MGASA-2016-0289 Updated postgresql packages fix security vulnerability

It was discovered that certain SQL statements containing CASE/WHEN commands could crash the PostgreSQL server, or disclose a few bytes of server memory, potentially leading to arbitrary code execution CVE-2016-5423. It was found that PostgreSQL client programs mishandle database and role names...

MGASA-2016-0136 Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: A vulnerability in PostgreSQL 9.3.x before 9.3.12 and 9.4.x before 9.4.7 leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed und...

PostgreSQL Security Bypass Vulnerability (CNVD-2016-02169)

PostgreSQL is a free object-relational database management system developed by the PostgreSQL development group. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A security bypass vulnerability exists in PostgreSQL...

MGASA-2016-0085 Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: PostgreSQL 9.3.x before 9.3.11 and 9.4.x before 9.4.6 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via unspecified vectors CVE-2016-0766...

SUSE-SU-2016:0539-1 Security update for postgresql93

This update for postgresql93 fixes the following issues: - Security and bugfix release 9.3.11: Fix infinite loops and buffer-overrun problems in regular expressions CVE-2016-0773, bsc966436. Fix regular-expression compiler to handle loops of constraint arcs CVE-2007-4772. Prevent certain PL/Java...

SUSE-SU-2016:0482-1 Security update for postgresql94

This update of postgresql94 to 9.4.5 fixes the following issues: CVE-2015-5289: json or jsonb input values constructed from arbitrary user input could have crashed the PostgreSQL server and caused a denial of service bsc949670 CVE-2015-5288: crypt pgCrypto extension couldi potentially be exploite...

SUSE-SU-2016:0389-1 Security update for postgresql91

This update of postgresql91 to 9.1.19 fixes the following issues: CVE-2015-5288: crypt pgCrypto extension couldi potentially be exploited to read a few additional bytes of memory bsc949669 Also contains all changes and bugfixes in the upstream 9.1.19 release:...

Amazon Linux AMI : postgresql92 / postgresql93,postgresql94 (ALAS-2015-609)

Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service server crash via unspecified vectors, which are not properly handled in 1 json or 2 jsonb values. CVE-2015-5289 The crypt function in...

SUSE-SU-2015:1264-1 Security update for postgresql93

PostgreSQL was updated to the security and bugfix release 9.3.8 including 9.3.7. Security issues fixed: CVE-2015-3165, bsc931972: Avoid possible crash when client disconnects just before the authentication timeout expires. CVE-2015-3166, bsc931973: Consistently check for failure of the printf...

SUSE-SU-2015:0478-1 Security update for postgresql93

postgresql93 was updated to version 9.3.6 to fix four security issues. These security issues were fixed: - CVE-2015-0241: Fix buffer overruns in tochar bnc916953. - CVE-2015-0243: Fix buffer overruns in contrib/pgcrypto bnc916953. - CVE-2015-0244: Fix possible loss of frontend/backend protocol...

MGASA-2015-0069 Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages CVE-2014-8161. The function tochar might read/write past the end of a buffer. This might crash the...

openSUSE Security Update : postgresql (openSUSE-SU-2012:0480-1)

Security and bugfix release 9.1.3 : - Require execute permission on the trigger function for 'CREATE TRIGGER' CVE-2012-0866, bnc749299. - Remove arbitrary limitation on length of common name in SSL certificates CVE-2012-0867, bnc749301. - Convert newlines to spaces in names written in pgdump...

MGASA-2014-0222 Updated postgresql packages fix multiple vulnerabilities

Updated postgresql packages fix security vulnerabilities: Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role memb...

CVE-2013-1902

PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X."...

CVE-2012-4575

The adddatabase function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service daemon outage via a long database name in a request...

CentOS 5 : postgresql (CESA-2012:0677)

Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

PostgreSQL 8.x/9.x 存在多个安全漏洞

CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 PostgreSQL是一款对象关系型数据库管理系统，支持扩展的SQL标准子集 PostgreSQL存在多个安全漏洞，允许恶意用户绕过部分安全限制，进行伪造攻击或操作某些数据 -在触发函数上没有对CREATE TRIGGER进行正确的权限检查，可利用此漏洞标记触发函数为SECURITY DEFINER，可授权EXECUTE权限 -在校验SSL证书的公用名时不正确把名称截断为32个字符，可导致不正确校验伪造证书...

BSA-005 Security Update for postgresql-8.4

Gerfried Fuchs uploaded new packages for postgresql-8.4 which fixed the following security problem: CVE-2010-3433 The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before...

[Backports-security-announce] Security Update for postgresql-8.4

Gerfried Fuchs uploaded new packages for postgresql-8.4 which fixed the following security problems: CVE-2010-1169 PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict...

SLES10: Security update for PostgreSQL

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-libs postgresql-pl postgresql-server More details may also be found by searching fo...