Bug 74505 - Multiple Postgresql Security Vulnerabilities
Multiple Postgresql Security Vulnerabilities
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: postgresql (Show other bugs)
7.3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Andrew Overholt
David Lawrence
http://postgresql.org/news.html
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-09-25 11:03 EDT by Need Real Name
Modified: 2007-04-18 12:46 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-01-17 09:31:16 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2002-09-25 11:03:50 EDT
Quoted from the Postgresql site:

"Due to recent security vulnerabilities reported on BugTraq, concerning several
buffer overruns found in PostgreSQL, the PostgreSQL Global Development Team
today released v7.2.2 of PostgreSQL that fixes these vulnerabilities.

The following buffer overruns have been identified and addressed:

    * in handling long datetime input
    * in repeat()
    * in lpad() and rpad() with multibyte
    * in SET TIME ZONE and TZ env var "

I have not verified that this version is vulnerable, however it was released
months before the vulnerabilities were patched, so I expect that it is indeed
vulnerable.

Other URL's with information on these multiple vulnerabilities include:

http://lwn.net/Articles/8445/
http://online.securityfocus.com/archive/1/288334
http://online.securityfocus.com/archive/1/288305
http://online.securityfocus.com/archive/1/288036
Comment 1 Mark J. Cox (Product Security) 2002-12-18 09:32:30 EST
An errata to address these flaws (and others) is in progress.  However note that
these are fairly minor security issues as they would require  the ability to be
able to connect to the database before they can be exploited.
Comment 2 Mark J. Cox (Product Security) 2003-01-17 09:31:16 EST
This is fixed by
https://rhn.redhat.com/errata/RHSA-2003-001.html
which was released this week.

Note You need to log in before you can comment on or make changes to this bug.