GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Jul 18, 2015 1:26 pm Post subject: [ GLSA 201507-20 ] PostgreSQL |
|
|
Gentoo Linux Security Advisory
Title: PostgreSQL: Multiple vulnerabilities (GLSA 201507-20)
Severity: normal
Exploitable: remote
Date: July 18, 2015
Updated: August 22, 2015
Bug(s): #539018, #550172
ID: 201507-20
Synopsis
Multiple vulnerabilities have been found in PostgreSQL, the worst
of which could result in execution of arbitrary code or privilege
escalation.
Background
PostgreSQL is an open source object-relational database management
system.
Affected Packages
Package: dev-db/postgresql
Vulnerable: < 9.4.3
Unaffected: >= 9.0.21 < 9.0.22
Unaffected: >= 9.1.17 < 9.1.18
Unaffected: >= 9.2.12 < 9.2.13
Unaffected: >= 9.3.8 < 9.3.9
Unaffected: >= 9.4.3
Unaffected: >= 9.0.22 < 9.0.23
Unaffected: >= 9.0.23 < 9.0.24
Unaffected: >= 9.0.24 < 9.0.25
Unaffected: >= 9.1.18 < 9.1.19
Unaffected: >= 9.1.19 < 9.1.20
Unaffected: >= 9.1.20 < 9.1.21
Unaffected: >= 9.2.13 < 9.2.14
Unaffected: >= 9.2.14 < 9.2.15
Unaffected: >= 9.2.15 < 9.2.16
Unaffected: >= 9.3.9 < 9.3.10
Unaffected: >= 9.3.10 < 9.3.11
Unaffected: >= 9.3.11 < 9.3.12
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in PostgreSQL. Please
review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition or
escalate privileges.
Workaround
There is no known workaround at this time.
Resolution
All PostgreSQL 9.0.x users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.0.21"
| All PostgreSQL 9.1.x users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.1.17"
| All PostgreSQL 9.2.x users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.2.12"
| All PostgreSQL 9.3.x users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.3.8"
| All PostgreSQL 9.4.x users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.4.3"
|
References
CVE-2014-8161
CVE-2015-0241
CVE-2015-0242
CVE-2015-0243
CVE-2015-0244
CVE-2015-3165
CVE-2015-3166
CVE-2015-3167
Last edited by GLSA on Sun Aug 23, 2015 4:17 am; edited 1 time in total |
|