SB2012070322 - Resource management error in postgresql (Alpine package)
Published: July 3, 2012
Security Bulletin ID
SB2012070322
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2012-2655)
The vulnerability allows a remote #AU# to perform service disruption.
PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=1c5310eff360085f33d17aad26ce9569a42419e7
- https://git.alpinelinux.org/aports/commit/?id=cd8669403fa9d39f9b385aaee42d8da3d1db20ff
- https://git.alpinelinux.org/aports/commit/?id=f295698d5f7474db0c9ec0b7d39c289f482e188f
- https://git.alpinelinux.org/aports/commit/?id=24f74765563bb229a7b0696522028620adef00d4