MDVSA-2015:048: postgresql

Multiple vulnerabilities has been discovered and corrected in
postgresql:

Stephen Frost discovered that PostgreSQL incorrectly displayed
certain values in error messages. An authenticated user could gain
access to seeing certain values, contrary to expected permissions
(CVE-2014-8161).

Andres Freund, Peter Geoghegan and Noah Misch discovered that
PostgreSQL incorrectly handled buffers in to_char functions. An
authenticated attacker could possibly use this issue to cause
PostgreSQL to crash, resulting in a denial of service, or possibly
execute arbitrary code (CVE-2015-0241).

It was discovered that PostgreSQL incorrectly handled memory in the
pgcrypto extension. An authenticated attacker could possibly use this
issue to cause PostgreSQL to crash, resulting in a denial of service,
or possibly execute arbitrary code (CVE-2015-0243).

Emil Lenngren discovered that PostgreSQL incorrectly handled extended
protocol message reading. An authenticated attacker could possibly
use this issue to cause PostgreSQL to crash, resulting in a denial
of service, or possibly inject query messages (CVE-2015-0244).

This advisory provides the latest version of PostgreSQL that is not
vulnerable to these issues.

Leave a Reply