Prev: Pause/Resume feature for Hot Standby
Next: [HACKERS] GUCs that need restart
From: "Kevin Grittner" on 4 May 2010 14:45
Srinivas Naik <naik.srinu(a)gmail.com> wrote:

> Actually, the installed versions are below
> *postgresql-8.3*

> I just wanted to know how severe it is and how it can effect the
> database to result Memory Corruption/DoS.

Well, you're clearly *not* on 8.3.10, or you would not get the
error. Perhaps you should apply the latest bug fixes?

http://www.postgresql.org/support/versioning

http://www.postgresql.org/docs/8.3/static/release.html

As far as I know it isn't any more conducive to DoS attacks than,
say, your average syntax error; however, if you're trying to keep
that risk low, you should be keeping up with the minor releases
anyway.

-Kevin

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Mark Kirkwood on 4 May 2010 21:15
On 05/05/10 06:24, Srinivas Naik wrote:
>
>
> I am sorry for that, but I made two different installations and I was
> messing up with various inputs.
>
> Actually, the installed versions are below
> *postgresql-8.3*
> *Ubuntu 8.10 with 2.6.27 Kernel*
> *and its an 32Bit O/S*
>
> pgsql$ SELECT substring(B'1111000000000001' from 5 for -2);
> ERROR:invalid memory alloc request size 4244635647
>
>

Please log into postgres do:

SELECT version();

(and Robert suggested) and show us the output - as we need to know the
3rd number e.g 8.3.x in the postgres version to help you any more.

regards

Mark




From: Mark Kirkwood on 4 May 2010 21:21
On 05/05/10 13:15, Mark Kirkwood wrote:
>
> Please log into postgres do:
>
> SELECT version();
>
> (and Robert suggested)

Should read *as* Robert suggested - sorry.

Also you could do this from the os:

$ aptitude show postgresql-8.3*

*which will display more detail for the version.

Cheers

Mark
*


*
From: Srinivas Naik on 5 May 2010 06:13
Hi Mark,

I took the output of the Postgresql. Please find the output:

Package: postgresql-8.3
State: installed
Automatically installed: no
Version: 8.3.9-0ubuntu8.10
Priority: optional
Section: misc
Maintainer: Martin Pitt <martin.pitt(a)ubuntu.com>
Uncompressed Size: 14.2M
Depends: libc6 (>= 2.4), libcomerr2 (>= 1.01), libkrb53 (>= 1.6.dfsg.2),
libldap-2.4-2 (>= 2.4.7), libpam0g (>= 0.99.7.1), libpq5 (>=
8.3~beta1), libssl0.9.8 (>= 0.9.8f-5), libxml2 (>= 2.6.27),
postgresql-client-8.3, postgresql-common (>= 79), tzdata, ssl-cert,
locales
Suggests: oidentd | ident-server
Conflicts: postgresql (< 7.5)
Description: object-relational SQL database, version 8.3 server
PostgreSQL is a fully featured object-relational database management
system.
It supports a large part of the SQL standard and is designed to be
extensible
by users in many aspects. Some of the features are: ACID transactions,
foreign
keys, views, sequences, subqueries, triggers, user-defined types and
functions,
outer joins, multiversion concurrency control. Graphical user interfaces
and
bindings for many programming languages are available as well.

This package provides the database server for PostgreSQL 8.3. Servers for
other
major release versions can be installed simultaneously and are coordinated
by
the postgresql-common package. A package providing ident-server is needed
if
you want to authenticate remote connections with identd.


Regards,
Srinivas Naik

On Wed, May 5, 2010 at 1:21 AM, Mark Kirkwood <mark.kirkwood(a)catalyst.net.nz
> wrote:

> On 05/05/10 13:15, Mark Kirkwood wrote:
>
>
> Please log into postgres do:
>
> SELECT version();
>
> (and Robert suggested)
>
>
> Should read *as* Robert suggested - sorry.
>
> Also you could do this from the os:
>
> $ aptitude show postgresql-8.3*
>
> *which will display more detail for the version.
>
> Cheers
>
> Mark
> *
>
>
> *
>
From: Mark Kirkwood on 5 May 2010 17:48
On 05/05/10 22:13, Srinivas Naik wrote:
> Hi Mark,
>
> I took the output of the Postgresql. Please find the output:
>
> Package: postgresql-8.3
> State: installed
> Automatically installed: no
> Version: 8.3.9-0ubuntu8.10


Ok - your bug is fixed in 8.3.10. This should make its way to your
Ubuntu apt repository soon (provided 8.10 is still getting updates that
is...).

regards

Mark


First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: Pause/Resume feature for Hot Standby
Next: [HACKERS] GUCs that need restart