REDHAT-BUG-488156
First published: Mon Mar 02 2009(Updated: )
A stack overflow was found in how PostgreSQL handles conversion encoding. This could allow an authenticated user to kill connections to the PostgreSQL server for a small amount of time, which could interupt transactions by other users/clients. The original report is here: <a href="http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php">http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php</a> Upstream has a patch for this issue that causes the server to crash in a different way (core dump due to abort() rather than core dump due to stack overflow), but it sounds like they are still looking for a better fix.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PostgreSQL Common |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517405
- https://access.redhat.com/security/cve/CVE-2009-0922
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0922
- http://www.openwall.com/lists/oss-security/2009/03/11/4
- http://archives.postgresql.org//pgsql-bugs/2009-02/msg00176.php
- http://admin.fedoraproject.org/updates/postgresql-8.3.7-1.fc10
- http://admin.fedoraproject.org/updates/postgresql-8.3.7-1.fc9
- http://www.redhat.com/security/updates/classification/
- https://rhn.redhat.com/errata/RHSA-2009-1067.html
- https://rhn.redhat.com/errata/RHSA-2009-1484.html
- https://bugzilla.redhat.com/show_bug.cgi?id=488156
Frequently Asked Questions
What is the severity of REDHAT-BUG-488156?
The severity of REDHAT-BUG-488156 is classified as moderate due to the potential risk of connection interruption.
How do I fix REDHAT-BUG-488156?
To fix REDHAT-BUG-488156, ensure you are using the latest stable version of PostgreSQL that addresses the stack overflow vulnerability.
Who is affected by REDHAT-BUG-488156?
Authenticated users of PostgreSQL are affected by REDHAT-BUG-488156 because it allows them to disrupt connections.
What is the impact of REDHAT-BUG-488156?
The impact of REDHAT-BUG-488156 is that it can cause temporary disruptions to transactions for users connected to the PostgreSQL server.
Is PostgreSQL JDBC Driver affected by REDHAT-BUG-488156?
Yes, the PostgreSQL JDBC Driver is affected by REDHAT-BUG-488156 as it utilizes PostgreSQL's encoding conversion mechanisms.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-0922
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/postgresql
- canonical/postgresql common