backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a MIN/MAX index optimization.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Postgresql | Postgresql | 6.3.2 (including) | 6.3.2 (including) |
| Postgresql | Postgresql | 6.5.3 (including) | 6.5.3 (including) |
| Postgresql | Postgresql | 7.0.2 (including) | 7.0.2 (including) |
| Postgresql | Postgresql | 7.0.3 (including) | 7.0.3 (including) |
| Postgresql | Postgresql | 7.1 (including) | 7.1 (including) |
| Postgresql | Postgresql | 7.1.1 (including) | 7.1.1 (including) |
| Postgresql | Postgresql | 7.1.2 (including) | 7.1.2 (including) |
| Postgresql | Postgresql | 7.1.3 (including) | 7.1.3 (including) |
| Postgresql | Postgresql | 7.2 (including) | 7.2 (including) |
| Postgresql | Postgresql | 7.2.1 (including) | 7.2.1 (including) |
| Postgresql | Postgresql | 7.2.2 (including) | 7.2.2 (including) |
| Postgresql | Postgresql | 7.2.3 (including) | 7.2.3 (including) |
| Postgresql | Postgresql | 7.2.4 (including) | 7.2.4 (including) |
| Postgresql | Postgresql | 7.2.7 (including) | 7.2.7 (including) |
| Postgresql | Postgresql | 7.3 (including) | 7.3 (including) |
| Postgresql | Postgresql | 7.3.1 (including) | 7.3.1 (including) |
| Postgresql | Postgresql | 7.3.2 (including) | 7.3.2 (including) |
| Postgresql | Postgresql | 7.3.3 (including) | 7.3.3 (including) |
| Postgresql | Postgresql | 7.3.4 (including) | 7.3.4 (including) |
| Postgresql | Postgresql | 7.3.6 (including) | 7.3.6 (including) |
| Postgresql | Postgresql | 7.3.8 (including) | 7.3.8 (including) |
| Postgresql | Postgresql | 7.3.9 (including) | 7.3.9 (including) |
| Postgresql | Postgresql | 7.3.10 (including) | 7.3.10 (including) |
| Postgresql | Postgresql | 7.3.11 (including) | 7.3.11 (including) |
| Postgresql | Postgresql | 7.3.12 (including) | 7.3.12 (including) |
| Postgresql | Postgresql | 7.3.13 (including) | 7.3.13 (including) |
| Postgresql | Postgresql | 7.3.14 (including) | 7.3.14 (including) |
| Postgresql | Postgresql | 7.3.15 (including) | 7.3.15 (including) |
| Postgresql | Postgresql | 7.4 (including) | 7.4 (including) |
| Postgresql | Postgresql | 7.4.1 (including) | 7.4.1 (including) |
| Postgresql | Postgresql | 7.4.2 (including) | 7.4.2 (including) |
| Postgresql | Postgresql | 7.4.3 (including) | 7.4.3 (including) |
| Postgresql | Postgresql | 7.4.4 (including) | 7.4.4 (including) |
| Postgresql | Postgresql | 7.4.5 (including) | 7.4.5 (including) |
| Postgresql | Postgresql | 7.4.6 (including) | 7.4.6 (including) |
| Postgresql | Postgresql | 7.4.7 (including) | 7.4.7 (including) |
| Postgresql | Postgresql | 7.4.8 (including) | 7.4.8 (including) |
| Postgresql | Postgresql | 7.4.9 (including) | 7.4.9 (including) |
| Postgresql | Postgresql | 7.4.10 (including) | 7.4.10 (including) |
| Postgresql | Postgresql | 7.4.11 (including) | 7.4.11 (including) |
| Postgresql | Postgresql | 7.4.12 (including) | 7.4.12 (including) |
| Postgresql | Postgresql | 7.4.13 (including) | 7.4.13 (including) |
| Postgresql | Postgresql | 8.0 (including) | 8.0 (including) |
| Postgresql | Postgresql | 8.0.1 (including) | 8.0.1 (including) |
| Postgresql | Postgresql | 8.0.2 (including) | 8.0.2 (including) |
| Postgresql | Postgresql | 8.0.3 (including) | 8.0.3 (including) |
| Postgresql | Postgresql | 8.0.4 (including) | 8.0.4 (including) |
| Postgresql | Postgresql | 8.0.5 (including) | 8.0.5 (including) |
| Postgresql | Postgresql | 8.0.6 (including) | 8.0.6 (including) |
| Postgresql | Postgresql | 8.0.7 (including) | 8.0.7 (including) |
| Postgresql | Postgresql | 8.0.8 (including) | 8.0.8 (including) |
| Postgresql | Postgresql | 8.1 (including) | 8.1 (including) |
| Postgresql | Postgresql | 8.1.1 (including) | 8.1.1 (including) |
| Postgresql | Postgresql | 8.1.2 (including) | 8.1.2 (including) |
| Postgresql | Postgresql | 8.1.3 (including) | 8.1.3 (including) |
| Postgresql | Postgresql | 8.1.4 (including) | 8.1.4 (including) |
| Red Hat Enterprise Linux 3 | RedHat | rh-postgresql-0:7.3.18-1 | * |
| Red Hat Enterprise Linux 4 | RedHat | postgresql-0:7.4.16-1.RHEL4.1 | * |
| Red Hat Enterprise Linux 5 | RedHat | postgresql-0:8.1.8-1.el5 | * |
| Red Hat Web Application Stack for RHEL 4 | RedHat | postgresql-0:8.1.7-3.el4s1.1 | * |
| Postgresql-8.1 | Ubuntu | dapper | * |
| Postgresql-8.1 | Ubuntu | devel | * |
| Postgresql-8.1 | Ubuntu | edgy | * |
| Postgresql-8.1 | Ubuntu | feisty | * |
References
- ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
- http://projects.commandprompt.com/public/pgsql/changeset/25504
- http://secunia.com/advisories/22562
- http://secunia.com/advisories/22584
- http://secunia.com/advisories/22606
- http://secunia.com/advisories/22636
- http://secunia.com/advisories/23048
- http://secunia.com/advisories/23132
- http://secunia.com/advisories/24094
- http://secunia.com/advisories/24284
- http://secunia.com/advisories/24577
- http://securitytracker.com/id?1017115
- http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm
- http://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:194
- http://www.novell.com/linux/security/advisories/2006_27_sr.html
- http://www.postgresql.org/about/news.664
- http://www.redhat.com/support/errata/RHSA-2007-0064.html
- http://www.redhat.com/support/errata/RHSA-2007-0067.html
- http://www.redhat.com/support/errata/RHSA-2007-0068.html
- http://www.securityfocus.com/bid/20717
- http://www.trustix.org/errata/2006/0059/
- http://www.ubuntu.com/usn/usn-369-1
- http://www.ubuntu.com/usn/usn-369-2
- http://www.vupen.com/english/advisories/2006/4182
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11425
- ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
- http://projects.commandprompt.com/public/pgsql/changeset/25504
- http://secunia.com/advisories/22562
- http://secunia.com/advisories/22584
- http://secunia.com/advisories/22606
- http://secunia.com/advisories/22636
- http://secunia.com/advisories/23048
- http://secunia.com/advisories/23132
- http://secunia.com/advisories/24094
- http://secunia.com/advisories/24284
- http://secunia.com/advisories/24577
- http://securitytracker.com/id?1017115
- http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm
- http://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:194
- http://www.novell.com/linux/security/advisories/2006_27_sr.html
- http://www.postgresql.org/about/news.664
- http://www.redhat.com/support/errata/RHSA-2007-0064.html
- http://www.redhat.com/support/errata/RHSA-2007-0067.html
- http://www.redhat.com/support/errata/RHSA-2007-0068.html
- http://www.securityfocus.com/bid/20717
- http://www.trustix.org/errata/2006/0059/
- http://www.ubuntu.com/usn/usn-369-1
- http://www.ubuntu.com/usn/usn-369-2
- http://www.vupen.com/english/advisories/2006/4182
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11425