Josh Kupershmidt discovered the pgCrypto extension could expose
several bytes of server memory if the crypt() function was provided a
too-short salt. An attacker could use this flaw to read private data.
(CVE-2015-5288)
Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust
available stack space. An attacker could use this flaw to perform a denial
of service attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu
15.04. (CVE-2015-5289)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 15.04 | noarch | postgresql-9.4 | <Â 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libecpg-compat3 | <Â 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libecpg-compat3-dbgsym | <Â 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libecpg-dev | <Â 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libecpg-dev-dbgsym | <Â 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libecpg6 | <Â 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libecpg6-dbgsym | <Â 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libpgtypes3 | <Â 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libpgtypes3-dbgsym | <Â 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libpq-dev | <Â 9.4.5-0ubuntu0.15.04 | UNKNOWN |