postgresql: multiple issues

• CVE-2014-8161 (information leak)

Some server error messages show the values of columns that violate a
constraint, such as a unique constraint. If the user does not have
SELECT privilege on all columns of the table, this could mean exposing
values that the user should not be able to see. Adjust the code so that
values are displayed only when they came from the SQL command or could
be selected by the user.

• CVE-2015-0241 (denial of service, privilege escalation)

When to_char() processes a numeric formatting template calling for a
large number of digits, PostgreSQL would read past the end of a buffer.
When processing a crafted timestamp formatting template, PostgreSQL
would write past the end of a buffer. Either case could crash the
server. We have not ruled out the possibility of attacks that lead to
privilege escalation, though they seem unlikely.

• CVE-2015-0243 (denial of service, privilege escalation)

Errors in memory size tracking within the pgcrypto module permitted
stack buffer overruns and improper dependence on the contents of
uninitialized memory. The buffer overrun cases can crash the server, and
we have not ruled out the possibility of attacks that lead to privilege
escalation.

• CVE-2015-0244 (command injection)

If any error occurred while the server was in the middle of reading a
protocol message from the client, it could lose synchronization and
incorrectly try to interpret part of the message’s data as a new
protocol message. An attacker able to submit crafted binary data within
a command parameter might succeed in injecting his own SQL commands this
way. Statement timeout and query cancellation are the most likely
sources of errors triggering this scenario. Particularly vulnerable are
applications that use a timeout and also submit arbitrary user-crafted
data as binary query parameters. Disabling statement timeout will
reduce, but not eliminate, the risk of exploit. Our thanks to Emil
Lenngren for reporting this issue.