Ubuntu alert USN-2894-1 (postgresql-9.1, postgresql-9.3, postgresql-9.4)
| From: | Marc Deslauriers <marc.deslauriers@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-2894-1] PostgreSQL vulnerabilities | |
| Date: | Thu, 11 Feb 2016 13:22:05 -0500 | |
| Message-ID: | <56BCD14D.30105@canonical.com> |
========================================================================== Ubuntu Security Notice USN-2894-1 February 11, 2016 postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: PostgreSQL could be made to crash or run programs if it handled specially crafted data. Software Description: - postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Details: It was discovered that PostgreSQL incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2016-0773) It was discovered that PostgreSQL incorrectly handled certain configuration settings (GUCS) for users of PL/Java. A remote attacker could possibly use this issue to escalate privileges. (CVE-2016-0766) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: postgresql-9.4 9.4.6-0ubuntu0.15.10 Ubuntu 14.04 LTS: postgresql-9.3 9.3.11-0ubuntu0.14.04 Ubuntu 12.04 LTS: postgresql-9.1 9.1.20-0ubuntu0.12.04 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2894-1 CVE-2016-0766, CVE-2016-0773 Package Information: https://launchpad.net/ubuntu/+source/postgresql-9.4/9.4.6... https://launchpad.net/ubuntu/+source/postgresql-9.3/9.3.1... https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.2... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...