Fedora Account System
Red Hat Associate
Red Hat Customer
An integer overflow flaw was found in the way postgresql used to calculate size for the hashtable for joined relations. An attacker could formulate a specially-crafted sql query, which once processed would lead to denial of service (postgresql daemon crash). Upstream bug report: -------------------- [1] http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php References: ----------- [2] http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php [3] http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php [4] http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php Upstream patch: --------------- git clone git://git.postgresql.org/git/postgresql.git cd postgresql && git show 64b057e6823655fb6c5d1f24a28f236b94dd6c54 Credit: ------- Bernt Marius Johnsen
Created attachment 377733 [details] Local copy of relevant upstream patch
(In reply to comment #0) > Upstream patch: > --------------- > git clone git://git.postgresql.org/git/postgresql.git > cd postgresql && git show 64b057e6823655fb6c5d1f24a28f236b94dd6c54 http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=64b057e6823655fb6c5d1f24a28f236b94dd6c54
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
This one has been assigned CVE-2010-0733
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Via RHSA-2010:0427 https://rhn.redhat.com/errata/RHSA-2010-0427.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0428 https://rhn.redhat.com/errata/RHSA-2010-0428.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0429 https://rhn.redhat.com/errata/RHSA-2010-0429.html