Bug 546621 (CVE-2010-0733)

Summary: CVE-2010-0733 postgresql: Integer overflow in hash table size calculation
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: security-response-team, tgl, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://developer.postgresql.org/pgdocs/postgres/release-7-4-27.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-26 15:09:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 552617, 586056, 586057, 586058, 586059, 589541, 589543, 812237    
Bug Blocks:    
Attachments:
Description Flags
Local copy of relevant upstream patch none

Description Jan Lieskovsky 2009-12-11 13:30:41 UTC 
An integer overflow flaw was found in the way postgresql
used to calculate size for the hashtable for joined 
relations. An attacker could formulate a specially-crafted
sql query, which once processed would lead to denial of
service (postgresql daemon crash).

Upstream bug report:
--------------------
[1] http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php

References:
-----------
[2] http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php
[3] http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php
[4] http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php

Upstream patch:
---------------
git clone git://git.postgresql.org/git/postgresql.git
cd postgresql && git show 64b057e6823655fb6c5d1f24a28f236b94dd6c54

Credit:
-------
Bernt Marius Johnsen
Comment 2 Jan Lieskovsky 2009-12-11 13:37:42 UTC 
Created attachment 377733 [details]
Local copy of relevant upstream patch
Comment 4 Tomas Hoger 2009-12-15 10:14:16 UTC 
(In reply to comment #0)
> Upstream patch:
> ---------------
> git clone git://git.postgresql.org/git/postgresql.git
> cd postgresql && git show 64b057e6823655fb6c5d1f24a28f236b94dd6c54

http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=64b057e6823655fb6c5d1f24a28f236b94dd6c54
Comment 11 Vincent Danen 2010-03-09 16:44:57 UTC 
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.
Comment 12 Vincent Danen 2010-03-16 17:23:48 UTC 
This one has been assigned CVE-2010-0733
Comment 19 errata-xmlrpc 2010-05-19 15:48:52 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3

Via RHSA-2010:0427 https://rhn.redhat.com/errata/RHSA-2010-0427.html
Comment 20 errata-xmlrpc 2010-05-19 16:16:05 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2010:0428 https://rhn.redhat.com/errata/RHSA-2010-0428.html
Comment 21 errata-xmlrpc 2010-05-19 16:30:07 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0429 https://rhn.redhat.com/errata/RHSA-2010-0429.html