DSA-3269-2 postgresql-9.1 - regression update

Bulletin has no description...

Ubuntu 14.04 LTS : PostgreSQL vulnerabilities (USN-2621-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2621-1 advisory. Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled authentication timeouts. A remote attacker could use this flaw to cause the...

PostgreSQL 9.0 < 9.0.20 / 9.1 < 9.1.16 / 9.2 < 9.2.11 / 9.3 < 9.3.7 / 9.4 < 9.4.2 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 9.0.x prior to 9.0.20, 9.1.x prior to 9.1.16, 9.2.x prior to 9.2.11, 9.3.x prior to 9.3.7, or 9.4.x prior to 9.4.2. It is, therefore, affected by multiple vulnerabilities : - A double free memory error exists after authentication timeout,...

PostgreSQL pgcrypto Denial of Service Vulnerability

PostgreSQL is an object-relational database management system that supports an extended subset of SQL standards. Failure of PostgreSQL to handle correct key values can result in multiple error messages when pgcrypto is decrypted, allowing remote attackers to exploit the vulnerability by submittin...

FreeBSD : PostgreSQL -- minor security problems. (fc38cd83-00b3-11e5-8ebd-0026551a22dc)

PostgreSQL project reports : This update fixes three security vulnerabilities reported in PostgreSQL over the past few months. Nether of these issues is seen as particularly urgent. However, users should examine them in case their installations are vulnerable:. - CVE-2015-3165 Double 'free' after...

postgresql: multiple issues

CVE-2015-3165 denial of service SSL clients disconnecting just before the authentication timeout expires can cause the server to crash via a double-free issue leading to denial of service. - CVE-2015-3166 information disclosure The replacement implementation of snprintf failed to check for errors...

Debian DSA-3269-1 : postgresql-9.1 - security update

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. - CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. - CVE-2015-3166 Information exposure The replacement implementation of snprintf...

USN-2621-1 postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities

Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled authentication timeouts. A remote attacker could use this flaw to cause the unauthenticated session to crash, possibly leading to a security issue. CVE-2015-3165 Noah Misch discovered that PostgreSQL incorrectly handled certain...

So, you wanna crypto (in AEM)

So another year passed by and I will talk again , ... at the Connect WE conference. This year with Damien Antipa we will have a speech entitled So, you wanna crypto in AEM . Now, is true that even symmetric encryption isn't a “solved problem” but hey we still need to protect information et al : N...

Debian Security Advisory DSA 3269-1 (postgresql-9.1 - security update)

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 Information exposure The replacement implementation of snprintf failed...

Debian Security Advisory DSA 3270-1 (postgresql-9.4 - security update)

Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 Information exposure The replacement implementation of snprintf failed...

Vulnerability in contrib module (CVE-2015-3167)

pgcrypto has multiple error messages for decryption with an incorrect key...

Free Ransomware Decryption and Malware Removal ToolKit

A security researcher has compiled a ransomware removal and rescue kit to help victims deal with ransomware threats and unlock encrypted files without paying off a single penny to the cyber crooks. Ransomware is a growing threat to the evolution of cyber criminals techniques in an attempt to part...

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2615-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2615-1 advisory. Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes xattrs. A local attacker could exploit this fla...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2614-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2614-1 advisory. Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2613-1)

Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network LAN could potential exploit this flaw to cause a denial of service system crash of targeted system. CVE-2014-9715 Jan Beulic...

USN-2615-1: Linux kernel (Utopic HWE) vulnerabilities

Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes xattrs. A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. CVE-2014-9710 A memory corruption issue was discovered in AES decryption when using the...

USN-2613-1: Linux kernel (Trusty HWE) vulnerabilities

Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network LAN could potential exploit this flaw to cause a denial of service system crash of targeted system. CVE-2014-9715 Jan Beulic...

Eraseme Backdoor analysis-vulnerability warning-the black bar safety net

0×0 0 summary This is@neteagle capture a sample of this, curious to ask to come and see, a simple analysis for a moment; this is one with the infection function of backdoors. Due to its propagation name eraseme%d%d%d%d%d.exe so we called Eraseme the back door. This is my first analysis report,...

OracleVM 3.3 : kernel-uek (OVMSA-2015-0060)

The remote OracleVM system is missing necessary patches to address critical security updates : - crypto: aesni - fix memory usage in GCM decryption Stephan Mueller Orabug: 21077385 CVE-2015-3331 - xen/pciback: Don't disable PCICOMMAND on PCI device reset. Konrad Rzeszutek Wilk Orabug: 20807438...