drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in PostgreSQL
Name: |
Zwei Probleme in PostgreSQL |
|
ID: |
USN-2772-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 15.04 |
|
Datum: |
Fr, 16. Oktober 2015, 08:19 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5288 |
|
Applikationen: |
PostgreSQL |
|
Originalnachricht |
--===============9124689560688396910== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ADZbWkCsHQ7r3kzd" Content-Disposition: inline
--ADZbWkCsHQ7r3kzd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-2772-1 October 16, 2015
postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
PostgreSQL could be made to crash or expose private information if it handled specially crafted data.
Software Description: - postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database
Details:
Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt() function was provided a too-short salt. An attacker could use this flaw to read private data. (CVE-2015-5288)
Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust available stack space. An attacker could use this flaw to perform a denial of service attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-5289)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: postgresql-9.4 9.4.5-0ubuntu0.15.04
Ubuntu 14.04 LTS: postgresql-9.3 9.3.10-0ubuntu0.14.04
Ubuntu 12.04 LTS: postgresql-9.1 9.1.19-0ubuntu0.12.04
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2772-1 CVE-2015-5288, CVE-2015-5289
Package Information: https://launchpad.net/ubuntu/+source/postgresql-9.4/9.4.5-0ubuntu0.15.04 https://launchpad.net/ubuntu/+source/postgresql-9.3/9.3.10-0ubuntu0.14.04 https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.19-0ubuntu0.12.04
--ADZbWkCsHQ7r3kzd Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBAgAGBQJWIJYbAAoJEPMhclmdjS6XWxcH/RD2VTM+y10b670JzNaM9Di0 ofFUV6JWNklZJq3uPIwUTLhk2Kj5Rwzmjog6ePmwwG4jt1MQlYXi5ZoQUaAB+UcP wW9xT1++pzipDDvu8IpmUVdWA/sIaTKmc65XxhHms5lCv/pplTUSNjSPlFK9DgZH vEYrIwUtrFm+78E6UBw+XVKb0oN/4t2UeFoV+uJmch7hbQk5/FQLLU3NClEvocEE 6f+m1oxpx2v9+kj8QTU6/guO+kkh+YPBUZfAQ5JtKmVX5Z/RnSpNAVfqn47sZ2Yt nGP1lUOatICZ5TcaZNZR2xZRQ8+7gYeT/nj3b3TJl2g49x3/5d3ZCV729P4STSI= =VzUg -----END PGP SIGNATURE-----
--ADZbWkCsHQ7r3kzd--
--===============9124689560688396910== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============9124689560688396910==--
|
|
|
|