Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.703475 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian Security Advisory DSA 3475-1 (postgresql-9.1 - security update) |
Zusammenfassung: | Several vulnerabilities have been found;in PostgreSQL-9.1, a SQL database system.;;CVE-2015-5288;Josh Kupershmidt discovered a vulnerability in the crypt() function;in the pgCrypto extension. Certain invalid salt arguments can cause;the server to crash or to disclose a few bytes of server memory.;;CVE-2016-0766;A privilege escalation vulnerability for users of PL/Java was;discovered. Certain custom configuration settings (GUCs) for PL/Java;will now be modifiable only by the database superuser to mitigate;this issue.;;CVE-2016-0773;Tom Lane and Greg Stark discovered a flaw in the way PostgreSQL;processes specially crafted regular expressions. Very large;character ranges in bracket expressions could cause infinite;loops or memory overwrites. A remote attacker can exploit this;flaw to cause a denial of service or, potentially, to execute;arbitrary code. |
Beschreibung: | Summary: Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt() function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory. CVE-2016-0766 A privilege escalation vulnerability for users of PL/Java was discovered. Certain custom configuration settings (GUCs) for PL/Java will now be modifiable only by the database superuser to mitigate this issue. CVE-2016-0773 Tom Lane and Greg Stark discovered a flaw in the way PostgreSQL processes specially crafted regular expressions. Very large character ranges in bracket expressions could cause infinite loops or memory overwrites. A remote attacker can exploit this flaw to cause a denial of service or, potentially, to execute arbitrary code. Affected Software/OS: postgresql-9.1 on Debian Linux Solution: For the oldstable distribution (wheezy), these problems have been fixed in version 9.1.20-0+deb7u1. We recommend that you upgrade your postgresql-9.1 packages. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-5288 BugTraq ID: 77049 http://www.securityfocus.com/bid/77049 Debian Security Information: DSA-3374 (Google Search) http://www.debian.org/security/2015/dsa-3374 Debian Security Information: DSA-3475 (Google Search) http://www.debian.org/security/2016/dsa-3475 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172316.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169094.html https://security.gentoo.org/glsa/201701-33 http://www.securitytracker.com/id/1033775 SuSE Security Announcement: SUSE-SU-2016:0677 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html SuSE Security Announcement: openSUSE-SU-2015:1907 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00033.html SuSE Security Announcement: openSUSE-SU-2015:1919 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00040.html http://www.ubuntu.com/usn/USN-2772-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-0766 BugTraq ID: 83184 http://www.securityfocus.com/bid/83184 Debian Security Information: DSA-3476 (Google Search) http://www.debian.org/security/2016/dsa-3476 http://www.securitytracker.com/id/1035005 SuSE Security Announcement: SUSE-SU-2016:0539 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html SuSE Security Announcement: SUSE-SU-2016:0555 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html SuSE Security Announcement: openSUSE-SU-2016:0531 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html SuSE Security Announcement: openSUSE-SU-2016:0578 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html http://www.ubuntu.com/usn/USN-2894-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-0773 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177878.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177820.html RedHat Security Advisories: RHSA-2016:1060 http://rhn.redhat.com/errata/RHSA-2016-1060.html |
Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |