You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa postgresql

Sigurnosni nedostaci programskog paketa postgresql

by ncert - 0

==========================================================================
Ubuntu Security Notice USN-2894-1
February 11, 2016

postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 15.10
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

PostgreSQL could be made to crash or run programs if it handled specially
crafted data.

Software Description:
– postgresql-9.4: Object-relational SQL database
– postgresql-9.3: Object-relational SQL database
– postgresql-9.1: Object-relational SQL database

Details:

It was discovered that PostgreSQL incorrectly handled certain regular
expressions. A remote attacker could possibly use this issue to cause
PostgreSQL to crash, resulting in a denial of service. (CVE-2016-0773)

It was discovered that PostgreSQL incorrectly handled certain configuration
settings (GUCS) for users of PL/Java. A remote attacker could possibly use
this issue to escalate privileges. (CVE-2016-0766)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
postgresql-9.4 9.4.6-0ubuntu0.15.10

Ubuntu 14.04 LTS:
postgresql-9.3 9.3.11-0ubuntu0.14.04

Ubuntu 12.04 LTS:
postgresql-9.1 9.1.20-0ubuntu0.12.04

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2894-1
CVE-2016-0766, CVE-2016-0773

Package Information:
https://launchpad.net/ubuntu/+source/postgresql-9.4/9.4.6-0ubuntu0.15.10
https://launchpad.net/ubuntu/+source/postgresql-9.3/9.3.11-0ubuntu0.14.04
https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.20-0ubuntu0.12.04

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJWvNFQAAoJEGVp2FWnRL6T+rcP/02VzMTBdYszs1iv5arRuPMf
CjtMh4bNn1wmGQwZkaxbSnjozB+OEtIKIU1Qwmy5k5veRgCSZ53C9uoSRp2CLoA3
Qc5TXYAwKCRTPQzMPsoRlYSwMHcTgE1K7Pi2KUJM/o863+ONTfiuQfMJGx9wO23a
LmySD2I0R0cxGN7AWth0e943oE082ppHC9GI3mqHKvHF56knhavzH6f1c86YvKw+
9yXh1TaQt4dzvKSg7uUWBYv9PBcYzq0VoVoHnHTx56JoIHCxrid0xE3vemDgj1Cm
Q5/OsMvfVxhdv4TY7PZbKPvH2ZiUEUQgMuEIiE1f26JjKBdKTh+ufIwZmPVV2tR6
Trf9Fb6Jkxd2L7wuRWNgnJbuPUXjQZd3/2IfEFiWxmdJQ2XdY9WufALSCoMn6KbU
p0o2Edla7nyRN+bQFoVzKj9TxIgdYwFRg5+DEaSbDXX+ytcmhj5L4WGr1gfZeORK
MoX47Qga2QDXmAmEedOtobSzVcbP+V/WSV8rLYpwjLRz4FZa9cXea6cXBkyKbDYb
Xw2eNClPQtRcjg3JvbgaK3iBM/nVXU1gzZ/dezeJwlJcHPM2N8m+8Jo5ZNcrECPa
LMjXFzwdQpjjIuUqmWOV74Nj+cW8hqTLpR7zA179GJw7aqbinLuWg9r3weK10RU1
UTWrVsTSIa9Yv9GnRdCC
=FDgG
—–END PGP SIGNATURE—–

ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa nginx

Otkriveni su sigurnosni nedostaci u programskom paketu nginx. Otkriveni nedostaci potencijalnim napadačima omogućuju pokretanje proizvoljnog programskog koda i izvođenje napada...

Close