Debian Local Security Checks : Debian Security Advisory DSA 3374-1 (postgresql-9.4

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.703374

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 3374-1 (postgresql-9.4 - security update)

Zusammenfassung: Several vulnerabilities have been;found in PostgreSQL-9.4, a SQL database system.;;CVE-2015-5288;Josh Kupershmidt discovered a vulnerability in the crypt() function;in the pgCrypto extension. Certain invalid salt arguments can cause;the server to crash or to disclose a few bytes of server memory.;;CVE-2015-5289;Oskari Saarenmaa discovered that json or jsonb input values;constructed from arbitrary user input can crash the PostgreSQL;server and cause a denial of service.

Beschreibung: Summary:
Several vulnerabilities have been
found in PostgreSQL-9.4, a SQL database system.

CVE-2015-5288
Josh Kupershmidt discovered a vulnerability in the crypt() function
in the pgCrypto extension. Certain invalid salt arguments can cause
the server to crash or to disclose a few bytes of server memory.

CVE-2015-5289
Oskari Saarenmaa discovered that json or jsonb input values
constructed from arbitrary user input can crash the PostgreSQL
server and cause a denial of service.

Affected Software/OS:
postgresql-9.4 on Debian Linux

Solution:
For the stable distribution (jessie),
these problems have been fixed in version 9.4.5-0+deb8u1.

For the testing distribution (stretch), these problems have been fixed
in version 9.4.5-1.

For the unstable distribution (sid), these problems have been fixed in
version 9.4.5-1.

We recommend that you upgrade your postgresql-9.4 packages.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-5288
BugTraq ID: 77049
http://www.securityfocus.com/bid/77049
Debian Security Information: DSA-3374 (Google Search)
http://www.debian.org/security/2015/dsa-3374
Debian Security Information: DSA-3475 (Google Search)
http://www.debian.org/security/2016/dsa-3475
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172316.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169094.html
https://security.gentoo.org/glsa/201701-33
http://www.securitytracker.com/id/1033775
SuSE Security Announcement: SUSE-SU-2016:0677 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html
SuSE Security Announcement: openSUSE-SU-2015:1907 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-11/msg00033.html
SuSE Security Announcement: openSUSE-SU-2015:1919 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-11/msg00040.html
http://www.ubuntu.com/usn/USN-2772-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-5289
BugTraq ID: 77048
http://www.securityfocus.com/bid/77048

Copyright Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.703374
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 3374-1 (postgresql-9.4 - security update)
Zusammenfassung:	Several vulnerabilities have been;found in PostgreSQL-9.4, a SQL database system.;;CVE-2015-5288;Josh Kupershmidt discovered a vulnerability in the crypt() function;in the pgCrypto extension. Certain invalid salt arguments can cause;the server to crash or to disclose a few bytes of server memory.;;CVE-2015-5289;Oskari Saarenmaa discovered that json or jsonb input values;constructed from arbitrary user input can crash the PostgreSQL;server and cause a denial of service.
Beschreibung:	Summary: Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt() function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory. CVE-2015-5289 Oskari Saarenmaa discovered that json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. Affected Software/OS: postgresql-9.4 on Debian Linux Solution: For the stable distribution (jessie), these problems have been fixed in version 9.4.5-0+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 9.4.5-1. For the unstable distribution (sid), these problems have been fixed in version 9.4.5-1. We recommend that you upgrade your postgresql-9.4 packages. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5288 BugTraq ID: 77049 http://www.securityfocus.com/bid/77049 Debian Security Information: DSA-3374 (Google Search) http://www.debian.org/security/2015/dsa-3374 Debian Security Information: DSA-3475 (Google Search) http://www.debian.org/security/2016/dsa-3475 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172316.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169094.html https://security.gentoo.org/glsa/201701-33 http://www.securitytracker.com/id/1033775 SuSE Security Announcement: SUSE-SU-2016:0677 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html SuSE Security Announcement: openSUSE-SU-2015:1907 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00033.html SuSE Security Announcement: openSUSE-SU-2015:1919 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00040.html http://www.ubuntu.com/usn/USN-2772-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-5289 BugTraq ID: 77048 http://www.securityfocus.com/bid/77048
Copyright	Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net