Red Hat Bugzilla – Bug 81244
Multiple Postgresql Security Vulnerabilities
Last modified: 2007-11-30 17:06:52 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;) Gecko/20020913 Description of problem: Quoted from the Postgresql site: "Due to recent security vulnerabilities reported on BugTraq, concerning several buffer overruns found in PostgreSQL, the PostgreSQL Global Development Team today released v7.2.2 of PostgreSQL that fixes these vulnerabilities. The following buffer overruns have been identified and addressed: * in handling long datetime input * in repeat() * in lpad() and rpad() with multibyte * in SET TIME ZONE and TZ env var " The version of PostgreSQL that was shipped with Red Hat Linux Advanced Server 2.1 was vulnerable to these buffer overruns. The multibyte code that can be exploited was not added until PostgreSQL 7.2, but it is part of my attached patch nonetheless. Other URL's with information on these multiple vulnerabilities include: http://lwn.net/Articles/8445/ http://marc.theaimsgroup.com/?l=postgresql-announce&m=103062536330644 http://marc.theaimsgroup.com/?l=bugtraq&m=102978152712430 http://marc.theaimsgroup.com/?l=bugtraq&m=102987306029821 http://marc.theaimsgroup.com/?l=postgresql-general&m=102995302604086 http://online.securityfocus.com/archive/1/288334 http://online.securityfocus.com/archive/1/288305 http://online.securityfocus.com/archive/1/288036 Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. a. $ pgsql -U template1 1. b. template1=# select repeat('xxx',1431655765); 2. a. $ pgsql -U template1 2. b. template1=# select cash_words('-700000000000000000000000000000'); Actual Results: 1. pqReadData() -- backend closed the channel unexpectedly. This probably means the backend terminated abnormally before or while processing the request. The connection to the server was lost. Attempting reset: Failed. !# 2. pqReadData() -- backend closed the channel unexpectedly. This probably means the backend terminated abnormally before or while processing the request. The connection to the server was lost. Attempting reset: Failed. !# Expected Results: 1. ERROR: Requested buffer is too large. 2. cash_words -------------------------------------------------------------------------------------------------------------------- Minus twenty one million four hundred seventy four thousand eight hundred thirty six dollars and forty eight cents (1 row) Additional info:
Created attachment 89177 [details] Backpatch of fixes from PostgreSQL 7.2.2, 7.2.3, and 7.3 This is the proposed backpatch of the fixes from more recent versions of PostgreSQL as provided by the PostgreSQL Global Development Group.
Erratum pushed. Closing.