This bug was fixed in the package postgresql-9.3 - 9.3.10-0ubuntu0.14.04
---------------
postgresql-9.3 (9.3.10-0ubuntu0.14.04) trusty-security; urgency=medium
* New upstream security/bug fix release: (LP: #1504132)
- Guard against stack overflows in json parsing.
If an application constructs PostgreSQL json or jsonb values from
arbitrary user input, the application's users can reliably crash the
PostgreSQL server, causing momentary denial of service. (CVE-2015-5289)
- Fix contrib/pgcrypto to detect and report too-short crypt() salts
Certain invalid salt arguments crashed the server or disclosed a few
bytes of server memory. We have not ruled out the viability of attacks
that arrange for presence of confidential information in the disclosed
bytes, but they seem unlikely. (CVE-2015-5288)
- See release notes for details about other fixes.
-- Martin Pitt <[email protected]> Thu, 08 Oct 2015 15:42:16
+0200
** Changed in: postgresql-9.4 (Ubuntu Vivid)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1504132
Title:
New upstream microreleases 9.1.19, 9.3.10, 9.4.5
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postgresql-9.1/+bug/1504132/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
