Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201408-15
HistoryAug 29, 2014 - 12:00 a.m.

PostgreSQL: Multiple vulnerabilities

2014-08-2900:00:00
Gentoo Foundation
security.gentoo.org
33

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

EPSS

0.971

Percentile

99.8%

JSON

Background

PostgreSQL is an open source object-relational database management system.

Description

Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details.

Impact

A remote authenticated attacker may be able to create a Denial of Service condition, bypass security restrictions, or have other unspecified impact.

Workaround

There is no known workaround at this time.

Resolution

All PostgreSQL 9.3 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.3.3"

All PostgreSQL 9.2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.2.7"

All PostgreSQL 9.1 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.1.12"

All PostgreSQL 9.0 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.0.16"

All PostgreSQL 8.4 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-8.4.20"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-db/postgresql-server< 9.3.3UNKNOWN

Related

openvas 55
nessus 45
centos 4
redhat 5
veracode 4
seebug 4
ubuntu 2
securityvulns 6
amazon 4
oraclelinux 3
kaspersky 2
osv 6
debian 7
mageia 2
freebsd 2
fedora 3
vmware 1
suse 5
nvd 6
cve 6
ubuntucve 6
prion 6
cvelist 6
huawei 4
checkpoint_advisories 1
threatpost 1
metasploit 1
postgresql 2
openvas
openvas
Gentoo Security Advisory GLSA 201408-15
2015-09-29 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-305)
2015-09-08 00:00:00
Oracle: Security Advisory (ELSA-2014-0249)
2015-10-06 00:00:00
nessus
nessus
GLSA-201408-15 : PostgreSQL: Multiple vulnerabilities
2014-08-30 00:00:00
PostgreSQL 8.4 < 8.4.20 / 9.0 < 9.0.16 / 9.1 < 9.1.12 / 9.2 < 9.2.7 / 9.3 < 9.3.3 Multiple Vulnerabilities
2014-02-24 00:00:00
CentOS 6 : postgresql92-postgresql (CESA-2014:0221)
2014-03-07 00:00:00
centos
centos
postgresql92 security update
2014-02-28 01:35:22
postgresql, postgresql84 security update
2014-02-25 18:39:58
postgresql security update
2014-03-04 20:53:33
redhat
redhat
(RHSA-2014:0221) Important: postgresql92-postgresql security update
2014-02-27 00:00:00
(RHSA-2014:0249) Important: postgresql security update
2014-03-04 00:00:00
(RHSA-2014:0211) Important: postgresql84 and postgresql security update
2014-02-25 00:00:00
veracode
veracode
Code Execution Using A Race Condition
2019-05-02 05:01:19
Integer Overflow
2019-05-02 05:01:20
Privilege Escalation
2019-05-02 05:01:19
seebug
seebug
Nixu NameSurfer多个安全漏洞
2014-04-08 00:00:00
PostgreSQL 拒绝服务和代码执行漏洞(CVE-2013-1899)
2013-04-08 00:00:00
PostgreSQL 安全绕过漏洞(CVE-2013-1901)
2013-04-08 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2014-02-24 00:00:00
PostgreSQL vulnerabilities
2013-04-04 00:00:00
securityvulns
securityvulns
[USN-2120-1] PostgreSQL vulnerabilities
2014-02-28 00:00:00
PostgreSQL multiple security vulnerabilities
2014-02-28 00:00:00
APPLE-SA-2014-09-17-5 OS X Server 3.2.1
2014-09-21 00:00:00
amazon
amazon
Important: postgresql8
2014-03-13 18:12:00
Important: postgresql9
2014-03-13 18:12:00
Critical: postgresql9
2013-04-04 11:49:00
oraclelinux
oraclelinux
postgresql security update
2014-03-04 00:00:00
postgresql84 and postgresql security update
2014-02-25 00:00:00
postgresql and postgresql84 security update
2013-10-29 00:00:00
kaspersky
kaspersky
KLA10297 Multiple vulnerabilities in PostgreSQL
2014-03-31 00:00:00
KLA10449 DoS vulnerability in PostgreSQL
2014-03-31 00:00:00
osv
osv
postgresql-9.1 - several
2014-02-20 00:00:00
postgresql-8.4 - several
2014-02-20 00:00:00
postgresql-9.1 - several
2013-04-04 00:00:00
debian
debian
[SECURITY] [DSA 2865-1] postgresql-9.1 security update
2014-02-20 21:25:41
[SECURITY] [DSA 2864-1] postgresql-8.4 security update
2014-02-20 17:05:33
[BSA-080] Security Update for postgresql-9.1
2013-04-08 08:27:20
mageia
mageia
Updated postgresql packages fix multiple security vulnerabilities
2014-05-09 01:29:25
Updated postgresql packages fix multiple vulnerabilities
2014-05-17 04:20:42
freebsd
freebsd
PostgreSQL -- multiple privilege issues
2014-02-20 00:00:00
PostgreSQL -- anonymous remote access data corruption vulnerability
2013-04-04 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: postgresql-9.2.4-1.fc18
2013-04-05 22:59:41
[SECURITY] Fedora 19 Update: postgresql-9.2.4-1.fc19
2013-04-20 19:59:46
[SECURITY] Fedora 17 Update: postgresql-9.1.9-1.fc17
2013-04-05 23:11:53
vmware
vmware
VMware vFabric Postgres security updates
2013-04-04 00:00:00
suse
suse
postgresql92: Various security fixes. Update to 9.2.4. (important)
2013-04-05 10:04:42
Security update for PostgreSQL (important)
2013-04-05 19:06:20
postgresql: security and bugfix update to 9.0.13 (important)
2013-04-08 07:04:30
nvd
nvd
CVE-2014-2669
2014-03-31 14:58:19
CVE-2014-0064
2014-03-31 14:58:15
CVE-2014-0063
2014-03-31 14:58:15
cve
cve
CVE-2014-2669
2014-03-31 14:58:19
CVE-2014-0064
2014-03-31 14:58:15
CVE-2014-0063
2014-03-31 14:58:15
ubuntucve
ubuntucve
CVE-2014-0064
2014-02-21 00:00:00
CVE-2014-2669
2014-03-31 00:00:00
CVE-2014-0065
2014-02-21 00:00:00
prion
prion
Integer overflow
2014-03-31 14:58:00
Integer overflow
2014-03-31 14:58:00
Buffer overflow
2014-03-31 14:58:00
cvelist
cvelist
CVE-2014-0064
2014-03-28 17:00:00
CVE-2014-2669
2014-03-28 17:00:00
CVE-2014-0063
2014-03-28 17:00:00
huawei
huawei
Security Advisory - Two Buffer Overflow Vulnerabilities in the GaussDB
2017-05-31 00:00:00
Security Advisory - Two Privilege Escalation Vulnerabilities in the GaussDB
2017-05-31 00:00:00
Security Advisory - Command Injection Vulnerability in the GaussDB
2017-05-31 00:00:00
checkpoint_advisories
checkpoint_advisories
PostgreSQL Database Name Command Line Flag Injection (CVE-2013-1899)
2013-11-18 00:00:00
threatpost
threatpost
Vulnerability Patched in PostgreSQL Database Server
2013-04-04 14:41:38
metasploit
metasploit
PostgreSQL Database Name Command Line Flag Injection
2013-04-04 15:19:47
postgresql
postgresql
Vulnerability in core server (CVE-2013-1899)
2013-04-04 17:55:00
Vulnerability in core server (CVE-2013-1901)
2013-04-04 17:55:00

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

EPSS

0.971

Percentile

99.8%

JSON
Related for GLSA-201408-15
openvas55nessus45centos4redhat5veracode4seebug4ubuntu2securityvulns6amazon4oraclelinux3kaspersky2osv6debian7mageia2freebsd2fedora3vmware1suse5nvd6cve6ubuntucve6prion6cvelist6huawei4checkpoint_advisories1threatpost1metasploit1postgresql2