exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2015-048

Mandriva Linux Security Advisory 2015-048
Posted Feb 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-048 - Multiple vulnerabilities has been discovered and corrected in Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions. Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly handled buffers in to_char functions. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PostgreSQL incorrectly handled memory in the pgcrypto extension. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. Emil Lenngren discovered that PostgreSQL incorrectly handled extended protocol message reading. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly inject query messages. This advisory provides the latest version of PostgreSQL that is not vulnerable to these issues.

tags | advisory, denial of service, arbitrary, vulnerability, protocol
systems | linux, mandriva
advisories | CVE-2014-8161, CVE-2015-0241, CVE-2015-0243, CVE-2015-0244
SHA-256 | 634d97dbd89e3a11f0f04718cbf5534aac49ac2bfae32de2e27000b2b448d65e

Mandriva Linux Security Advisory 2015-048

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:048
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : postgresql
Date : February 12, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in
postgresql:

Stephen Frost discovered that PostgreSQL incorrectly displayed
certain values in error messages. An authenticated user could gain
access to seeing certain values, contrary to expected permissions
(CVE-2014-8161).

Andres Freund, Peter Geoghegan and Noah Misch discovered that
PostgreSQL incorrectly handled buffers in to_char functions. An
authenticated attacker could possibly use this issue to cause
PostgreSQL to crash, resulting in a denial of service, or possibly
execute arbitrary code (CVE-2015-0241).

It was discovered that PostgreSQL incorrectly handled memory in the
pgcrypto extension. An authenticated attacker could possibly use this
issue to cause PostgreSQL to crash, resulting in a denial of service,
or possibly execute arbitrary code (CVE-2015-0243).

Emil Lenngren discovered that PostgreSQL incorrectly handled extended
protocol message reading. An authenticated attacker could possibly
use this issue to cause PostgreSQL to crash, resulting in a denial
of service, or possibly inject query messages (CVE-2015-0244).

This advisory provides the latest version of PostgreSQL that is not
vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244
http://www.postgresql.org/docs/9.2/static/release-9-2-10.html
http://www.ubuntu.com/usn/usn-2499-1/
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
c7247e9bed1b4546e0ad8b4642a0c4d6 mbs1/x86_64/lib64ecpg9.2_6-9.2.10-1.mbs1.x86_64.rpm
e201099de82f9e8e506a218bbce83008 mbs1/x86_64/lib64pq9.2_5-9.2.10-1.mbs1.x86_64.rpm
9c4a352c4efe8229f86d86c9dfe4ca7e mbs1/x86_64/postgresql9.2-9.2.10-1.mbs1.x86_64.rpm
ea0dba2757d027a313123de9b9838107 mbs1/x86_64/postgresql9.2-contrib-9.2.10-1.mbs1.x86_64.rpm
41eed84aa37c1b7f7fe04d4847c9353e mbs1/x86_64/postgresql9.2-devel-9.2.10-1.mbs1.x86_64.rpm
1b75d6c7118b01399e5967a19aa4ecd4 mbs1/x86_64/postgresql9.2-docs-9.2.10-1.mbs1.noarch.rpm
571d8991f01cc05e5e9163bf5d7e2983 mbs1/x86_64/postgresql9.2-pl-9.2.10-1.mbs1.x86_64.rpm
1d4e7e9458ae38e364550e1e81f1680b mbs1/x86_64/postgresql9.2-plperl-9.2.10-1.mbs1.x86_64.rpm
c106d7f63f3f83dd797f1fcec7101b7b mbs1/x86_64/postgresql9.2-plpgsql-9.2.10-1.mbs1.x86_64.rpm
3abb3d109b12229f89e1ae2a8f867e4f mbs1/x86_64/postgresql9.2-plpython-9.2.10-1.mbs1.x86_64.rpm
22fa1beffab4ca2180f6aa3506f40dc4 mbs1/x86_64/postgresql9.2-pltcl-9.2.10-1.mbs1.x86_64.rpm
4bd0ab5189b93ac542b2eda0bd9f3b45 mbs1/x86_64/postgresql9.2-server-9.2.10-1.mbs1.x86_64.rpm
00c3b26e5a4567cae6d40caf499836ca mbs1/SRPMS/postgresql9.2-9.2.10-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFU3IqamqjQ0CJFipgRAvITAKDtjC7P+blOE8qdL7HTGKv8h3OaNgCgyies
gblH0pTGn3CX7dPhdYMqcl4=
=QXzy
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    0 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    0 Files
  • 6
    Sep 6th
    0 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close