MGASA-2015-0069
- Source
- https://advisories.mageia.org/MGASA-2015-0069.html
- Import Source
- https://advisories.mageia.org/MGASA-2015-0069.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2015-0069
- Upstream
- Published
- 2015-02-17T18:38:13Z
- Modified
- 2026-04-16T06:24:07.102006912Z
- Summary
- Updated postgresql packages fix security vulnerabilities
- Details
-
Updated postgresql packages fix security vulnerabilities:
A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages (CVE-2014-8161).
The function to_char() might read/write past the end of a buffer. This might crash the server when a formatting template is processed (CVE-2015-0241).
The pgcrypto module is vulnerable to stack buffer overrun that might crash the server (CVE-2015-0243).
Emil Lenngren reported that an attacker can inject SQL commands when the synchronization between client and server is lost (CVE-2015-0244).
This update provides PostgreSQL versions 9.3.6, 9.2.10, 9.1.15, and 9.0.19 that fix these issues, as well as several others.
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:4 / postgresql9.0
Package
- Name
- postgresql9.0
- Purl
- pkg:rpm/mageia/postgresql9.0?arch=source&distro=mageia-4
Mageia:4 / postgresql9.1
Package
- Name
- postgresql9.1
- Purl
- pkg:rpm/mageia/postgresql9.1?arch=source&distro=mageia-4
Mageia:4 / postgresql9.2
Package
- Name
- postgresql9.2
- Purl
- pkg:rpm/mageia/postgresql9.2?arch=source&distro=mageia-4
Mageia:4 / postgresql9.3
Package
- Name
- postgresql9.3
- Purl
- pkg:rpm/mageia/postgresql9.3?arch=source&distro=mageia-4