Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Debian: DSA-3477-2 Critical: PostgreSQL-9.4 Denial Of Service Exploits

debian
Calendar Grey February 13, 2016
Scroller Debian
PostgreSQL-9.4 obtains vital patches targeting serious vulnerabilities. Update now to enhance protection.
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system

Summary

CVE-2016-0766

A privilege escalation vulnerability for users of PL/Java was
discovered. Certain custom configuration settings (GUCs) for PL/Java
will now be modifiable only by the database superuser to mitigate
this issue.

CVE-2016-0773

Tom Lane and Greg Stark discovered a flaw in the way PostgreSQL
processes specially crafted regular expressions. Very large
character ranges in bracket expressions could cause infinite
loops or memory overwrites. A remote attacker can exploit this
flaw to cause a denial of service or, potentially, to execute
arbitrary code.

For the stable distribution (jessie), these problems have been fixed in
version 9.4.6-0+deb8u1.

We recommend that you upgrade your postgresql-9.4 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: postgresql-9.4
CVE ID: CVE-2016-0766 CVE-2016-0773

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.