Bugzilla – Bug 916953
VUL-0: CVE-2014-8161, CVE-2015-0241, CVE-2015-0243, CVE-2015-0244: postgresql91,postgresql,postgresql93: Tracker bug for multiple issues
Last modified: 2015-09-16 11:38:56 UTC
- Fix buffer overruns in to_char() (Bruce Momjian) When to_char() processes a numeric formatting template calling for a large number of digits, PostgreSQL would read past the end of a buffer. When processing a crafted timestamp formatting template, PostgreSQL would write past the end of a buffer. Either case could crash the server. We have not ruled out the possibility of attacks that lead to privilege escalation, though they seem unlikely. (CVE-2015-0241) - Fix buffer overruns in contrib/pgcrypto (Marko Tiikkaja, Noah Misch) Errors in memory size tracking within the pgcrypto module permitted stack buffer overruns and improper dependence on the contents of uninitialized memory. The buffer overrun cases can crash the server, and we have not ruled out the possibility of attacks that lead to privilege escalation. (CVE-2015-0243) - Fix possible loss of frontend/backend protocol synchronization after an error (Heikki Linnakangas) If any error occurred while the server was in the middle of reading a protocol message from the client, it could lose synchronization and incorrectly try to interpret part of the message's data as a new protocol message. An attacker able to submit crafted binary data within a command parameter might succeed in injecting his own SQL commands this way. Statement timeout and query cancellation are the most likely sources of errors triggering this scenario. Particularly vulnerable are applications that use a timeout and also submit arbitrary user-crafted data as binary query parameters. Disabling statement timeout will reduce, but not eliminate, the risk of exploit. Our thanks to Emil Lenngren for reporting this issue. (CVE-2015-0244) - Fix information leak via constraint-violation error messages (Stephen Frost) Some server error messages show the values of columns that violate a constraint, such as a unique constraint. If the user does not have SELECT privilege on all columns of the table, this could mean exposing values that the user should not be able to see. Adjust the code so that values are displayed only when they came from the SQL command or could be selected by the user. (CVE-2014-8161) References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0244 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8161 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0243 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0241 http://www.debian.org/security/2015/dsa-3155 http://cve.mitre.org/cgi-bin/cvename.cgi?name= http://cve.mitre.org/cgi-bin/cvename.cgi?name= http://cve.mitre.org/cgi-bin/cvename.cgi?name= http://cve.mitre.org/cgi-bin/cvename.cgi?name=
bugbot adjusting priority
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-03-05. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/60742
This is an autogenerated message for OBS integration: This bug (916953) was mentioned in https://build.opensuse.org/request/show/287000 13.2 / postgresql93-libs+postgresql93
openSUSE-SU-2015:0414-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 916953 CVE References: CVE-2014-8161,CVE-2015-0241,CVE-2015-0243,CVE-2015-0244 Sources used: openSUSE 13.2 (src): postgresql93-9.3.6-2.4.1, postgresql93-libs-9.3.6-2.4.1
SUSE-SU-2015:0478-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 888564,916953 CVE References: CVE-2014-8161,CVE-2015-0241,CVE-2015-0243,CVE-2015-0244 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): postgresql93-libs-9.3.6-5.1 SUSE Linux Enterprise Server 12 (src): postgresql93-9.3.6-5.2, postgresql93-libs-9.3.6-5.1 SUSE Linux Enterprise Desktop 12 (src): postgresql93-9.3.6-5.2, postgresql93-libs-9.3.6-5.1
I'd like to request a backport of this to postgresql 8.3.20 for SLES11SP1 and SLES11SP3.
Hello SUSE, ... I also got the question when the postgresql update for SLES11 SP3 will be available ... ... please advise. Thanks in advance for your support.
SUSE-SU-2015:0639-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 916953 CVE References: CVE-2014-8161,CVE-2015-0241,CVE-2015-0243,CVE-2015-0244 Sources used: SUSE Manager Server (src): postgresql91-9.1.15-0.3.1 SUSE Linux Enterprise Software Development Kit 11 SP3 (src): postgresql91-libs-9.1.15-0.3.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): postgresql91-9.1.15-0.3.1, postgresql91-libs-9.1.15-0.3.1 SUSE Linux Enterprise Server 11 SP3 (src): postgresql91-9.1.15-0.3.1, postgresql91-libs-9.1.15-0.3.1 SUSE Linux Enterprise Desktop 11 SP3 (src): postgresql91-9.1.15-0.3.1, postgresql91-libs-9.1.15-0.3.1
So postgresql92 for openSUSE is still missing this fix, everything else seems fixed.
lets close anyway.