PostgreSQL vulnerabilities

2015-02-11T00:00:00
ID USN-2499-1
Type ubuntu
Reporter Ubuntu
Modified 2015-02-11T00:00:00

Description

Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions. (CVE-2014-8161)

Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly handled buffers in to_char functions. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-0241)

It was discovered that PostgreSQL incorrectly handled memory in the pgcrypto extension. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-0243)

Emil Lenngren discovered that PostgreSQL incorrectly handled extended protocol message reading. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly inject query messages. (CVE-2015-0244)