Common Vulnerabilities and Exposures assigned an identifier CVE-2014-2669 to the following vulnerability: Name: CVE-2014-2669 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2669 Assigned: 20140328 Reference: http://wiki.postgresql.org/wiki/20140220securityrelease Reference: http://www.postgresql.org/about/news/1506/ Reference: http://www.postgresql.org/support/security/ Reference: https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a Reference: DEBIAN:DSA-2864 Reference: http://www.debian.org/security/2014/dsa-2864 Reference: DEBIAN:DSA-2865 Reference: http://www.debian.org/security/2014/dsa-2865 Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_from_array functions in contrib/hstore/hstore_io.c; and the (4) hstoreArrayToPairs function in contrib/hstore/hstore_op.c, which triggers a buffer overflow. NOTE: this issue was SPLIT from CVE-2014-0064 because it has a different set of affected versions.
See bug #1065230 for details on CVE-2014-0064. Because both Red Hat Enterprise Linux 5 and 6 do not ship with PostgreSQL 9.x, they are not affected by this flaw. Statement: Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 5 and 6. Acknowledgements: Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Heikki Linnakangas and Noah Misch as the original reporters.
This issue has been addressed in following products: Red Hat Software Collections for RHEL-6 Via RHSA-2014:0221 https://rhn.redhat.com/errata/RHSA-2014-0221.html
This issue has been addressed in following products: CloudForms Management Engine 5.x Via RHSA-2014:0469 https://rhn.redhat.com/errata/RHSA-2014-0469.html