Updated postgresql packages fix security vulnerabilities

2015-02-1721:38:13

Gentoo Foundation

advisories.mageia.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.3%

JSON

Updated postgresql packages fix security vulnerabilities: A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages (CVE-2014-8161). The function to_char() might read/write past the end of a buffer. This might crash the server when a formatting template is processed (CVE-2015-0241). The pgcrypto module is vulnerable to stack buffer overrun that might crash the server (CVE-2015-0243). Emil Lenngren reported that an attacker can inject SQL commands when the synchronization between client and server is lost (CVE-2015-0244). This update provides PostgreSQL versions 9.3.6, 9.2.10, 9.1.15, and 9.0.19 that fix these issues, as well as several others.

OSVersionArchitecturePackageVersionFilename
Mageia4noarchpostgresql9.0< 9.0.19-1postgresql9.0-9.0.19-1.mga4
Mageia4noarchpostgresql9.1< 9.1.15-1postgresql9.1-9.1.15-1.mga4
Mageia4noarchpostgresql9.2< 9.2.10-1postgresql9.2-9.2.10-1.mga4
Mageia4noarchpostgresql9.3< 9.3.6-1postgresql9.3-9.3.6-1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	postgresql9.0	< 9.0.19-1	postgresql9.0-9.0.19-1.mga4
Mageia	4	noarch	postgresql9.1	< 9.1.15-1	postgresql9.1-9.1.15-1.mga4
Mageia	4	noarch	postgresql9.2	< 9.2.10-1	postgresql9.2-9.2.10-1.mga4
Mageia	4	noarch	postgresql9.3	< 9.3.6-1	postgresql9.3-9.3.6-1.mga4