rhn.redhat.com/errata/RHSA-2015-0750.html This issue has been addressed in the following products: Red Hat Satellite Server v 5.7 Via RHSA-2015:0856 https://rhn.redhat.com/errata/RHSA-2015-0856.html |