Bug 152581

Summary: CAN-2002-1642 postgresql VACUUM DoS
Product: Red Hat Enterprise Linux 2.1 Reporter: Josh Bressers <bressers>
Component: postgresqlAssignee: Tom Lane <tgl>
Status: CLOSED NOTABUG QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.1CC: hhorak
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20021003,source=cve,reported=20050329
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-03-30 18:19:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2005-03-30 14:52:21 UTC 
PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction log
(pg_clog) data and cause a denial of service (data loss) via the VACUUM command.

Additional information is here:
http://archives.postgresql.org/pgsql-announce/2002-10/msg00000.php
Comment 1 Josh Bressers 2005-03-30 14:53:05 UTC 
Tom,

Can you take a look at this issue and let me know if we're vulnerable.  I've not
verified it one way of the other.
Comment 2 Tom Lane 2005-03-30 18:19:31 UTC 
AFAIK Red Hat has never shipped Postgres 7.2.anything --- we went from 7.1.* to
7.3.*.  Certainly 2.1AS is still using 7.1.3.  (No, this issue doesn't apply to
PG 7.1.*.)