============================================================================ Ubuntu Security Notice USN-2894-1 February 11, 2016 postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: PostgreSQL could be made to crash or run programs if it handled specially crafted data. Software Description: - postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Details: It was discovered that PostgreSQL incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2016-0773) It was discovered that PostgreSQL incorrectly handled certain configuration settings (GUCS) for users of PL/Java. A remote attacker could possibly use this issue to escalate privileges. (CVE-2016-0766) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: postgresql-9.4 9.4.6-0ubuntu0.15.10 Ubuntu 14.04 LTS: postgresql-9.3 9.3.11-0ubuntu0.14.04 Ubuntu 12.04 LTS: postgresql-9.1 9.1.20-0ubuntu0.12.04 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2894-1 CVE-2016-0766, CVE-2016-0773 Package Information: https://launchpad.net/ubuntu/+source/postgresql-9.4/9.4.6-0ubuntu0.15.10 https://launchpad.net/ubuntu/+source/postgresql-9.3/9.3.11-0ubuntu0.14.04 https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.20-0ubuntu0.12.04