Bug 316511 (CVE-2007-4772)
Summary: | CVE-2007-4772 postgresql DoS via infinite loop in regex NFA optimization code | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bressers, kreilly, mmaslano, tgl |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 8.2.6-1.fc8 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-01-08 08:57:44 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 427135, 427136, 427137, 427138, 427220, 427221, 427772, 427773, 427774, 432510, 432511, 867793 | ||
Bug Blocks: | 816611 |
Description
Tomas Hoger
2007-10-03 07:43:35 UTC
Note that these same looping behaviors have been reproduced in Tcl. Not sure if that should get its own CVE or not. If it's same code used in multiple products / projects (usually taken from one project to another), single CVE id is usually used. Public now, lifting embargo: http://www.postgresql.org/about/news.905 http://www.postgresql.org/support/security.html TCL fixed in 8.5.0, patch: http://tcl.cvs.sourceforge.net/tcl/tcl/generic/regc_nfa.c?r1=1.9&r2=1.10 postgresql-8.2.6-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. postgresql-8.2.6-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. This issue was addressed in: Red Hat Application Stack: http://rhn.redhat.com/errata/RHSA-2008-0040.html Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0038.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-0552 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-0478 This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0122 https://rhn.redhat.com/errata/RHSA-2013-0122.html |