rhsa-2014_0221
Vulnerability from csaf_redhat
Published
2014-02-27 18:23
Modified
2024-11-05 18:20
Summary
Red Hat Security Advisory: postgresql92-postgresql security update
Notes
Topic
Updated postgresql92-postgresql packages that fix multiple security issues
are now available for Red Hat Software Collections 1.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
PostgreSQL is an advanced object-relational database management system
(DBMS).
Multiple stack-based buffer overflow flaws were found in the date/time
implementation of PostgreSQL. An authenticated database user could provide
a specially crafted date/time value that, when processed, could cause
PostgreSQL to crash or, potentially, execute arbitrary code with the
permissions of the user running PostgreSQL. (CVE-2014-0063)
Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in various type input functions in PostgreSQL. An authenticated
database user could possibly use these flaws to crash PostgreSQL or,
potentially, execute arbitrary code with the permissions of the user
running PostgreSQL. (CVE-2014-0064)
Multiple potential buffer overflow flaws were found in PostgreSQL.
An authenticated database user could possibly use these flaws to crash
PostgreSQL or, potentially, execute arbitrary code with the permissions of
the user running PostgreSQL. (CVE-2014-0065)
It was found that granting an SQL role to a database user in a PostgreSQL
database without specifying the "ADMIN" option allowed the grantee to
remove other users from their granted role. An authenticated database user
could use this flaw to remove a user from an SQL role which they were
granted access to. (CVE-2014-0060)
A flaw was found in the validator functions provided by PostgreSQL's
procedural languages (PLs). An authenticated database user could possibly
use this flaw to escalate their privileges. (CVE-2014-0061)
A race condition was found in the way the CREATE INDEX command performed
multiple independent lookups of a table that had to be indexed. An
authenticated database user could possibly use this flaw to escalate their
privileges. (CVE-2014-0062)
It was found that the chkpass extension of PostgreSQL did not check the
return value of the crypt() function. An authenticated database user could
possibly use this flaw to crash PostgreSQL via a null pointer dereference.
(CVE-2014-0066)
Red Hat would like to thank the PostgreSQL project for reporting these
issues. Upstream acknowledges Noah Misch as the original reporter of
CVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the
original reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as
the original reporters of CVE-2014-0065, Andres Freund as the original
reporter of CVE-2014-0061, Robert Haas and Andres Freund as the original
reporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the
original reporters of CVE-2014-0066.
These updated packages upgrade PostgreSQL to version 9.2.7, which fixes
these issues as well as several non-security issues. Refer to the
PostgreSQL Release Notes for a full list of changes:
http://www.postgresql.org/docs/9.2/static/release-9-2-7.html
All PostgreSQL users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. If the postgresql
service is running, it will be automatically restarted after installing
this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated postgresql92-postgresql packages that fix multiple security issues\nare now available for Red Hat Software Collections 1.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "PostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nMultiple stack-based buffer overflow flaws were found in the date/time\nimplementation of PostgreSQL. An authenticated database user could provide\na specially crafted date/time value that, when processed, could cause\nPostgreSQL to crash or, potentially, execute arbitrary code with the\npermissions of the user running PostgreSQL. (CVE-2014-0063)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in various type input functions in PostgreSQL. An authenticated\ndatabase user could possibly use these flaws to crash PostgreSQL or,\npotentially, execute arbitrary code with the permissions of the user\nrunning PostgreSQL. (CVE-2014-0064)\n\nMultiple potential buffer overflow flaws were found in PostgreSQL.\nAn authenticated database user could possibly use these flaws to crash\nPostgreSQL or, potentially, execute arbitrary code with the permissions of\nthe user running PostgreSQL. (CVE-2014-0065)\n\nIt was found that granting an SQL role to a database user in a PostgreSQL\ndatabase without specifying the \"ADMIN\" option allowed the grantee to\nremove other users from their granted role. An authenticated database user\ncould use this flaw to remove a user from an SQL role which they were\ngranted access to. (CVE-2014-0060)\n\nA flaw was found in the validator functions provided by PostgreSQL\u0027s\nprocedural languages (PLs). An authenticated database user could possibly\nuse this flaw to escalate their privileges. (CVE-2014-0061)\n\nA race condition was found in the way the CREATE INDEX command performed\nmultiple independent lookups of a table that had to be indexed. An\nauthenticated database user could possibly use this flaw to escalate their\nprivileges. (CVE-2014-0062)\n\nIt was found that the chkpass extension of PostgreSQL did not check the\nreturn value of the crypt() function. An authenticated database user could\npossibly use this flaw to crash PostgreSQL via a null pointer dereference.\n(CVE-2014-0066)\n\nRed Hat would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Noah Misch as the original reporter of\nCVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the\noriginal reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as\nthe original reporters of CVE-2014-0065, Andres Freund as the original\nreporter of CVE-2014-0061, Robert Haas and Andres Freund as the original\nreporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the\noriginal reporters of CVE-2014-0066.\n\nThese updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. If the postgresql\nservice is running, it will be automatically restarted after installing\nthis update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0221",
"url": "https://access.redhat.com/errata/RHSA-2014:0221"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://www.postgresql.org/docs/9.2/static/release-9-2-7.html",
"url": "http://www.postgresql.org/docs/9.2/static/release-9-2-7.html"
},
{
"category": "external",
"summary": "1065219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065219"
},
{
"category": "external",
"summary": "1065220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065220"
},
{
"category": "external",
"summary": "1065222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065222"
},
{
"category": "external",
"summary": "1065226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065226"
},
{
"category": "external",
"summary": "1065230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065230"
},
{
"category": "external",
"summary": "1065235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065235"
},
{
"category": "external",
"summary": "1065236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065236"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0221.json"
}
],
"title": "Red Hat Security Advisory: postgresql92-postgresql security update",
"tracking": {
"current_release_date": "2024-11-05T18:20:32+00:00",
"generator": {
"date": "2024-11-05T18:20:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2014:0221",
"initial_release_date": "2014-02-27T18:23:10+00:00",
"revision_history": [
{
"date": "2014-02-27T18:23:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-02-27T18:23:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T18:20:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:1::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:1::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"product": {
"name": "postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"product_id": "postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql92-postgresql-libs@9.2.7-1.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"product": {
"name": "postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"product_id": "postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql92-postgresql-plpython@9.2.7-1.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"product": {
"name": "postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"product_id": "postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql92-postgresql-upgrade@9.2.7-1.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"product": {
"name": "postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"product_id": "postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql92-postgresql-debuginfo@9.2.7-1.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"product": {
"name": "postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"product_id": "postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql92-postgresql-devel@9.2.7-1.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"product": {
"name": "postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"product_id": "postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql92-postgresql-server@9.2.7-1.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"product": {
"name": "postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"product_id": "postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql92-postgresql-pltcl@9.2.7-1.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"product": {
"name": "postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"product_id": "postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql92-postgresql-test@9.2.7-1.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"product": {
"name": "postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"product_id": "postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql92-postgresql-contrib@9.2.7-1.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"product": {
"name": "postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"product_id": "postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql92-postgresql-plperl@9.2.7-1.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"product": {
"name": "postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"product_id": "postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql92-postgresql-docs@9.2.7-1.1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"product": {
"name": "postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"product_id": "postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql92-postgresql@9.2.7-1.1.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"product": {
"name": "postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"product_id": "postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql92-postgresql@9.2.7-1.1.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-0:9.2.7-1.1.el6.src as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src"
},
"product_reference": "postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-0:9.2.7-1.1.el6.src as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src"
},
"product_reference": "postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
},
"product_reference": "postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-1.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"PostgreSQL project"
]
},
{
"names": [
"Noah Misch"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0060",
"discovery_date": "2014-02-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065219"
}
],
"notes": [
{
"category": "description",
"text": "PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0060"
},
{
"category": "external",
"summary": "RHBZ#1065219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0060",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0060"
}
],
"release_date": "2014-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-27T18:23:10+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0221"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members"
},
{
"acknowledgments": [
{
"names": [
"PostgreSQL project"
]
},
{
"names": [
"Andres Freund"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0061",
"discovery_date": "2014-02-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065220"
}
],
"notes": [
{
"category": "description",
"text": "The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql: privilege escalation via procedural language validator functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0061"
},
{
"category": "external",
"summary": "RHBZ#1065220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0061",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0061"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0061",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0061"
}
],
"release_date": "2014-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-27T18:23:10+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0221"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postgresql: privilege escalation via procedural language validator functions"
},
{
"acknowledgments": [
{
"names": [
"PostgreSQL project"
]
},
{
"names": [
"Andres Freund",
"Robert Haas"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0062",
"discovery_date": "2014-02-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065222"
}
],
"notes": [
{
"category": "description",
"text": "Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql: CREATE INDEX race condition possibly leading to privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0062"
},
{
"category": "external",
"summary": "RHBZ#1065222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065222"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0062",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0062"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0062",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0062"
}
],
"release_date": "2014-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-27T18:23:10+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0221"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postgresql: CREATE INDEX race condition possibly leading to privilege escalation"
},
{
"acknowledgments": [
{
"names": [
"PostgreSQL project"
]
},
{
"names": [
"Noah Misch"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0063",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2014-02-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065226"
}
],
"notes": [
{
"category": "description",
"text": "Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql: stack-based buffer overflow in datetime input/output",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0063"
},
{
"category": "external",
"summary": "RHBZ#1065226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0063",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0063"
}
],
"release_date": "2014-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-27T18:23:10+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0221"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "postgresql: stack-based buffer overflow in datetime input/output"
},
{
"acknowledgments": [
{
"names": [
"PostgreSQL project"
]
},
{
"names": [
"Heikki Linnakangas",
"Noah Misch"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0064",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2014-02-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065230"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql: integer overflows leading to buffer overflows",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0064"
},
{
"category": "external",
"summary": "RHBZ#1065230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065230"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0064",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0064"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0064",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0064"
}
],
"release_date": "2014-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-27T18:23:10+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0221"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "postgresql: integer overflows leading to buffer overflows"
},
{
"acknowledgments": [
{
"names": [
"PostgreSQL project"
]
},
{
"names": [
"Peter Eisentraut",
"Jozef Mlich"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0065",
"discovery_date": "2014-02-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065235"
}
],
"notes": [
{
"category": "description",
"text": "Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql: possible buffer overflow flaws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0065"
},
{
"category": "external",
"summary": "RHBZ#1065235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0065",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0065"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0065",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0065"
}
],
"release_date": "2014-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-27T18:23:10+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0221"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "postgresql: possible buffer overflow flaws"
},
{
"acknowledgments": [
{
"names": [
"PostgreSQL project"
]
},
{
"names": [
"Honza Horak",
"Bruce Momjian"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0066",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2014-02-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065236"
}
],
"notes": [
{
"category": "description",
"text": "The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql: NULL pointer dereference",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0066"
},
{
"category": "external",
"summary": "RHBZ#1065236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065236"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0066",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0066"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0066",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0066"
}
],
"release_date": "2014-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-27T18:23:10+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0221"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postgresql: NULL pointer dereference"
},
{
"acknowledgments": [
{
"names": [
"PostgreSQL project"
]
},
{
"names": [
"Heikki Linnakangas",
"Noah Misch"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-2669",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2014-02-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1082154"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_from_array functions in contrib/hstore/hstore_io.c; and the (4) hstoreArrayToPairs function in contrib/hstore/hstore_op.c, which triggers a buffer overflow. NOTE: this issue was SPLIT from CVE-2014-0064 because it has a different set of affected versions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql: multiple integer overflows in hstore_io.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 5 and 6.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-2669"
},
{
"category": "external",
"summary": "RHBZ#1082154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-2669",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2669"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-2669",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2669"
}
],
"release_date": "2014-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-27T18:23:10+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0221"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Server-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Server-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.src",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-contrib-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-debuginfo-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-devel-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-docs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-libs-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plperl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-plpython-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-pltcl-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-server-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-test-0:9.2.7-1.1.el6.x86_64",
"6Workstation-RHSCL-1.0:postgresql92-postgresql-upgrade-0:9.2.7-1.1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "postgresql: multiple integer overflows in hstore_io.c"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.