The PostgreSQL project reports the following issue: When to_char() processes a numeric formatting template calling for a large number of digits, PostgreSQL would read past the end of a buffer. When processing a crafted timestamp formatting template, PostgreSQL would write past the end of a buffer. Either case could crash the server. We have not ruled out the possibility of attacks that lead to privilege escalation, though they seem unlikely. Acknowledgements: Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Andres Freund, Peter Geoghegan, Bernd Helmle, and Noah Misch as the original reporters.
External References: http://www.postgresql.org/about/news/1569/
Upstream commit: https://github.com/postgres/postgres/commit/0150ab567bcf5e5913e2b62a1678f84cc272441f
This issue was addressed in Fedora 20 and Fedora 21 via the following security advisories: https://admin.fedoraproject.org/updates/FEDORA-2015-1728/postgresql-9.3.6-1.fc20 https://admin.fedoraproject.org/updates/FEDORA-2015-1745/postgresql-9.3.6-1.fc21
This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Via RHSA-2015:0699 https://rhn.redhat.com/errata/RHSA-2015-0699.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2015:0750 https://rhn.redhat.com/errata/RHSA-2015-0750.html
This issue has been addressed in the following products: Red Hat Satellite Server v 5.7 Via RHSA-2015:0856 https://rhn.redhat.com/errata/RHSA-2015-0856.html