864852 – (CVE-2014-0065) VUL-0: CVE-2014-0065: postgresql: possible buffer overflow flaws

Bug 864852 (CVE-2014-0065) - VUL-0: CVE-2014-0065: postgresql: possible buffer overflow flaws

Summary: VUL-0: CVE-2014-0065: postgresql: possible buffer overflow flaws

Status:	RESOLVED FIXED

Alias:	CVE-2014-0065

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2014-12-25
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/96415/
Whiteboard:	maint:released:sle10-sp3:60008
Keywords:

Depends on:
Blocks:	864856
	Show dependency tree / graph

Clone This Bug

Reported:	2014-02-20 11:11 UTC by Victor Pereira
Modified:	2018-11-07 16:27 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Victor Pereira 2014-02-20 11:11:53 UTC

CVE-2014-0065

A Coverity scan revealed a number of possible buffer overflow flaws in PostgreSQL. An authenticated database user could possibly use these flaws to crash the PostgreSQL server or execute arbitrary code.

Acknowledgements:

Thanks to the PostgreSQL project for reporting this issue. Upstream acknowledges Peter Eisentraut and Jozef Mlich as the original reporters.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065
https://bugzilla.redhat.com/show_bug.cgi?id=1065235

Comment 1 Swamp Workflow Management 2014-02-20 23:01:45 UTC

bugbot adjusting priority

Comment 2 Swamp Workflow Management 2014-02-21 15:07:31 UTC

The SWAMPID for this issue is 56361.
This issue was rated as moderate.
Please submit fixed packages until 2014-03-07.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 3 SMASH SMASH 2014-02-21 15:10:57 UTC

Affected packages:

SLE-11-SP3: postgresql
SLE-10-SP3-TERADATA: postgresql
SLE-11-SP2: postgresql

Comment 6 Swamp Workflow Management 2014-03-08 14:05:53 UTC

openSUSE-SU-2014:0345-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 864845,864846,864847,864850,864851,864852,864853
CVE References: CVE-2014-0060,CVE-2014-0061,CVE-2014-0062,CVE-2014-0063,CVE-2014-0064,CVE-2014-0065,CVE-2014-0066,CVE-2014-0067
Sources used:
openSUSE 13.1 (src):    postgresql92-9.2.7-4.4.1, postgresql92-libs-9.2.7-4.4.1
openSUSE 12.3 (src):    postgresql92-9.2.7-1.12.1, postgresql92-libs-9.2.7-1.12.1

Comment 7 Swamp Workflow Management 2014-03-13 18:05:38 UTC

openSUSE-SU-2014:0368-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 864845,864846,864847,864850,864851,864852,864853
CVE References: CVE-2014-0060,CVE-2014-0061,CVE-2014-0062,CVE-2014-0063,CVE-2014-0064,CVE-2014-0065,CVE-2014-0066,CVE-2014-0067
Sources used:
openSUSE 11.4 (src):    postgresql-9.0.16-43.1, postgresql-libs-9.0.16-43.1

Comment 8 Swamp Workflow Management 2014-03-28 13:04:36 UTC

Update released for: libecpg6, libpq5, postgresql91, postgresql91-contrib, postgresql91-debuginfo, postgresql91-debugsource, postgresql91-devel, postgresql91-docs, postgresql91-libs, postgresql91-libs-debuginfo, postgresql91-libs-debugsource, postgresql91-plperl, postgresql91-plpython, postgresql91-pltcl, postgresql91-server, postgresql91-test
Products:
SLE-DEBUGINFO 11-SP1-TERADATA (x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)

Comment 9 Swamp Workflow Management 2014-03-28 15:49:06 UTC

Update released for: libecpg6, libecpg6-32bit, libecpg6-64bit, libecpg6-x86, libpq5, libpq5-32bit, libpq5-64bit, libpq5-x86, postgresql91, postgresql91-contrib, postgresql91-debuginfo, postgresql91-debugsource, postgresql91-devel, postgresql91-docs, postgresql91-libs, postgresql91-libs-debuginfo, postgresql91-libs-debugsource, postgresql91-plperl, postgresql91-plpython, postgresql91-pltcl, postgresql91-server, postgresql91-test
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)

Comment 10 Swamp Workflow Management 2014-03-28 19:05:13 UTC

SUSE-SU-2014:0461-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 864845,864846,864847,864850,864851,864852,864853
CVE References: CVE-2014-0060,CVE-2014-0061,CVE-2014-0062,CVE-2014-0063,CVE-2014-0064,CVE-2014-0065,CVE-2014-0066
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    postgresql91-libs-9.1.12-0.3.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    postgresql91-9.1.12-0.3.1, postgresql91-libs-9.1.12-0.3.1
SUSE Linux Enterprise Server 11 SP3 (src):    postgresql91-9.1.12-0.3.1, postgresql91-libs-9.1.12-0.3.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    postgresql91-9.1.12-0.3.1, postgresql91-libs-9.1.12-0.3.1

Comment 13 Swamp Workflow Management 2014-12-11 09:31:14 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2014-12-25.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/60006

Comment 14 Marcus Meissner 2015-01-14 15:39:55 UTC

released