What is CVE-2013-0255, do we have a fix for the same ?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • postgresql

Issue

  • What is CVE-2013-0255, do we have a fix for the same ?

Resolution

  • This issue did not affect the version of postgresql, as shipped with Red Hat Enterprise Linux 5.
  • This issue affects the version of postgresql84, as shipped with Red Hat Enterprise Linux 5 and the version of postgresql, as shipped with Red Hat Enterprise Linux 6.
  • The issue was tracked in Bugzilla # 907892 and a fix for the same was released with Errata # RHSA-2013-1475.

Root Cause

  • An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service (daemon crash) or disclosure of certain portions of server memory.
  • For more infromation refer: CVE-2013-0255

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments