Gentoo Linux Security Advisory 201701-33 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in execution of arbitrary code or privilege escalation. Versions less than 9.5.4 are affected.
5c1835ce9d97c2296528f8ac7307f5177d1c964c2ef3bec50562a53e37dcd826
Debian Linux Security Advisory 3475-1 - Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system.
97224b1e0460c8281f126771bca871f95993eaf9c127de0f00c7d502dbf4b8e1
Red Hat Security Advisory 2015-2078-01 - PostgreSQL is an advanced object-relational database management system. A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. A stack overflow flaw was discovered in the way the PostgreSQL core server processed certain JSON or JSONB input. An authenticated attacker could possibly use this flaw to crash the server backend by sending specially crafted JSON or JSONB input.
aac049a21ae427bf24643576d8701e697cfabc9ea4d02e806cb365d534decbce
Red Hat Security Advisory 2015-2077-01 - PostgreSQL is an advanced object-relational database management system. A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. A stack overflow flaw was discovered in the way the PostgreSQL core server processed certain JSON or JSONB input. An authenticated attacker could possibly use this flaw to crash the server backend by sending specially crafted JSON or JSONB input.
b8119ca3b76675c365e5ec6e10e97a27a6c8163ea9d7805cb835c9fc98116c8b
Red Hat Security Advisory 2015-2083-01 - PostgreSQL is an advanced object-relational database management system. A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. A stack overflow flaw was discovered in the way the PostgreSQL core server processed certain JSON or JSONB input. An authenticated attacker could possibly use this flaw to crash the server backend by sending specially crafted JSON or JSONB input.
c9f88ba809baf90f4a629479a98d8482fd5274e5a0d331f3a4316e0f0531d8a8
Red Hat Security Advisory 2015-2081-01 - PostgreSQL is an advanced object-relational database management system. A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. All PostgreSQL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.
a9a97fccebbbe72476920331ce502e8ceb3f18514137ac2cdace7209eb1dcd74
Debian Linux Security Advisory 3374-1 - Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system.
0221739681f1a47749baa7ef3da3b7ce33e14be350cfde520f29dd6677263336
Ubuntu Security Notice 2772-1 - Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt() function was provided a too-short salt. An attacker could use this flaw to read private data. Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust available stack space. An attacker could use this flaw to perform a denial of service attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.
7b71a60e0ccd343b09519a9460d503e41574b5c1bcd194439de80f36faf89604