Home > mailing lists

pgsql: Cherry-pick security-relevant fixes from upstream imath library. - Mailing list pgsql-committers

From	Noah Misch
Subject	pgsql: Cherry-pick security-relevant fixes from upstream imath library.
Date	February 7, 2015 05:19:34
Msg-id	E1YIIVa-0008QX-Vr@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Cherry-pick security-relevant fixes from upstream imath library.

This covers alterations to buffer sizing and zeroing made between imath
1.3 and imath 1.20.  Valgrind Memcheck identified the buffer overruns
and reliance on uninitialized data; their exploit potential is unknown.
Builds specifying --with-openssl are unaffected, because they use the
OpenSSL BIGNUM facility instead of imath.  Back-patch to 9.0 (all
supported versions).

Security: CVE-2015-0243

Branch
------
REL9_0_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/0a3ee8a5f845d0b7ad0ad9efa0ff08f221404c4d

Modified Files
--------------
contrib/pgcrypto/imath.c |   24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)

pgsql-committers by date:

From: Heikki Linnakangas
Date: 07 February 2015, 05:19:16
Subject: pgsql: Be more careful to not lose sync in the FE/BE protocol.

From: Heikki Linnakangas
Date: 07 February 2015, 05:19:48
Subject: pgsql: Be more careful to not lose sync in the FE/BE protocol.

pgsql: Cherry-pick security-relevant fixes from upstream imath library. - Mailing list pgsql-committers

Previous

Next