This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 400931 - (CVE-2007-6067) CVE-2007-6067 postgresql: tempory DoS caused by slow regex NFA cleanup
CVE-2007-6067 postgresql: tempory DoS caused by slow regex NFA cleanup
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
public=20080107,reported=20071009,sou...
: Reopened, Security
Depends On: 427135 427136 427137 427138 427220 427221 427772 427773 427774 867793
Blocks: 816611
  Show dependency treegraph
 
Reported: 2007-11-27 08:23 EST by Tomas Hoger
Modified: 2013-01-08 03:58 EST (History)
4 users (show)

See Also:
Fixed In Version: 8.2.6-1.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-08 03:58:18 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2007-11-27 08:23:31 EST
Will Drewry reported a problem in a regular expression handling code used by
PosgreSQL.  This problem can be used to trigger temporary DoS attack by causing
PosgreSQL server to consume large amount of system memory and CPU resources.

On systems with memory overcommit enabled (default setting), database server can
be terminated by kernel OOM killer (see 'Managing Kernel Resources' section in
PosgreSQL documentation about more information on memory overcommit
configuration on Linux).

Regular expression code used by PosgreSQL was adopted from TCL.
Comment 3 Tomas Hoger 2008-01-07 08:57:35 EST
Public now, lifting embargo:

http://www.postgresql.org/about/news.905
http://www.postgresql.org/support/security.html
Comment 9 Fedora Update System 2008-01-11 17:14:04 EST
postgresql-8.2.6-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2008-01-11 17:24:17 EST
postgresql-8.2.6-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 errata-xmlrpc 2013-01-07 23:51:40 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:0122 https://rhn.redhat.com/errata/RHSA-2013-0122.html

Note You need to log in before you can comment on or make changes to this bug.