Pardus alert 2011-37 (postgresql-doc postgresql-lib postgresql-pl postgresql-server)
| From: | Meltem <meltem@pardus.org.tr> | |
| To: | pardus-security@pardus.org.tr | |
| Subject: | [Pardus-security] [PLSA 2011-37] PostgreSQL: Buffer Overflow | |
| Date: | Mon, 14 Feb 2011 12:24:41 +0200 | |
| Message-ID: | <201102141224.41379.meltem@pardus.org.tr> |
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-37 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-02-14 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in PostgreSQL, which can potentially be exploited by malicious people to cause a denial of service (crash) and possibly execute arbitrary code. Description =========== CVE-2010-4015: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions. Affected packages: Pardus 2009: postgresql-doc, all before 8.3.14-28-11 postgresql-lib, all before 8.3.14-28-11 postgresql-pl, all before 8.3.14-28-11 postgresql-server, all before 8.3.14-28-11 Resolution ========== There are update(s) for postgresql-doc, postgresql-lib, postgresql-pl, postgresql-server. You can update them via Package Manager or with a single command from console: pisi up postgresql-doc postgresql-lib postgresql-pl postgresql-server References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=16687 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security