Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Zwei Probleme in PostgreSQL
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in PostgreSQL
ID: USN-2894-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 15.10
Datum: Do, 11. Februar 2016, 23:02
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0773

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7614751216110194832==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="LeF5DpBXQ3M1bNUQFtj63SXEGgWMNKpPm"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--LeF5DpBXQ3M1bNUQFtj63SXEGgWMNKpPm
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2894-1
February 11, 2016

postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

PostgreSQL could be made to crash or run programs if it handled specially
crafted data.

Software Description:
- postgresql-9.4: Object-relational SQL database
- postgresql-9.3: Object-relational SQL database
- postgresql-9.1: Object-relational SQL database

Details:

It was discovered that PostgreSQL incorrectly handled certain regular
expressions. A remote attacker could possibly use this issue to cause
PostgreSQL to crash, resulting in a denial of service. (CVE-2016-0773)

It was discovered that PostgreSQL incorrectly handled certain configuration
settings (GUCS) for users of PL/Java. A remote attacker could possibly use
this issue to escalate privileges. (CVE-2016-0766)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
postgresql-9.4 9.4.6-0ubuntu0.15.10

Ubuntu 14.04 LTS:
postgresql-9.3 9.3.11-0ubuntu0.14.04

Ubuntu 12.04 LTS:
postgresql-9.1 9.1.20-0ubuntu0.12.04

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2894-1
CVE-2016-0766, CVE-2016-0773

Package Information:
https://launchpad.net/ubuntu/+source/postgresql-9.4/9.4.6-0ubuntu0.15.10
https://launchpad.net/ubuntu/+source/postgresql-9.3/9.3.11-0ubuntu0.14.04
https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.20-0ubuntu0.12.04



--LeF5DpBXQ3M1bNUQFtj63SXEGgWMNKpPm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJWvNFQAAoJEGVp2FWnRL6T+rcP/02VzMTBdYszs1iv5arRuPMf
CjtMh4bNn1wmGQwZkaxbSnjozB+OEtIKIU1Qwmy5k5veRgCSZ53C9uoSRp2CLoA3
Qc5TXYAwKCRTPQzMPsoRlYSwMHcTgE1K7Pi2KUJM/o863+ONTfiuQfMJGx9wO23a
LmySD2I0R0cxGN7AWth0e943oE082ppHC9GI3mqHKvHF56knhavzH6f1c86YvKw+
9yXh1TaQt4dzvKSg7uUWBYv9PBcYzq0VoVoHnHTx56JoIHCxrid0xE3vemDgj1Cm
Q5/OsMvfVxhdv4TY7PZbKPvH2ZiUEUQgMuEIiE1f26JjKBdKTh+ufIwZmPVV2tR6
Trf9Fb6Jkxd2L7wuRWNgnJbuPUXjQZd3/2IfEFiWxmdJQ2XdY9WufALSCoMn6KbU
p0o2Edla7nyRN+bQFoVzKj9TxIgdYwFRg5+DEaSbDXX+ytcmhj5L4WGr1gfZeORK
MoX47Qga2QDXmAmEedOtobSzVcbP+V/WSV8rLYpwjLRz4FZa9cXea6cXBkyKbDYb
Xw2eNClPQtRcjg3JvbgaK3iBM/nVXU1gzZ/dezeJwlJcHPM2N8m+8Jo5ZNcrECPa
LMjXFzwdQpjjIuUqmWOV74Nj+cW8hqTLpR7zA179GJw7aqbinLuWg9r3weK10RU1
UTWrVsTSIa9Yv9GnRdCC
=FDgG
-----END PGP SIGNATURE-----

--LeF5DpBXQ3M1bNUQFtj63SXEGgWMNKpPm--


--===============7614751216110194832==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============7614751216110194832==--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung