CVE-2013-0255

Common Vulnerabilities and Exposures

Upstream information

CVE-2013-0255 at MITRE

Description

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Novell/SUSE information

Novell Bugzilla entry: 802679, 803057

SUSE Security Advisories:

openSUSE-SU-2013:0318-1, published Thu, 21 Feb 2013 14:04:40 +0100 (CET)
openSUSE-SU-2013:0319-1, published Thu, 21 Feb 2013 15:04:19 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
SLE 11 SP2 DEBUGINFO	`postgresql91-debuginfo >= 9.1.8-0.5.1` `postgresql91-debugsource >= 9.1.8-0.5.1`	Builds SAT Patch Nr: 7342
SUSE Linux Enterprise Software Development Kit 11 SP2	`postgresql91-devel >= 9.1.8-0.5.1`	Builds SAT Patch Nr: 7342
SUSE Linux Enterprise Desktop 11 SP2	`libecpg6 >= 9.1.8-0.5.1` `libpq5 >= 9.1.8-0.5.1` `postgresql91 >= 9.1.8-0.5.1`	Builds SAT Patch Nr: 7342
SUSE Linux Enterprise Desktop 11 SP2	`libecpg6 >= 9.1.8-0.5.1` `libpq5 >= 9.1.8-0.5.1` `libpq5-32bit >= 9.1.8-0.5.1` `postgresql91 >= 9.1.8-0.5.1`	Builds SAT Patch Nr: 7342
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	`libecpg6 >= 9.1.8-0.5.1` `libpq5 >= 9.1.8-0.5.1` `postgresql91 >= 9.1.8-0.5.1` `postgresql91-contrib >= 9.1.8-0.5.1` `postgresql91-docs >= 9.1.8-0.5.1` `postgresql91-server >= 9.1.8-0.5.1`	Builds SAT Patch Nr: 7342
SUSE Linux Enterprise Server 11 SP2	`libecpg6 >= 9.1.8-0.5.1` `libpq5 >= 9.1.8-0.5.1` `libpq5-x86 >= 9.1.8-0.5.1` `postgresql91 >= 9.1.8-0.5.1` `postgresql91-contrib >= 9.1.8-0.5.1` `postgresql91-docs >= 9.1.8-0.5.1` `postgresql91-server >= 9.1.8-0.5.1`	Builds SAT Patch Nr: 7342
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	`libecpg6 >= 9.1.8-0.5.1` `libpq5 >= 9.1.8-0.5.1` `libpq5-32bit >= 9.1.8-0.5.1` `postgresql91 >= 9.1.8-0.5.1` `postgresql91-contrib >= 9.1.8-0.5.1` `postgresql91-docs >= 9.1.8-0.5.1` `postgresql91-server >= 9.1.8-0.5.1`	Builds SAT Patch Nr: 7342
BDK 11 SP2	`postgresql-devel >= 8.3.23-0.4.1` `postgresql-libs >= 8.3.23-0.4.1`	Builds SAT Patch Nr: 7340
SLE 11 SP2 DEBUGINFO	`postgresql-debuginfo >= 8.3.23-0.4.1` `postgresql-debugsource >= 8.3.23-0.4.1`	Builds SAT Patch Nr: 7340
SUSE Linux Enterprise Desktop 11 SP2	`postgresql >= 8.3.23-0.4.1`	Builds SAT Patch Nr: 7340
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	`postgresql >= 8.3.23-0.4.1` `postgresql-contrib >= 8.3.23-0.4.1` `postgresql-docs >= 8.3.23-0.4.1` `postgresql-server >= 8.3.23-0.4.1`	Builds SAT Patch Nr: 7340