Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Debian: DSA-3475-1 Critical: PostgreSQL-9.1 DoS and Escalation Issues

debian
Calendar Grey February 13, 2016
Scroller Debian
Enhance your PostgreSQL-9.1 packages to rectify urgent security flaws. Discover further details in the DSA-3475-1 announcement.
Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system

Summary

CVE-2015-5288

Josh Kupershmidt discovered a vulnerability in the crypt() function
in the pgCrypto extension. Certain invalid salt arguments can cause
the server to crash or to disclose a few bytes of server memory.

CVE-2016-0766

A privilege escalation vulnerability for users of PL/Java was
discovered. Certain custom configuration settings (GUCs) for PL/Java
will now be modifiable only by the database superuser to mitigate
this issue.

CVE-2016-0773

Tom Lane and Greg Stark discovered a flaw in the way PostgreSQL
processes specially crafted regular expressions. Very large
character ranges in bracket expressions could cause infinite
loops or memory overwrites. A remote attacker can exploit this
flaw to cause a denial of service or, potentially, to execute
arbitrary code.

For the oldstable distribution (wheezy), these problems have been fixed
in version 9.1.20-0+deb7u1.

We recommend that you upgrade your postgresql-9.1 packages.

Further information about ...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: postgresql-9.1
CVE ID: CVE-2015-5288 CVE-2016-0766 CVE-2016-0773

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.