Mandriva Linux Security Advisory 2015-110 - Updated postgresql packages fix multiple security vulnerabilities.
cd647c5ff4321218c25352d015eb51dfa7a69e9781099b68aae8665b6a5a10deApple Security Advisory 2014-10-16-3 - OS X Server 4.0 is now available and addresses vulnerabilities in BIND, Wiki server, Xcode server, PostgreSQL, and various other software.
1dbaa2d9e56d6c022558d94920c0f6e967f065a4281ff33a22add0e19be6d2f7Apple Security Advisory 2014-09-17-5 - OS X Server 3.2.1 is now available and addresses arbitrary SQL execution, arbitrary javascript execution, and multiple vulnerabilities in PostgreSQL.
4f18e285afca63d358c3d7a3ffde06de29538e44e6c7aa977c662f1620399b41Gentoo Linux Security Advisory 201408-15 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which may allow remote Denial of Service. Versions prior to 9.3.3 are affected.
bafcfd9d037a64e13d657004fbba9cbe2af1f8cbbe7b4185af4a965e78b19db5Red Hat Security Advisory 2014-0469-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. A flaw was found in the way Ruby on Rails' actionpack rubygem performed JSON parameter parsing. An application using a third party library, which uses the Rack::Request interface, or custom Rack middleware could bypass the protection implemented to fix the CVE-2013-0155 vulnerability, causing the application to receive unsafe parameters and become vulnerable to CVE-2013-0155.
9e63df1d66cd85532d1dc64685b0473fdfdedf972277fd9d80044d352af74886Red Hat Security Advisory 2014-0249-01 - PostgreSQL is an advanced object-relational database management system. Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.
3787b02c2694cb97d3e446074a2140a66abbac75c5b4d76794db3b0e7791e13fRed Hat Security Advisory 2014-0221-01 - PostgreSQL is an advanced object-relational database management system. Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.
c6ab31b1c26fbb1903badb011f677993cc7b516eaff5de8ef1716a378c7de837Red Hat Security Advisory 2014-0211-01 - PostgreSQL is an advanced object-relational database management system. Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.
b42104045524c5b6c7136d8eb51782dbe945f7f2d689f9496c733b7271a311baUbuntu Security Notice 2120-1 - Noah Misch and Jonas Sundman discovered that PostgreSQL did not correctly enforce ADMIN OPTION restrictions. An authenticated attacker could use this issue to possibly revoke access from others, contrary to expected permissions. Andres Freund discovered that PostgreSQL incorrectly handled validator functions. An authenticated attacker could possibly use this issue to escalate their privileges. Various other issues were also addressed.
039ef81162af14d534e58d3e4c726daecdff46174ce77ce12a5dd6bd5a3dade4Mandriva Linux Security Advisory 2014-047 - Multiple vulnerabilities has been discovered and corrected in postgresql. Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. Various other issues have also been addressed.
c056bd5ca9b35038413312e652959f8070f5e5ff57a1435e0827ea375cacaa0aDebian Linux Security Advisory 2865-1 - Various vulnerabilities were discovered in PostgreSQL.
1e90886f93fefed24a7953c71f5b376443d1842c66045e0c90af12c5d5c348beDebian Linux Security Advisory 2864-1 - Various vulnerabilities were discovered in PostgreSQL.
1867d5a2cd522f7cbb2c54a13eda5771d56c14a038dde227b4ba0af113cc2e61
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed