{"id":"MGASA-2015-0420","summary":"Updated postgresql packages fix security vulnerabilities","details":"Josh Kupershmidt discovered the pgCrypto extension could expose\nseveral bytes of server memory if the crypt() function was provided a\ntoo-short salt. An attacker could use this flaw to read private data.\n(CVE-2015-5288)\n\nOskari Saarenmaa discovered that the json and jsonb handlers could exhaust\navailable stack space. An attacker could use this flaw to perform a denial\nof service attack. (CVE-2015-5289)\n\nThe postgresql9.3 and postgresql9.4 packages have been updated to versions \n9.3.10 and 9.4.5, respectively, to fix these issues.\nSee the upstream release notes for more details.\n","modified":"2026-04-16T06:24:03.866484073Z","published":"2015-11-02T20:21:29Z","upstream":["CVE-2015-5288","CVE-2015-5289"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0420.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=16924"},{"type":"WEB","url":"http://www.postgresql.org/about/news/1615/"},{"type":"WEB","url":"http://www.ubuntu.com/usn/usn-2772-1/"}],"affected":[{"package":{"name":"postgresql9.3","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/postgresql9.3?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.3.10-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0420.json"}},{"package":{"name":"postgresql9.4","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/postgresql9.4?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.4.5-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0420.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}