MGASA-2016-0136 Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: A vulnerability in PostgreSQL 9.3.x before 9.3.12 and 9.4.x before 9.4.7 leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed und...

CVE-2016-3065

The 1 brinpagetype and 2 brinmetapageinfo functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service server crash via a crafted byte...

CVE-2016-3065

The 1 brinpagetype and 2 brinmetapageinfo functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service server crash via a crafted byte...

CVE-2016-3065

The 1 brinpagetype and 2 brinmetapageinfo functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service server crash via a crafted byte...

USN-2869-1 openssh vulnerabilities

It was discovered that the OpenSSH client experimental support for resuming connections contained multiple security issues. A malicious server could use this issue to leak client memory to the server, including private client user keys...

Moderate: Red Hat Security Advisory: samba security update

Updated samba packages that fix multiple security issues are now available for Red Hat Gluster Storage 3.1 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

postgresql: limited memory disclosure flaw in crypt()

A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory...

openSUSE Security Update : postgresql92 (openSUSE-2015-708)

postgresql92 was updated to version 9.2.14 to fix one security issue. This security issue was fixed : - CVE-2015-5288: The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allowed attackers to cau...

Command injection

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service server crash or read arbitrary server memory via a "too-short" salt...

CVE-2015-5288

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service server crash or read arbitrary server memory via a "too-short" salt...

Amazon Linux: Security Advisory (ALAS-2015-494)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

php: buffer over-read in Phar metadata parsing

A buffer over-read flaw was found in PHP's phar PHP Archive paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory...

php: use after free in phar_object.c

A use-after-free flaw was found in PHP's phar PHP Archive paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory...

Amazon Linux AMI : php56 (ALAS-2015-511)

A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. CVE-2015-1351 A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pginsert or pgselect could...

Amazon Linux AMI : php55 (ALAS-2015-494) (GHOST)

A heap-based buffer overflow was found in glibc's nsshostnamedigitsdots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the...

php: SPL Iterators use-after-free

A use-after-free flaw was found in the way PHP handled certain Standard PHP Library SPL Iterators. A malicious script author could possibly use this flaw to disclose certain portions of server memory...

php: ArrayIterator use-after-free due to object change during sorting

A use-after-free flaw was found in the way PHP handled certain ArrayIterators. A malicious script author could possibly use this flaw to disclose certain portions of server memory...

php: ArrayIterator use-after-free due to object change during sorting

A use-after-free flaw was found in the way PHP handled certain ArrayIterators. A malicious script author could possibly use this flaw to disclose certain portions of server memory...

php: type confusion issue in phpinfo() leading to information leak

A type confusion issue was found in PHP's phpinfo function. A malicious script author could possibly use this flaw to disclose certain portions of server memory...

php: SPL Iterators use-after-free

A use-after-free flaw was found in the way PHP handled certain Standard PHP Library SPL Iterators. A malicious script author could possibly use this flaw to disclose certain portions of server memory...