|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for postgresql RHSA-2015:2078-01|
|Summary:||The remote host is missing an update for the 'postgresql'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'postgresql'
package(s) announced via the referenced advisory.
PostgreSQL is an advanced object-relational
database management system (DBMS).
A memory leak error was discovered in the crypt() function of the pgCrypto
extension. An authenticated attacker could possibly use this flaw to
disclose a limited amount of the server memory. (CVE-2015-5288)
A stack overflow flaw was discovered in the way the PostgreSQL core server
processed certain JSON or JSONB input. An authenticated attacker could
possibly use this flaw to crash the server backend by sending specially
crafted JSON or JSONB input. (CVE-2015-5289)
Please note that SSL renegotiation is now disabled by default. For more
information, please refer to PostgreSQL's 2015-10-08 Security Update
Release notes, linked to in the References section.
All PostgreSQL users are advised to upgrade to these updated packages,
which correct these issues. If the postgresql service is running, it will
be automatically restarted after installing this update.
postgresql on Red Hat Enterprise Linux Server (v. 7)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2015-5288|
BugTraq ID: 77049
Debian Security Information: DSA-3374 (Google Search)
Debian Security Information: DSA-3475 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:0677 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:1907 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:1919 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-5289
BugTraq ID: 77048
|Copyright||Copyright (C) 2015 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.