Bug 147703 - CAN-2005-0227 Multiple security and data-loss issues in PostgreSQL (CAN-2004-0977 CAN-2005-0245 CAN-2005-0247)
Summary: CAN-2005-0227 Multiple security and data-loss issues in PostgreSQL (CAN-2004-...
Alias: None
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: postgresql
Version: 2.1
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tom Lane
QA Contact: David Lawrence
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2005-02-10 18:11 UTC by Tom Lane
Modified: 2013-07-03 03:03 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2005-02-16 16:25:38 UTC

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:150 important SHIPPED_LIVE Important: postgresql security update 2005-02-16 05:00:00 UTC

Description Tom Lane 2005-02-10 18:11:29 UTC
Description of problem:
Some of the security issues mentioned in bug#147442 also apply to the
AS2.1 branch: specifically the LOAD issue CAN-2005-0227 and some
aspects of the plpgsql buffer overruns CAN-2005-0245, CAN-2005-0247.

Also, I noted that CAN-2004-0977 (bug#136301) and the low-priority
security issues mentioned in bug#136947 were never back-ported to the
AS2.1 branch.

In addition, while the Postgres community stopped maintaining PG 7.1
years ago, they have continued to back-port significant bug fixes
(data-loss and server-crash issues) into the PG 7.2 branch, and most
of these issues also apply to PG 7.1.  It's past time we updated AS2.1
with these fixes.  Our bug#130818 describes the most significant of
these issues but there are numerous minor ones.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.  See referenced bugzilla entries
Actual results:

Expected results:

Additional info:

Comment 1 Tom Lane 2005-02-10 18:29:50 UTC
Fixes created in postgresql-7.1.3-6.rhel2.1AS

Comment 2 Josh Bressers 2005-02-16 16:25:38 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.