Explore top 10 tips to secure your open-source projects now. Read More
×CVE-2015-5288
Josh Kupershmidt discovered a vulnerability in the crypt() function
in the pgCrypto extension. Certain invalid salt arguments can cause
the server to crash or to disclose a few bytes of server memory.
CVE-2016-0766
A privilege escalation vulnerability for users of PL/Java was
discovered. Certain custom configuration settings (GUCs) for PL/Java
will now be modifiable only by the database superuser to mitigate
this issue.
CVE-2016-0773
Tom Lane and Greg Stark discovered a flaw in the way PostgreSQL
processes specially crafted regular expressions. Very large
character ranges in bracket expressions could cause infinite
loops or memory overwrites. A remote attacker can exploit this
flaw to cause a denial of service or, potentially, to execute
arbitrary code.
For the oldstable distribution (wheezy), these problems have been fixed
in version 9.1.20-0+deb7u1.
We recommend that you upgrade your postgresql-9.1 packages.
Further information about ...
Get the latest Linux and open source security news straight to your inbox.