PublicDateAtUSN: 2013-02-07
Candidate: CVE-2013-0255
PublicDate: 2013-02-13 01:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255
 http://www.postgresql.org/about/news/1446/
 https://ubuntu.com/security/notices/USN-1717-1
Description:
 PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12,
 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the
 enum_recv function in backend/utils/adt/enum.c, which causes it to be
 invoked with incorrect arguments and allows remote authenticated users to
 cause a denial of service (server crash) or read sensitive process memory
 via a crafted SQL command, which triggers an array index error and an
 out-of-bounds read.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/postgresql-9.1/+bug/1116336
Priority: medium
Discovered-by: Sumit Soni
Assigned-to:
CVSS: 

Patches_postgresql-9.1:
upstream_postgresql-9.1: released (9.1.8)
hardy_postgresql-9.1: DNE
lucid_postgresql-9.1: DNE
oneiric_postgresql-9.1: released (9.1.8-0ubuntu11.10)
precise_postgresql-9.1: released (9.1.8-0ubuntu12.04)
quantal_postgresql-9.1: released (9.1.8-0ubuntu12.10)
raring_postgresql-9.1: not-affected (9.1.8-1)
devel_postgresql-9.1: not-affected (9.1.8-1)

Patches_postgresql-8.4:
upstream_postgresql-8.4: released (8.4.16)
hardy_postgresql-8.4: DNE
lucid_postgresql-8.4: released (8.4.16-0ubuntu10.04)
oneiric_postgresql-8.4: ignored (reached end-of-life)
precise_postgresql-8.4: released (8.4.16-0ubuntu12.04)
quantal_postgresql-8.4: DNE
raring_postgresql-8.4: DNE
devel_postgresql-8.4: DNE

Patches_postgresql-8.3:
upstream_postgresql-8.3: released (8.3.23)
hardy_postgresql-8.3: released (8.3.23-0ubuntu8.04)
lucid_postgresql-8.3: DNE
oneiric_postgresql-8.3: DNE
precise_postgresql-8.3: DNE
quantal_postgresql-8.3: DNE
raring_postgresql-8.3: DNE
devel_postgresql-8.3: DNE

Patches_postgresql-8.2:
upstream_postgresql-8.2: needs-triage
hardy_postgresql-8.2: ignored (reached end-of-life)
lucid_postgresql-8.2: DNE
oneiric_postgresql-8.2: DNE
precise_postgresql-8.2: DNE
quantal_postgresql-8.2: DNE
raring_postgresql-8.2: DNE
devel_postgresql-8.2: DNE