[ubuntu/vivid-updates] postgresql-9.4 9.4.5-0ubuntu0.15.04 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Fri Oct 16 02:28:41 UTC 2015


postgresql-9.4 (9.4.5-0ubuntu0.15.04) vivid-security; urgency=medium

  * New upstream security/bug fix release: (LP: #1504132)
    - Guard against stack overflows in json parsing.
      If an application constructs PostgreSQL json or jsonb values from
      arbitrary user input, the application's users can reliably crash the
      PostgreSQL server, causing momentary denial of service.  (CVE-2015-5289)

    - Fix contrib/pgcrypto to detect and report too-short crypt() salts
      Certain invalid salt arguments crashed the server or disclosed a few
      bytes of server memory.  We have not ruled out the viability of attacks
      that arrange for presence of confidential information in the disclosed
      bytes, but they seem unlikely.  (CVE-2015-5288)

    - See release notes for details about other fixes.

Date: 2015-10-10 02:19:13.191425+00:00
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/postgresql-9.4/9.4.5-0ubuntu0.15.04
-------------- next part --------------
Sorry, changesfile not available.


More information about the Vivid-changes mailing list