Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0478-1

Опубликовано: 23 фев. 2015
Источник: suse-cvrf

Описание

Security update for postgresql93

postgresql93 was updated to version 9.3.6 to fix four security issues.

These security issues were fixed:

  • CVE-2015-0241: Fix buffer overruns in to_char() (bnc#916953).
  • CVE-2015-0243: Fix buffer overruns in contrib/pgcrypto (bnc#916953).
  • CVE-2015-0244: Fix possible loss of frontend/backend protocol synchronization after an error (bnc#916953).
  • CVE-2014-8161: Fix information leak via constraint-violation error messages (bnc#916953).

This non-security issue was fixed:

  • Move the server socket from /tmp to /var/run to avoid problems with clients that use PrivateTmp (bnc#888564).

More information is available at http://www.postgresql.org/docs/9.3/static/release-9-3-6.html

Список пакетов

SUSE Linux Enterprise Desktop 12
libecpg6-9.3.6-5.1
libpq5-9.3.6-5.1
libpq5-32bit-9.3.6-5.1
postgresql93-9.3.6-5.2
SUSE Linux Enterprise Server 12
libecpg6-9.3.6-5.1
libpq5-9.3.6-5.1
libpq5-32bit-9.3.6-5.1
postgresql93-9.3.6-5.2
postgresql93-contrib-9.3.6-5.2
postgresql93-docs-9.3.6-5.2
postgresql93-server-9.3.6-5.2
SUSE Linux Enterprise Server for SAP Applications 12
libecpg6-9.3.6-5.1
libpq5-9.3.6-5.1
libpq5-32bit-9.3.6-5.1
postgresql93-9.3.6-5.2
postgresql93-contrib-9.3.6-5.2
postgresql93-docs-9.3.6-5.2
postgresql93-server-9.3.6-5.2
SUSE Linux Enterprise Software Development Kit 12
postgresql93-devel-9.3.6-5.1

Ссылки

Описание

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libecpg6-9.3.6-5.1
SUSE Linux Enterprise Desktop 12:libpq5-32bit-9.3.6-5.1
SUSE Linux Enterprise Desktop 12:libpq5-9.3.6-5.1
SUSE Linux Enterprise Desktop 12:postgresql93-9.3.6-5.2
Ссылки

Описание

The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libecpg6-9.3.6-5.1
SUSE Linux Enterprise Desktop 12:libpq5-32bit-9.3.6-5.1
SUSE Linux Enterprise Desktop 12:libpq5-9.3.6-5.1
SUSE Linux Enterprise Desktop 12:postgresql93-9.3.6-5.2
Ссылки

Описание

Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libecpg6-9.3.6-5.1
SUSE Linux Enterprise Desktop 12:libpq5-32bit-9.3.6-5.1
SUSE Linux Enterprise Desktop 12:libpq5-9.3.6-5.1
SUSE Linux Enterprise Desktop 12:postgresql93-9.3.6-5.2
Ссылки

Описание

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libecpg6-9.3.6-5.1
SUSE Linux Enterprise Desktop 12:libpq5-32bit-9.3.6-5.1
SUSE Linux Enterprise Desktop 12:libpq5-9.3.6-5.1
SUSE Linux Enterprise Desktop 12:postgresql93-9.3.6-5.2
Ссылки
Уязвимость SUSE-SU-2015:0478-1