Bug 37703 - postgresql-8.4: Multiple issues (3.2)
postgresql-8.4: Multiple issues (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P3 normal (vote)
: UCS 3.2-5-errata
Assigned To: Philipp Hahn
Janek Walkenhorst
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-02-06 07:47 CET by Moritz Muehlenhoff
Modified: 2015-03-26 12:23 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2015-02-06 07:47:15 CET
Multiple vulnerabilities have been found in PostgreSQL:

Buffer overflows in "to_char" functions (CVE-2015-0241)
Memory errors in functions in the pgcrypto extension (CVE-2015-0243)
An error in extended protocol message reading (CVE-2015-0244)
Constraint violation errors can cause display of values in columns which the user would not normally have rights to see (CVE-2014-8161)
Comment 1 Philipp Hahn univentionstaff 2015-03-19 13:03:21 CET
$ repo_admin.py -U -p postgresql-8.4 -d squeeze-lts -r 3.2-0-0 -s errata3.2-5
<http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-8.4/postgresql-8.4_8.4.22lts1-0+deb6u1_changelog>
$ b32-scope errata3.2-5 postgresql-8.4

Package: postgresql-8.4
Version: 8.4.22lts1-0.23.201503191059
Branch: ucs_3.2-0
Scope: errata3.2-5

apt-get install univention-postgresql
aptitude install '?source-package(postgresql-8.4)?installed'
su -c 'createuser -SRD stefan' postgres
su -c 'createuser -SRD phahn' postgres
su -c "psql -c \"ALTER USER phahn PASSWORD 'univention'\"" postgres
zcat buildsystem.sql.gz | su -c 'psql -f -' postgres
psql -h 127.0.0.1 buildsystem phahn

r59240 | Bug #37703 PostgreSQL-8.4: YAML
 2015-03-19-postgresql-8.4.yaml
Comment 2 Moritz Muehlenhoff univentionstaff 2015-03-23 13:11:45 CET
http://errata.univention.de/ucs/3.2/295.html
Comment 3 Moritz Muehlenhoff univentionstaff 2015-03-23 13:12:31 CET
Closed wrong bug, back to resolved.
Comment 4 Janek Walkenhorst univentionstaff 2015-03-24 18:08:17 CET
Test (Update): OK
Test (Installation): OK
Advisory: OK
Comment 5 Janek Walkenhorst univentionstaff 2015-03-26 12:23:08 CET
<http://errata.univention.de/ucs/3.2/310.html>