Lucene search
GoogleOSV:DLA-152-1HistoryFeb 12, 2015 - 12:00 a.m.
postgresql-8.4 - new minor release
2015-02-1200:00:00
Google
osv.dev
17
0.005 Low
EPSS
Percentile
76.5%
Several vulnerabilities were discovered in PostgreSQL, a relational
database server system. The 8.4 branch is EOLed upstream, but still
present in Debian squeeze. This new LTS minor version contains the
fixes that were applied upstream to the 9.0.19 version, backported to
8.4.22 which was the last version officially released by the PostgreSQL
developers. This LTS effort for squeeze-lts is a community project
sponsored by credativ GmbH.
- CVE-2014-8161
Information leak
A user with limited clearance on a table might have access to information
in columns without SELECT rights on through server error messages. - CVE-2015-0241
Out of boundaries read/write
The function to_char() might read/write past the end of a buffer. This
might crash the server when a formatting template is processed. - CVE-2015-0243
Buffer overruns in contrib/pgcrypto
The pgcrypto module is vulnerable to stack buffer overrun that might
crash the server. - CVE-2015-0244
SQL command injection
Emil Lenngren reported that an attacker can inject SQL commands when the
synchronization between client and server is lost.
For Debian 6 Squeeze, these issues have been fixed in postgresql-8.4 version 8.4.22lts1-0+deb6u1
References
Related
oraclelinux
oraclelinux
postgresql security update
2015-03-30 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3155-1)
2015-02-05 00:00:00
Oracle: Security Advisory (ELSA-2015-0750)
2015-10-06 00:00:00
Debian Security Advisory DSA 3155-1 (postgresql-9.1 - security update)
2015-02-06 00:00:00
amazon
amazon
Medium: postgresql8
2015-04-15 21:47:00
Medium: postgresql92
2015-03-13 02:37:00
Medium: postgresql93
2015-02-25 20:34:00
ibm
ibm
nessus
nessus
Amazon Linux AMI : postgresql8 (ALAS-2015-503)
2015-04-17 00:00:00
openSUSE Security Update : postgresql93 (openSUSE-2015-189)
2015-03-05 00:00:00
RHEL 6 / 7 : postgresql (RHSA-2015:0750)
2015-03-31 00:00:00
debian
debian
[SECURITY] [DLA-152-1] postgresql-8.4 update
2015-02-12 11:10:32
[SECURITY] [DSA 3155-1] postgresql-9.1 security update
2015-02-06 13:30:32
securityvulns
securityvulns
PostgreSQL multiple security vulnerabilities
2015-02-11 00:00:00
[SECURITY] [DSA 3155-1] postgresql-9.1 security update
2015-02-11 00:00:00
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006
2015-08-17 00:00:00
redhat
redhat
(RHSA-2015:0750) Moderate: postgresql security update
2015-03-30 00:00:00
(RHSA-2015:0856) Moderate: postgresql92-postgresql security update
2015-04-20 00:00:00
(RHSA-2015:0699) Moderate: postgresql92-postgresql security update
2015-03-18 00:00:00
veracode
veracode
Buffer Overflow
2019-05-02 05:12:40
SQL Injection
2019-05-02 05:12:40
Information Disclosure
2019-01-15 09:05:07
ubuntu
ubuntu
PostgreSQL vulnerabilities
2015-02-11 00:00:00
osv
osv
postgresql-9.1 - security update
2015-02-06 00:00:00
archlinux
archlinux
postgresql: multiple issues
2015-02-06 00:00:00
[ASA-202102-31] postgresql: information disclosure
2021-02-20 00:00:00
centos
centos
postgresql security update
2015-03-30 13:25:17
freebsd
freebsd
PostgreSQL -- multiple buffer overflows and memory issues
2015-02-05 00:00:00
mageia
mageia
Updated postgresql packages fix security vulnerabilities
2015-02-17 21:38:13
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2015-07-18 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: postgresql-9.3.6-1.fc20
2015-02-15 02:58:37
[SECURITY] Fedora 21 Update: postgresql-9.3.6-1.fc21
2015-02-08 08:58:19
cve
cve
nvd
nvd
prion
prion
postgresql
postgresql
Vulnerability in core server (CVE-2014-8161)
2020-01-27 16:15:00
Vulnerability in core server (CVE-2015-0241)
2020-01-27 16:15:00
Vulnerability in contrib module (CVE-2015-0243)
2020-01-27 16:15:00
ubuntucve
ubuntucve
cvelist
cvelist
huawei
huawei
Security Advisory - SQL Injection Vulnerability in the GaussDB
2017-06-07 00:00:00