MGASA-2015-0420

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0420.html

Import Source

https://advisories.mageia.org/MGASA-2015-0420.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0420

Upstream

CVE-2015-5288

CVE-2015-5289

Published

2015-11-02T20:21:29Z

Modified

2026-04-16T06:24:03.866484073Z

Summary

Updated postgresql packages fix security vulnerabilities

Details

Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt() function was provided a too-short salt. An attacker could use this flaw to read private data. (CVE-2015-5288)

Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust available stack space. An attacker could use this flaw to perform a denial of service attack. (CVE-2015-5289)

The postgresql9.3 and postgresql9.4 packages have been updated to versions 9.3.10 and 9.4.5, respectively, to fix these issues. See the upstream release notes for more details.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / postgresql9.3

Package

Name: postgresql9.3
Purl: pkg:rpm/mageia/postgresql9.3?arch=source&distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.3.10-1.mga5

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0420.json"

Mageia:5 / postgresql9.4

Package

Name: postgresql9.4
Purl: pkg:rpm/mageia/postgresql9.4?arch=source&distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.5-1.mga5

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0420.json"