Bug 1188694 (CVE-2015-0244)
Summary: | CVE-2015-0244 postgresql: loss of frontend/backend protocol synchronization after an error | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | cperry, dajohnso, fleite, gmccullo, hhorak, jhardy, jorton, jpadman, jprause, jvlcek, kvolny, mmaslano, praiskup, security-response-team, xlecauch |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | postgresql 9.0.19, postgresql 9.1.15, postgresql 9.2.10, postgresql 9.3.6, postgresql 9.4.1 | Doc Type: | Bug Fix |
Doc Text: |
A flaw was found in the way PostgreSQL handled certain errors that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-20 10:33:36 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1192909, 1192910, 1198651, 1198652, 1198653, 1198654, 1198663, 1198672, 1198673, 1198733 | ||
Bug Blocks: | 1188677 |
Description
Martin Prpič
2015-02-03 14:39:49 UTC
External References: http://www.postgresql.org/about/news/1569/ Upstream commit: https://github.com/postgres/postgres/commit/2b3a8b20c2da9f39ffecae25ab7c66974fbc0d3b This issue was addressed in Fedora 20 and Fedora 21 via the following security advisories: https://admin.fedoraproject.org/updates/FEDORA-2015-1728/postgresql-9.3.6-1.fc20 https://admin.fedoraproject.org/updates/FEDORA-2015-1745/postgresql-9.3.6-1.fc21 This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Via RHSA-2015:0699 https://rhn.redhat.com/errata/RHSA-2015-0699.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2015:0750 https://rhn.redhat.com/errata/RHSA-2015-0750.html This issue has been addressed in the following products: Red Hat Satellite Server v 5.7 Via RHSA-2015:0856 https://rhn.redhat.com/errata/RHSA-2015-0856.html |