lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20171109213641.vswpwktbfdm7i3lb@pisco.westfalen.local>
Date: Thu, 9 Nov 2017 22:36:41 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4027-1] postgresql-9.4 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4027-1                   security@...ian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 09, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : postgresql-9.4
CVE ID         : CVE-2017-15098

A vulnerabilitiy has been found in the PostgreSQL database system:
Denial of service and potential memory disclosure in the
json_populate_recordset() and jsonb_populate_recordset() functions.

For the oldstable distribution (jessie), this problem has been fixed
in version 9.4.15-0+deb8u1.

We recommend that you upgrade your postgresql-9.4 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAloEyhIACgkQEMKTtsN8
TjZxOA//TZ8wa50uQAlkRoUdP5SGsI33lAkGBvCtERtkpDm5EThuMnxSs95j7Zq1
HTjd/Gqusfgl5xCHrXUNYGVs4jZ0QQa5LsHCsiNsvCayvkoxw6FguetqRSkvjtrT
v1I0xU+3nNMzv66fVwnFJ5KK/WTvlOwLk1X0ccYcMkpxDhD6CUUQhZbdN9OB9nWT
GlL3BwweerB8UuxxWapad9zbJnNM/a7tjd0XJ+OAu5P5LBxYIgsGmKMjynB/Igtx
K5+B7t8kLCnG9Gbip1TLVg0zMVugbuO9OWA2I76U0lGvpfmbOaUq/yXEbOvv1hjG
nbZG7D17lCyDJps/6e7VJI8yL6l2ibaCn28hrLy1bNm6r3hXdr2wn9ulgbXfMCrU
o67PK6sFCwhYieKJUJBwQVtQ+XlK0TSsLycggIxA5SY5nfBHGoSjQEhR9bYlKuL0
Cspm8ciIxtibBN5gr8jU5zOlPA2jLRdnHrCR8zQwfKEU9nZaxWAa8KqNwOliG4xT
vPvNczcyP0++GOtJO9bTc9NXZJW7zRMqfQP2jtn4YPBFCZndLXDrn3w+IWBTAGuU
sDj+EzCSscMoVFvD0NlLn1sBB5xbNS3/GY6PncPIW+60q5xZ4sx83K8yxtmkfx01
k4LuTZqJP2PvcAa4BmxaIrLPQi33rEM0nwrQkMnUHSULGwQ6axE=
=Eg5u
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ