Univention Bugzilla – Bug 40358
postgresql-8.4: Multiple issues (3.2)
Last modified: 2016-03-02 14:47:07 CET
Fix available in upstream Debian package version 8.4.22lts5-0+deb6u1: * attackers may cause denial of service (server crash) or read arbitrary server memory via "too-short" crypt salts (CVE-2015-5288)
Upstream Debian package version 8.4.22lts6-0+deb6u1 fixes this additional issue: * Denial of service and potential execution of arbitrary code due to buffer overrun in PL/Java regular expression processing (CVE-2016-0773)
The upstream package has been imported and built in errata3.2-8. Advisory: postgresql-8.4.yaml
Tests: OK Advisory: OK (Typo in version fixed)
<http://errata.software-univention.de/ucs/3.2/407.html>