Synopsis: Moderate: postgresql security update
Advisory ID: SLSA-2015:2078-1
Issue Date: 2015-11-19
CVE Numbers: CVE-2015-5288
CVE-2015-5289
—
A memory leak error was discovered in the crypt() function of the pgCrypto
extension. An authenticated attacker could possibly use this flaw to
disclose a limited amount of the server memory. (CVE-2015-5288)
A stack overflow flaw was discovered in the way the PostgreSQL core server
processed certain JSON or JSONB input. An authenticated attacker could
possibly use this flaw to crash the server backend by sending specially
crafted JSON or JSONB input. (CVE-2015-5289)
If the postgresql service is running, it will be automatically restarted
after installing this update.
—
SL7
x86_64
postgresql-9.2.14-1.el7_1.x86_64.rpm
postgresql-devel-9.2.14-1.el7_1.x86_64.rpm
postgresql-9.2.14-1.el7_1.i686.rpm
postgresql-docs-9.2.14-1.el7_1.x86_64.rpm
postgresql-debuginfo-9.2.14-1.el7_1.i686.rpm
postgresql-devel-9.2.14-1.el7_1.i686.rpm
postgresql-libs-9.2.14-1.el7_1.x86_64.rpm
postgresql-debuginfo-9.2.14-1.el7_1.x86_64.rpm
postgresql-libs-9.2.14-1.el7_1.i686.rpm
postgresql-plperl-9.2.14-1.el7_1.x86_64.rpm
postgresql-test-9.2.14-1.el7_1.x86_64.rpm
postgresql-pltcl-9.2.14-1.el7_1.x86_64.rpm
postgresql-server-9.2.14-1.el7_1.x86_64.rpm
postgresql-contrib-9.2.14-1.el7_1.x86_64.rpm
postgresql-upgrade-9.2.14-1.el7_1.x86_64.rpm
postgresql-plpython-9.2.14-1.el7_1.x86_64.rpm
srpm
postgresql-9.2.14-1.el7_1.src.rpm
– Scientific Linux Development Team
