Bug 40358 - postgresql-8.4: Multiple issues (3.2)
postgresql-8.4: Multiple issues (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P3 normal (vote)
: UCS 3.2-8-errata
Assigned To: Arvid Requate
Janek Walkenhorst
:
Depends on:
Blocks: 40800
  Show dependency treegraph
 
Reported: 2016-01-04 17:01 CET by Arvid Requate
Modified: 2016-03-02 14:47 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2016-01-04 17:01:11 CET
Fix available in upstream Debian package version 8.4.22lts5-0+deb6u1:

* attackers may cause denial of service (server crash) or read arbitrary server memory via "too-short" crypt salts (CVE-2015-5288)
Comment 1 Arvid Requate univentionstaff 2016-02-29 16:41:02 CET
Upstream Debian package version 8.4.22lts6-0+deb6u1 fixes this additional issue:

* Denial of service and potential execution of arbitrary code due to buffer overrun in PL/Java regular expression processing (CVE-2016-0773)
Comment 2 Arvid Requate univentionstaff 2016-02-29 19:47:40 CET
The upstream package has been imported and built in errata3.2-8.

Advisory: postgresql-8.4.yaml
Comment 3 Janek Walkenhorst univentionstaff 2016-03-01 19:22:43 CET
Tests: OK
Advisory: OK (Typo in version fixed)
Comment 4 Janek Walkenhorst univentionstaff 2016-03-02 14:47:07 CET
<http://errata.software-univention.de/ucs/3.2/407.html>