CVE-2010-4015

Publication date 1 February 2011

Last updated 24 July 2024


Ubuntu priority

Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.

Status

Package Ubuntu Release Status
postgresql-8.1 11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper
Fixed 8.1.23-0ubuntu0.6.06.1
postgresql-8.3 11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Ignored end of life
8.04 LTS hardy
Fixed 8.3.14-0ubuntu8.04
6.06 LTS dapper Not in release
postgresql-8.4 11.04 natty
Not affected
10.10 maverick
Fixed 8.4.7-0ubuntu0.10.10
10.04 LTS lucid
Fixed 8.4.7-0ubuntu0.10.04
9.10 karmic
Fixed 8.4.7-0ubuntu0.9.10
8.04 LTS hardy Not in release
6.06 LTS dapper Not in release

References

Related Ubuntu Security Notices (USN)

    • USN-1058-1
    • PostgreSQL vulnerability
    • 3 February 2011

Other references