Bug 37703 – postgresql-8.4: Multiple issues (3.2)

Bug 37703 - postgresql-8.4: Multiple issues (3.2)


Summary:	postgresql-8.4: Multiple issues (3.2)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 3.2
Hardware:	Other Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 3.2-5-errata
Assigned To:	Philipp Hahn
QA Contact:	Janek Walkenhorst

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-02-06 07:47 CET by Moritz Muehlenhoff
Modified:	2015-03-26 12:23 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Moritz Muehlenhoff

2015-02-06 07:47:15 CET

Multiple vulnerabilities have been found in PostgreSQL:

Buffer overflows in "to_char" functions (CVE-2015-0241)
Memory errors in functions in the pgcrypto extension (CVE-2015-0243)
An error in extended protocol message reading (CVE-2015-0244)
Constraint violation errors can cause display of values in columns which the user would not normally have rights to see (CVE-2014-8161)

Comment 1 Philipp Hahn

2015-03-19 13:03:21 CET

$ repo_admin.py -U -p postgresql-8.4 -d squeeze-lts -r 3.2-0-0 -s errata3.2-5
<http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-8.4/postgresql-8.4_8.4.22lts1-0+deb6u1_changelog>
$ b32-scope errata3.2-5 postgresql-8.4

Package: postgresql-8.4
Version: 8.4.22lts1-0.23.201503191059
Branch: ucs_3.2-0
Scope: errata3.2-5

apt-get install univention-postgresql
aptitude install '?source-package(postgresql-8.4)?installed'
su -c 'createuser -SRD stefan' postgres
su -c 'createuser -SRD phahn' postgres
su -c "psql -c \"ALTER USER phahn PASSWORD 'univention'\"" postgres
zcat buildsystem.sql.gz | su -c 'psql -f -' postgres
psql -h 127.0.0.1 buildsystem phahn

r59240 | Bug #37703 PostgreSQL-8.4: YAML
 2015-03-19-postgresql-8.4.yaml

Comment 2 Moritz Muehlenhoff

2015-03-23 13:11:45 CET

http://errata.univention.de/ucs/3.2/295.html

Comment 3 Moritz Muehlenhoff

2015-03-23 13:12:31 CET

Closed wrong bug, back to resolved.

Comment 4 Janek Walkenhorst

2015-03-24 18:08:17 CET

Test (Update): OK
Test (Installation): OK
Advisory: OK

Comment 5 Janek Walkenhorst

2015-03-26 12:23:08 CET

<http://errata.univention.de/ucs/3.2/310.html>