PostgreSQL 'pgcrypto' Module Buffer Overflow Vulnerability

PostgreSQL is an object-relational database management system that supports an extended subset of SQL standards. A buffer overflow vulnerability exists in the PostgreSQL 'pgcrypto' module due to the program failing to adequately perform boundary checks. An attacker could exploit this vulnerabilit...

Debian DSA-3155-1 : postgresql-9.1 - security update

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. - CVE-2014-8161: Information leak A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages. - CVE-2015-0241: Out of boundaries...

CVE-2015-0243

Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...

UBUNTU-CVE-2015-0243

Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...

postgresql: multiple issues

CVE-2014-8161 information leak Some server error messages show the values of columns that violate a constraint, such as a unique constraint. If the user does not have SELECT privilege on all columns of the table, this could mean exposing values that the user should not be able to see. Adjust the...

FreeBSD : PostgreSQL -- multiple buffer overflows and memory issues (3b40bf2c-ad83-11e4-a2b2-0026551a22dc)

PostgreSQL Project reports : This update fixes multiple security issues reported in PostgreSQL over the past few months. All of these issues require prior authentication, and some require additional conditions, and as such are not considered generally urgent. However, users should examine the lis...

PostgreSQL -- multiple buffer overflows and memory issues

PostgreSQL Project reports: This update fixes multiple security issues reported in PostgreSQL over the past few months. All of these issues require prior authentication, and some require additional conditions, and as such are not considered generally urgent. However, users should examine the list...

Vulnerability in contrib module (CVE-2015-0243)

Memory errors in functions in the pgcrypto extension...

openSUSE Security Update : postgresql (openSUSE-SU-2012:1299-1)

This version upgrade of PostgreSQL fixes following issues : - Bugfix release 9.0.10 : - Fix planner's assignment of executor parameters, and fix executor's rescan logic for CTE plan nodes. - Improve page-splitting decisions in GiST indexes. - Fix cascading privilege revoke to stop if privileges a...

Amazon Linux AMI : postgresql8 (ALAS-2013-244)

An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the...

RedHat Update for postgresql and postgresql84 RHSA-2013:1475-01

Check for the Version of postgresql and postgresql84 OpenVAS Vulnerability Test RedHat Update for postgresql and postgresql84 RHSA-2013:1475-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

CentOS Update for postgresql84 CESA-2013:1475 centos5

Check for the Version of postgresql84 OpenVAS Vulnerability Test CentOS Update for postgresql84 CESA-2013:1475 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

RedHat Update for postgresql and postgresql84 RHSA-2013:1475-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for postgresql CESA-2013:1475 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: postgresql8

Issue Overview: An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server...

postgresql, postgresql84 security update

CentOS Errata and Security Advisory CESA-2013:1475 Updated postgresql and postgresql84 packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability...

postgresql: Improper randomization of pgcrypto functions (requiring random seed)

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."...

Moderate: Red Hat Security Advisory: postgresql and postgresql84 security update

Updated postgresql and postgresql84 packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Amazon Linux AMI : postgresql (ALAS-2011-12)

A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character one with the high bit set had no effect on the hash result, thus...

Amazon Linux AMI : postgresql9 (ALAS-2013-178)

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service file corruption, and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection...