Univention Bugzilla – Bug 37703
postgresql-8.4: Multiple issues (3.2)
Last modified: 2015-03-26 12:23:08 CET
Multiple vulnerabilities have been found in PostgreSQL: Buffer overflows in "to_char" functions (CVE-2015-0241) Memory errors in functions in the pgcrypto extension (CVE-2015-0243) An error in extended protocol message reading (CVE-2015-0244) Constraint violation errors can cause display of values in columns which the user would not normally have rights to see (CVE-2014-8161)
$ repo_admin.py -U -p postgresql-8.4 -d squeeze-lts -r 3.2-0-0 -s errata3.2-5 <http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-8.4/postgresql-8.4_8.4.22lts1-0+deb6u1_changelog> $ b32-scope errata3.2-5 postgresql-8.4 Package: postgresql-8.4 Version: 8.4.22lts1-0.23.201503191059 Branch: ucs_3.2-0 Scope: errata3.2-5 apt-get install univention-postgresql aptitude install '?source-package(postgresql-8.4)?installed' su -c 'createuser -SRD stefan' postgres su -c 'createuser -SRD phahn' postgres su -c "psql -c \"ALTER USER phahn PASSWORD 'univention'\"" postgres zcat buildsystem.sql.gz | su -c 'psql -f -' postgres psql -h 127.0.0.1 buildsystem phahn r59240 | Bug #37703 PostgreSQL-8.4: YAML 2015-03-19-postgresql-8.4.yaml
http://errata.univention.de/ucs/3.2/295.html
Closed wrong bug, back to resolved.
Test (Update): OK Test (Installation): OK Advisory: OK
<http://errata.univention.de/ucs/3.2/310.html>