{"id":"MGASA-2015-0069","summary":"Updated postgresql packages fix security vulnerabilities","details":"Updated postgresql packages fix security vulnerabilities:\n\nA user with limited clearance on a table might have access to information in\ncolumns without SELECT rights on through server error messages\n(CVE-2014-8161).\n\nThe function to_char() might read/write past the end of a buffer. This might\ncrash the server when a formatting template is processed (CVE-2015-0241).\n\nThe pgcrypto module is vulnerable to stack buffer overrun that might crash\nthe server (CVE-2015-0243).\n\nEmil Lenngren reported that an attacker can inject SQL commands when the\nsynchronization between client and server is lost (CVE-2015-0244).\n\nThis update provides PostgreSQL versions 9.3.6, 9.2.10, 9.1.15, and\n9.0.19 that fix these issues, as well as several others.\n","modified":"2026-04-16T06:24:07.102006912Z","published":"2015-02-17T18:38:13Z","upstream":["CVE-2014-8161","CVE-2015-0241","CVE-2015-0242","CVE-2015-0243","CVE-2015-0244"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0069.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15217"},{"type":"WEB","url":"http://www.postgresql.org/about/news/1569/"},{"type":"WEB","url":"https://www.debian.org/security/2015/dsa-3155"}],"affected":[{"package":{"name":"postgresql9.0","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/postgresql9.0?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.19-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0069.json"}},{"package":{"name":"postgresql9.1","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/postgresql9.1?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.1.15-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0069.json"}},{"package":{"name":"postgresql9.2","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/postgresql9.2?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.2.10-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0069.json"}},{"package":{"name":"postgresql9.3","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/postgresql9.3?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.3.6-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0069.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}