DSA-3374-1 postgresql-9.4 -- postgresql-9.4ID: oval:org.secpod.oval:def:602248 | Date: (C)2015-10-21 (M)2023-12-07 |
Class: PATCH | Family: unix |
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory. CVE-2015-5289 Oskari Saarenmaa discovered that json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service.