292 matches found
Medium: postgresql8
Issue Overview: A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. CVE-2015-5288 Affected Packages: postgresql8 Issue Correction: Run yum update postgresql8 o...
The vulnerability of the PostgreSQL database management system allows a attacker to cause a service failure or read arbitrary portions of the server’s memory.
The vulnerability of the crypt function in the contrib/pgcrypto component of the PostgreSQL database management system is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor to cause service failures or read arbitrary portions of the...
postgresql: limited memory disclosure flaw in crypt()
A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory...
postgresql: limited memory disclosure flaw in crypt()
A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory...
Moderate: Red Hat Security Advisory: postgresql92-postgresql security update
Updated postgresql92-postgresql packages that fix two security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...
postgresql: limited memory disclosure flaw in crypt()
A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory...
Mageia: Security Advisory (MGASA-2015-0420)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : postgresql92 / postgresql93,postgresql94 (ALAS-2015-609)
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service server crash via unspecified vectors, which are not properly handled in 1 json or 2 jsonb values. CVE-2015-5289 The crypt function in...
MGASA-2015-0420 Updated postgresql packages fix security vulnerabilities
Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt function was provided a too-short salt. An attacker could use this flaw to read private data. CVE-2015-5288 Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust...
Updated postgresql packages fix security vulnerabilities
Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt function was provided a too-short salt. An attacker could use this flaw to read private data. CVE-2015-5288 Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust...
CVE-2015-5288
CVE-2015-5288 concerns the crypt() function in PostgreSQL’s pgcrypto extension. A too-short salt argument can cause the server to crash or disclose a small amount of server memory, enabling a denial-of-service or memory exposure under affected builds. Affected versions (per the CVE entry) include...
Debian DSA-3374-1 : postgresql-9.4 - security update
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. - CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory. ...
[SECURITY] [DSA 3374-1] postgresql-9.4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3374-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 19, 2015 https://www.debian.org/security/faq -...
DSA-3374-1 postgresql-9.4 - security update
Bulletin has no description...
DLA-329-1 postgresql-8.4 - security update
Bulletin has no description...
USN-2772-1 postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities
Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt function was provided a too-short salt. An attacker could use this flaw to read private data. CVE-2015-5288 Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust...
USN-2772-1: PostgreSQL vulnerabilities
Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt function was provided a too-short salt. An attacker could use this flaw to read private data. CVE-2015-5288 Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust...
Ubuntu 14.04 LTS : PostgreSQL vulnerabilities (USN-2772-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2772-1 advisory. Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt function was provided a too-short salt. An...
PostgreSQL Memory Read Vulnerability
PostgreSQL is an object-relational database management system that supports an extended subset of SQL standards. A security vulnerability exists in PostgreSQL that allows remote attackers to exploit a vulnerability by submitting special data to the pgCrypto extension's crypt function to read the...
PostgreSQL -- minor security problems.
PostgreSQL project reports: Two security issues have been fixed in this release which affect users of specific PostgreSQL features. CVE-2015-5289 json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. CVE-2015-5288: The cryp...