Lucene search

UbuntuUSN-2499-1

HistoryFeb 11, 2015 - 12:00 a.m.

PostgreSQL vulnerabilities

2015-02-1100:00:00

ubuntu.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.3%

JSON

Releases

Ubuntu 14.10
Ubuntu 14.04 ESM
Ubuntu 12.04
Ubuntu 10.04

Packages

postgresql-8.4 - Object-relational SQL database
postgresql-9.1 - Object-relational SQL database
postgresql-9.3 - Object-relational SQL database
postgresql-9.4 - Object-relational SQL database

Details

Stephen Frost discovered that PostgreSQL incorrectly displayed certain
values in error messages. An authenticated user could gain access to seeing
certain values, contrary to expected permissions. (CVE-2014-8161)

Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL
incorrectly handled buffers in to_char functions. An authenticated attacker
could possibly use this issue to cause PostgreSQL to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2015-0241)

It was discovered that PostgreSQL incorrectly handled memory in the
pgcrypto extension. An authenticated attacker could possibly use this issue
to cause PostgreSQL to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2015-0243)

Emil Lenngren discovered that PostgreSQL incorrectly handled extended
protocol message reading. An authenticated attacker could possibly use this
issue to cause PostgreSQL to crash, resulting in a denial of service, or
possibly inject query messages. (CVE-2015-0244)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.10noarchpostgresql-9.4< 9.4.1-0ubuntu0.14.10UNKNOWN
Ubuntu14.10noarchlibecpg-compat3< 9.4.1-0ubuntu0.14.10UNKNOWN
Ubuntu14.10noarchlibecpg-dev< 9.4.1-0ubuntu0.14.10UNKNOWN
Ubuntu14.10noarchlibecpg6< 9.4.1-0ubuntu0.14.10UNKNOWN
Ubuntu14.10noarchlibpgtypes3< 9.4.1-0ubuntu0.14.10UNKNOWN
Ubuntu14.10noarchlibpq-dev< 9.4.1-0ubuntu0.14.10UNKNOWN
Ubuntu14.10noarchlibpq5< 9.4.1-0ubuntu0.14.10UNKNOWN
Ubuntu14.10noarchpostgresql-9.4-dbg< 9.4.1-0ubuntu0.14.10UNKNOWN
Ubuntu14.10noarchpostgresql-client-9.4< 9.4.1-0ubuntu0.14.10UNKNOWN
Ubuntu14.10noarchpostgresql-contrib-9.4< 9.4.1-0ubuntu0.14.10UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	14.10	noarch	postgresql-9.4	< 9.4.1-0ubuntu0.14.10	UNKNOWN
Ubuntu	14.10	noarch	libecpg-compat3	< 9.4.1-0ubuntu0.14.10	UNKNOWN
Ubuntu	14.10	noarch	libecpg-dev	< 9.4.1-0ubuntu0.14.10	UNKNOWN
Ubuntu	14.10	noarch	libecpg6	< 9.4.1-0ubuntu0.14.10	UNKNOWN
Ubuntu	14.10	noarch	libpgtypes3	< 9.4.1-0ubuntu0.14.10	UNKNOWN
Ubuntu	14.10	noarch	libpq-dev	< 9.4.1-0ubuntu0.14.10	UNKNOWN
Ubuntu	14.10	noarch	libpq5	< 9.4.1-0ubuntu0.14.10	UNKNOWN
Ubuntu	14.10	noarch	postgresql-9.4-dbg	< 9.4.1-0ubuntu0.14.10	UNKNOWN
Ubuntu	14.10	noarch	postgresql-client-9.4	< 9.4.1-0ubuntu0.14.10	UNKNOWN
Ubuntu	14.10	noarch	postgresql-contrib-9.4	< 9.4.1-0ubuntu0.14.10	UNKNOWN