Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0639-1

Опубликовано: 02 мар. 2015
Источник: suse-cvrf

Описание

Security update for postgresql91

The PostgreSQL database server was updated to 9.1.15, fixing bugs and security issues:

* Fix buffer overruns in to_char() (CVE-2015-0241). * Fix buffer overrun in replacement *printf() functions (CVE-2015-0242). * Fix buffer overruns in contrib/pgcrypto (CVE-2015-0243). * Fix possible loss of frontend/backend protocol synchronization after an error (CVE-2015-0244). * Fix information leak via constraint-violation error messages (CVE-2014-8161).

For a comprehensive list of fixes, please refer to the following release notes:

* http://www.postgresql.org/docs/9.1/static/release-9-1-15.html <http://www.postgresql.org/docs/9.1/static/release-9-1-15.html> * http://www.postgresql.org/docs/9.1/static/release-9-1-14.html <http://www.postgresql.org/docs/9.1/static/release-9-1-14.html> * http://www.postgresql.org/docs/9.1/static/release-9-1-13.html <http://www.postgresql.org/docs/9.1/static/release-9-1-13.html>

Security Issues:

* CVE-2015-0241 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241> * CVE-2015-0243 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243> * CVE-2015-0244 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244> * CVE-2014-8161 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161>

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3
libecpg6-9.1.15-0.3.1
libpq5-9.1.15-0.3.1
libpq5-32bit-9.1.15-0.3.1
postgresql91-9.1.15-0.3.1
postgresql91-docs-9.1.15-0.3.1
SUSE Linux Enterprise Server 11 SP3
libecpg6-9.1.15-0.3.1
libpq5-9.1.15-0.3.1
libpq5-32bit-9.1.15-0.3.1
postgresql91-9.1.15-0.3.1
postgresql91-contrib-9.1.15-0.3.1
postgresql91-docs-9.1.15-0.3.1
postgresql91-server-9.1.15-0.3.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
libecpg6-9.1.15-0.3.1
libpq5-9.1.15-0.3.1
libpq5-32bit-9.1.15-0.3.1
postgresql91-9.1.15-0.3.1
postgresql91-contrib-9.1.15-0.3.1
postgresql91-docs-9.1.15-0.3.1
postgresql91-server-9.1.15-0.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
libecpg6-9.1.15-0.3.1
libpq5-9.1.15-0.3.1
libpq5-32bit-9.1.15-0.3.1
postgresql91-9.1.15-0.3.1
postgresql91-contrib-9.1.15-0.3.1
postgresql91-docs-9.1.15-0.3.1
postgresql91-server-9.1.15-0.3.1
SUSE Linux Enterprise Software Development Kit 11 SP3
postgresql91-devel-9.1.15-0.3.1
SUSE Manager 2.1
postgresql91-pltcl-9.1.15-0.3.1

Ссылки

Описание

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libecpg6-9.1.15-0.3.1
SUSE Linux Enterprise Desktop 11 SP3:libpq5-32bit-9.1.15-0.3.1
SUSE Linux Enterprise Desktop 11 SP3:libpq5-9.1.15-0.3.1
SUSE Linux Enterprise Desktop 11 SP3:postgresql91-9.1.15-0.3.1
Ссылки

Описание

The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libecpg6-9.1.15-0.3.1
SUSE Linux Enterprise Desktop 11 SP3:libpq5-32bit-9.1.15-0.3.1
SUSE Linux Enterprise Desktop 11 SP3:libpq5-9.1.15-0.3.1
SUSE Linux Enterprise Desktop 11 SP3:postgresql91-9.1.15-0.3.1
Ссылки

Описание

Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libecpg6-9.1.15-0.3.1
SUSE Linux Enterprise Desktop 11 SP3:libpq5-32bit-9.1.15-0.3.1
SUSE Linux Enterprise Desktop 11 SP3:libpq5-9.1.15-0.3.1
SUSE Linux Enterprise Desktop 11 SP3:postgresql91-9.1.15-0.3.1
Ссылки

Описание

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libecpg6-9.1.15-0.3.1
SUSE Linux Enterprise Desktop 11 SP3:libpq5-32bit-9.1.15-0.3.1
SUSE Linux Enterprise Desktop 11 SP3:libpq5-9.1.15-0.3.1
SUSE Linux Enterprise Desktop 11 SP3:postgresql91-9.1.15-0.3.1
Ссылки
Уязвимость SUSE-SU-2015:0639-1