292 matches found
FreeBSD : PostgreSQL -- minor security problems. (fc38cd83-00b3-11e5-8ebd-0026551a22dc)
PostgreSQL project reports : This update fixes three security vulnerabilities reported in PostgreSQL over the past few months. Nether of these issues is seen as particularly urgent. However, users should examine them in case their installations are vulnerable:. - CVE-2015-3165 Double 'free' after...
USN-2621-1: PostgreSQL vulnerabilities
Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled authentication timeouts. A remote attacker could use this flaw to cause the unauthenticated session to crash, possibly leading to a security issue. CVE-2015-3165 Noah Misch discovered that PostgreSQL incorrectly handled certain...
USN-2621-1 postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities
Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled authentication timeouts. A remote attacker could use this flaw to cause the unauthenticated session to crash, possibly leading to a security issue. CVE-2015-3165 Noah Misch discovered that PostgreSQL incorrectly handled certain...
Debian Security Advisory DSA 3270-1 (postgresql-9.4 - security update)
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 Information exposure The replacement implementation of snprintf failed...
Debian Security Advisory DSA 3269-1 (postgresql-9.1 - security update)
Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 Information exposure The replacement implementation of snprintf failed...
CVE-2015-3167
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack...
Vulnerability in contrib module (CVE-2015-3167)
pgcrypto has multiple error messages for decryption with an incorrect key...
DSA-3269-1 postgresql-9.1 - security update
Bulletin has no description...
DSA-3270-1 postgresql-9.4 - security update
Bulletin has no description...
SUSE SLED12 / SLES12 Security Update : postgresql93 (SUSE-SU-2015:0478-1)
postgresql93 was updated to version 9.3.6 to fix four security issues. These security issues were fixed : - CVE-2015-0241: Fix buffer overruns in tochar bnc916953. - CVE-2015-0243: Fix buffer overruns in contrib/pgcrypto bnc916953. - CVE-2015-0244: Fix possible loss of frontend/backend protocol...
postgresql: buffer overflow flaws in contrib/pgcrypto
A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL...
Medium: postgresql8
Issue Overview: An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages...
PostgreSQL -- minor security problems.
PostgreSQL project reports: This update fixes three security vulnerabilities reported in PostgreSQL over the past few months. Nether of these issues is seen as particularly urgent. However, users should examine them in case their installations are vulnerable:. CVE-2015-3165 Double "free" after...
RHEL 6 / 7 : postgresql (RHSA-2015:0750)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0750 advisory. PostgreSQL is an advanced object-relational database management system DBMS. An information leak flaw was found in the way the PostgreSQ...
Scientific Linux Security Update : postgresql on SL6.x, SL7.x i386/x86_64 (20150330)
An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the...
postgresql: buffer overflow flaws in contrib/pgcrypto
A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL...
postgresql: buffer overflow flaws in contrib/pgcrypto
A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL...
Amazon Linux AMI : postgresql93 (ALAS-2015-485)
A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. CVE-2015-0243 A flaw was found in way PostgreSQL...
Mandriva Linux Security Advisory : postgresql (MDVSA-2015:048)
Multiple vulnerabilities has been discovered and corrected in postgresql : Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions CVE-2014-8161. Andres...
USN-2499-1 postgresql-8.4, postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities
Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions. CVE-2014-8161 Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly...