Univention Bugzilla – Full Text Bug Listing |
Summary: | postgresql-8.4: Multiple issues (ES 3.1) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Arvid Requate <requate> |
Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
Severity: | normal | ||
Priority: | P3 | CC: | requate |
Version: | UCS 3.1 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 3.1-ES | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | |||
Bug Depends on: | 40358 | ||
Bug Blocks: | |||
Attachments: |
3.1-postgresql-8.4.txt.asc
3.1-postgresql-8.4.txt.asc |
Description
Arvid Requate
2016-02-29 16:48:39 CET
Fixed in 8.4.22lts4-0+deb6u1: * Fix rare failure to invalidate relation cache init file (Tom Lane) With just the wrong timing of concurrent activity, a VACUUM FULL on a system catalog might fail to update the init file that's used to avoid cache-loading work for new sessions. This would result in later sessions being unable to access that catalog at all. This is a very ancient bug, but it's so hard to trigger that no reproducible case had been seen until recently. (No CVE) Fix available in upstream Debian package version 8.4.22lts5-0+deb6u1: * attackers may cause denial of service (server crash) or read arbitrary server memory via "too-short" crypt salts (CVE-2015-5288) Arvid Requate univentionstaff 2016-02-29 16:41:02 CET Upstream Debian package version 8.4.22lts6-0+deb6u1 fixes this additional issue: * Denial of service and potential execution of arbitrary code due to buffer overrun in PL/Java regular expression processing (CVE-2016-0773) Created attachment 7506 [details]
3.1-postgresql-8.4.txt.asc
The upstream package version has been imported and built in extsec3.1.
The advisory draft is attached.
Tests (i386/amd64): OK Advisory: Typo in version number Created attachment 7551 [details]
3.1-postgresql-8.4.txt.asc
Tests (i386/amd64): OK Advisory: OK Released |