Bug 660478

Summary: VUL-0: PostgreSQL intarray buffer overflow
Product: [Novell Products] SUSE Security Incidents Reporter: Ludwig Nussel <lnussel>
Component: GeneralAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: behlert, max, meissner, regis, security-team, skliu
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: maint:released:11.2:38756 maint:released:11.3:38756 maint:released:sle10-sp3:38755 maint:released:sle10-sp4:39378 maint:released:sle11-sp1:38754 maint:released:sles9-sp3-teradata:41501
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 684292    

Description Ludwig Nussel 2010-12-20 08:32:56 UTC 
Your friendly security team received the following report via vendor-sec.
Please respond ASAP.
This issue is not public yet, please keep any information about it inside SUSE.
Note that build.opensuse.org *cannot* be used to prepare embargoed updates.

CVE-ID: CVE-2010-4015

Impact: An attacker who can cause the PostgreSQL server to execute certain commands may cause a denial of the PostgreSQL service or execute arbitrary code.

Description: A buffer overflow exists in the intarray module of the PostgreSQL server.  An attacker who can send a command to the PostgreSQL server with a long query_int parameter to the @@ or ~~ operators may cause a denial of the PostgreSQL service or execute arbitrary code.  This issue is addressed by improved bounds checking.  This issue does not affect Mac OS X.  Credit: Apple.
Comment 21 Reinhard Max 2011-02-16 17:51:00 UTC 
Packages submitted to SLES10-SP3, SLE11-SP1, 11.2, and 11.3.
Comment 31 Swamp Workflow Management 2011-03-30 14:11:43 UTC 
Update released for: postgresql, postgresql-contrib, postgresql-contrib-debuginfo, postgresql-debuginfo, postgresql-debugsource, postgresql-devel, postgresql-devel-debuginfo, postgresql-docs, postgresql-libs, postgresql-libs-debuginfo, postgresql-server, postgresql-server-debuginfo
Products:
openSUSE 11.2 (debug, i586, x86_64)
openSUSE 11.3 (debug, i586, x86_64)
Comment 32 Ludwig Nussel 2011-03-30 14:12:57 UTC 
released
Comment 33 Swamp Workflow Management 2011-03-30 17:21:06 UTC 
Update released for: postgresql, postgresql-contrib, postgresql-debuginfo, postgresql-devel, postgresql-docs, postgresql-libs, postgresql-libs-32bit, postgresql-libs-64bit, postgresql-libs-x86, postgresql-pl, postgresql-server
Products:
SLE-DESKTOP 10-SP3 (i386, x86_64)
SLE-SAP-APL 10-SP3 (x86_64)
SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)
Comment 34 Swamp Workflow Management 2011-03-30 18:57:26 UTC 
Update released for: postgresql, postgresql-contrib, postgresql-debuginfo, postgresql-devel, postgresql-docs, postgresql-libs, postgresql-libs-32bit, postgresql-libs-64bit, postgresql-libs-x86, postgresql-pl, postgresql-server
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 35 Swamp Workflow Management 2011-03-30 20:41:35 UTC 
Update released for: postgresql, postgresql-contrib, postgresql-debuginfo, postgresql-debugsource, postgresql-devel, postgresql-docs, postgresql-libs, postgresql-libs-32bit, postgresql-libs-x86, postgresql-pl, postgresql-plperl, postgresql-plpython, postgresql-pltcl, postgresql-server
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)
Comment 36 Leonardo Chiquitto 2011-04-20 21:57:33 UTC 
*** Bug 684292 has been marked as a duplicate of this bug. ***