DSA-3155-1 postgresql-9.1 -- postgresql-9.1ID: oval:org.secpod.oval:def:601949 | Date: (C)2015-02-13 (M)2023-12-18 |
Class: PATCH | Family: unix |
Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2014-8161: Information leak A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages. CVE-2015-0241: Out of boundaries read/write The function to_char might read/write past the end of a buffer. This might crash the server when a formatting template is processed. CVE-2015-0243: Buffer overruns in contrib/pgcrypto The pgcrypto module is vulnerable to stack buffer overrun that might crash the server. CVE-2015-0244: SQL command injection Emil Lenngren reported that an attacker can inject SQL commands when the synchronization between client and server is lost.